Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2017-09-19 CVE-2015-4089 Cross-Site Request Forgery (CSRF) vulnerability in Wpfastestcache WP Fastest Cache
Multiple cross-site request forgery (CSRF) vulnerabilities in the optionsPageRequest function in admin.php in WP Fastest Cache plugin before 0.8.3.5 for WordPress allow remote attackers to hijack the authentication of unspecified victims for requests that call the (1) saveOption, (2) deleteCache, (3) deleteCssAndJsCache, or (4) addCacheTimeout method via the wpFastestCachePage parameter in the WpFastestCacheOptions/ page.
network
low complexity
wpfastestcache CWE-352
8.8
2017-09-18 CVE-2014-6106 Cross-Site Request Forgery (CSRF) vulnerability in IBM Security Identity Manager
Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager 5.1, 6.0, and 7.0 allows remote attackers to hijack the authentication of users for requests that can cause cross-site scripting attacks, web cache poisoning, or other unspecified impacts via unknown vectors.
network
low complexity
ibm CWE-352
8.8
2017-09-18 CVE-2017-14530 Cross-Site Request Forgery (CSRF) vulnerability in Crony Cronjob Manager Project Crony Cronjob Manager
WP_Admin_UI in the Crony Cronjob Manager plugin before 0.4.7 for WordPress has CSRF via the name parameter in an action=manage&do=create operation, as demonstrated by inserting XSS sequences.
network
low complexity
crony-cronjob-manager-project CWE-352
8.0
2017-09-13 CVE-2016-8737 Cross-Site Request Forgery (CSRF) vulnerability in Apache Brooklyn
In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site request forgery (CSRF), which could permit a malicious web site to produce a link which, if clicked whilst a user is logged in to Brooklyn, would cause the server to execute the attacker's commands as the user.
network
low complexity
apache CWE-352
8.8
2017-09-13 CVE-2017-11350 Cross-Site Request Forgery (CSRF) vulnerability in Axesstel Mu553S Firmware Mu553Sv1.14
Cross-Site Request Forgery (CSRF) exists in cgi-bin/ConfigSet on Axesstel MU553S MU55XS-V1.14 devices.
network
low complexity
axesstel CWE-352
8.8
2017-09-11 CVE-2017-14267 Cross-Site Request Forgery (CSRF) vulnerability in EE 4Gee Wifi MBB Firmware Ee600005.0025
EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices have CSRF, related to goform/AddNewProfile, goform/setWanDisconnect, goform/setSMSAutoRedirectSetting, goform/setReset, and goform/uploadBackupSettings.
network
low complexity
ee CWE-352
8.8
2017-09-07 CVE-2015-4697 Cross-Site Request Forgery (CSRF) vulnerability in Sumo Google Analyticator
Cross-site request forgery (CSRF) vulnerability in Google Analyticator Wordpress Plugin before 6.4.9.3 rev @1183563.
network
low complexity
sumo CWE-352
8.8
2017-09-07 CVE-2015-4619 Cross-Site Request Forgery (CSRF) vulnerability in Denkgroot Spina
Cross-site request forgery (CSRF) vulnerability in Spina before commit bfe44f289e336f80b6593032679300c493735e75.
network
low complexity
denkgroot CWE-352
8.8
2017-09-07 CVE-2014-9565 Cross-Site Request Forgery (CSRF) vulnerability in IBM En6131 Firmware and Ib6131 Firmware
Cross-site request forgery (CSRF) vulnerability in IBM Flex System EN6131 40Gb Ethernet and IB6131 40Gb Infiniband Switch firmware 3.4.0000 and earlier.
network
low complexity
ibm CWE-352
8.8
2017-09-07 CVE-2017-12838 Cross-Site Request Forgery (CSRF) vulnerability in Nexusphp Project Nexusphp 1.5
Cross-site request forgery (CSRF) vulnerability in NexusPHP 1.5 allows remote attackers to hijack the authentication of users for requests that (1) send manas via a request to mybonus.php or (2) add administrators via unspecified vectors.
network
low complexity
nexusphp-project CWE-352
8.8