Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-12 | CVE-2018-5368 | Cross-Site Request Forgery (CSRF) vulnerability in Srbtranslatin Project Srbtranslatin 1.46 The SrbTransLatin plugin 1.46 for WordPress has CSRF via an srbtranslatoptions action to wp-admin/options-general.php. | 8.8 |
| 2018-01-12 | CVE-2018-5361 | Cross-Site Request Forgery (CSRF) vulnerability in Wpglobus 1.9.6 The WPGlobus plugin 1.9.6 for WordPress has CSRF via wp-admin/options.php. | 8.8 |
| 2018-01-11 | CVE-2012-0699 | Cross-Site Request Forgery (CSRF) vulnerability in Haudenschilt Family Connections CMS Multiple cross-site request forgery (CSRF) vulnerabilities in Family Connections CMS (aka FCMS) 2.9 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add news via an add action to familynews.php or (2) add a prayer via an add action to prayers.php. | 8.8 |
| 2018-01-10 | CVE-2018-0785 | Cross-Site Request Forgery (CSRF) vulnerability in Microsoft Asp.Net Core 2.0 ASP.NET Core 1.0. | 6.5 |
| 2018-01-08 | CVE-2018-5301 | Cross-Site Request Forgery (CSRF) vulnerability in Magento Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have CSRF resulting in deletion of a customer address from an address book, aka APPSEC-1433. | 6.5 |
| 2018-01-08 | CVE-2018-5285 | Cross-Site Request Forgery (CSRF) vulnerability in Wpscoop Imageinject 1.15 The ImageInject plugin 1.15 for WordPress has CSRF via wp-admin/options-general.php. | 8.8 |
| 2018-01-04 | CVE-2017-1672 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Security KEY Lifecycle Manager IBM Tivoli Key Lifecycle Manager 2.6 and 2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2018-01-03 | CVE-2018-5073 | Cross-Site Request Forgery (CSRF) vulnerability in Advanced Real Estate Script Project Advanced Real Estate Script Online Ticket Booking has CSRF via admin/movieedit.php. | 6.8 |
| 2018-01-03 | CVE-2017-1000479 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products pfSense versions 2.4.1 and lower are vulnerable to clickjacking attacks in the CSRF error page resulting in privileged execution of arbitrary code, because the error detection occurs before an X-Frame-Options header is set. | 8.8 |
| 2018-01-03 | CVE-2017-1000499 | Cross-Site Request Forgery (CSRF) vulnerability in PHPmyadmin phpMyAdmin versions 4.7.x (prior to 4.7.6.1/4.7.7) are vulnerable to a CSRF weakness. | 8.8 |