Vulnerabilities > Cross-Site Request Forgery (CSRF)
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-09-19 | CVE-2015-4089 | Cross-Site Request Forgery (CSRF) vulnerability in Wpfastestcache WP Fastest Cache Multiple cross-site request forgery (CSRF) vulnerabilities in the optionsPageRequest function in admin.php in WP Fastest Cache plugin before 0.8.3.5 for WordPress allow remote attackers to hijack the authentication of unspecified victims for requests that call the (1) saveOption, (2) deleteCache, (3) deleteCssAndJsCache, or (4) addCacheTimeout method via the wpFastestCachePage parameter in the WpFastestCacheOptions/ page. | 8.8 |
2017-09-18 | CVE-2014-6106 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Security Identity Manager Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager 5.1, 6.0, and 7.0 allows remote attackers to hijack the authentication of users for requests that can cause cross-site scripting attacks, web cache poisoning, or other unspecified impacts via unknown vectors. | 8.8 |
2017-09-18 | CVE-2017-14530 | Cross-Site Request Forgery (CSRF) vulnerability in Crony Cronjob Manager Project Crony Cronjob Manager WP_Admin_UI in the Crony Cronjob Manager plugin before 0.4.7 for WordPress has CSRF via the name parameter in an action=manage&do=create operation, as demonstrated by inserting XSS sequences. | 8.0 |
2017-09-13 | CVE-2016-8737 | Cross-Site Request Forgery (CSRF) vulnerability in Apache Brooklyn In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site request forgery (CSRF), which could permit a malicious web site to produce a link which, if clicked whilst a user is logged in to Brooklyn, would cause the server to execute the attacker's commands as the user. | 8.8 |
2017-09-13 | CVE-2017-11350 | Cross-Site Request Forgery (CSRF) vulnerability in Axesstel Mu553S Firmware Mu553Sv1.14 Cross-Site Request Forgery (CSRF) exists in cgi-bin/ConfigSet on Axesstel MU553S MU55XS-V1.14 devices. | 8.8 |
2017-09-11 | CVE-2017-14267 | Cross-Site Request Forgery (CSRF) vulnerability in EE 4Gee Wifi MBB Firmware Ee600005.0025 EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices have CSRF, related to goform/AddNewProfile, goform/setWanDisconnect, goform/setSMSAutoRedirectSetting, goform/setReset, and goform/uploadBackupSettings. | 8.8 |
2017-09-07 | CVE-2015-4697 | Cross-Site Request Forgery (CSRF) vulnerability in Sumo Google Analyticator Cross-site request forgery (CSRF) vulnerability in Google Analyticator Wordpress Plugin before 6.4.9.3 rev @1183563. | 8.8 |
2017-09-07 | CVE-2015-4619 | Cross-Site Request Forgery (CSRF) vulnerability in Denkgroot Spina Cross-site request forgery (CSRF) vulnerability in Spina before commit bfe44f289e336f80b6593032679300c493735e75. | 8.8 |
2017-09-07 | CVE-2014-9565 | Cross-Site Request Forgery (CSRF) vulnerability in IBM En6131 Firmware and Ib6131 Firmware Cross-site request forgery (CSRF) vulnerability in IBM Flex System EN6131 40Gb Ethernet and IB6131 40Gb Infiniband Switch firmware 3.4.0000 and earlier. | 8.8 |
2017-09-07 | CVE-2017-12838 | Cross-Site Request Forgery (CSRF) vulnerability in Nexusphp Project Nexusphp 1.5 Cross-site request forgery (CSRF) vulnerability in NexusPHP 1.5 allows remote attackers to hijack the authentication of users for requests that (1) send manas via a request to mybonus.php or (2) add administrators via unspecified vectors. | 8.8 |