Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2023-06-15 CVE-2023-27634 Cross-Site Request Forgery (CSRF) vulnerability in Intrepidity Project Intrepidity 1.5.1
Cross-Site Request Forgery (CSRF) vulnerability allows arbitrary file upload in Shingo Intrepidity plugin <= 1.5.1 versions.
network
low complexity
intrepidity-project CWE-352
8.8
8.8
2023-06-15 CVE-2023-35030 Cross-Site Request Forgery (CSRF) vulnerability in Liferay DXP and Liferay Portal
Cross-site request forgery (CSRF) vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers to execute arbitrary code in the scripting console via the `_com_liferay_layout_admin_web_portlet_GroupPagesPortlet_backURL` parameter.
network
low complexity
liferay CWE-352
8.8
8.8
2023-06-14 CVE-2023-35141 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins
In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions.
network
low complexity
jenkins CWE-352
8.0
8.0
2023-06-14 CVE-2023-35148 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Digital.Ai APP Management Publisher
A cross-site request forgery (CSRF) vulnerability in Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier allows attackers to connect to an attacker-specified URL, capturing credentials stored in Jenkins.
network
low complexity
jenkins CWE-352
6.5
6.5
2023-06-14 CVE-2023-3203 Cross-Site Request Forgery (CSRF) vulnerability in Inspireui Mstore API
The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_limit_product function.
network
low complexity
inspireui CWE-352
4.3
4.3
2023-06-13 CVE-2023-30901 Cross-Site Request Forgery (CSRF) vulnerability in Siemens Q200 Firmware
A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.60), POWER METER SICAM Q100 (All versions < V2.60), POWER METER SICAM Q100 (All versions < V2.60), POWER METER SICAM Q100 (All versions < V2.60).
network
low complexity
siemens CWE-352
8.8
8.8
2023-06-09 CVE-2023-2286 Cross-Site Request Forgery (CSRF) vulnerability in Wpwhitesecurity WP Activity LOG
The WP Activity Log for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.0.
network
low complexity
wpwhitesecurity CWE-352
4.3
4.3
2023-06-07 CVE-2020-36707 Cross-Site Request Forgery (CSRF) vulnerability in Wpconcern Nifty Coming Soon & Maintenance Mode Page
The Coming Soon & Maintenance Mode Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.57.
network
low complexity
wpconcern CWE-352
8.8
8.8
2023-06-07 CVE-2020-36717 Cross-Site Request Forgery (CSRF) vulnerability in Kaliforms Kali Forms
The Kali Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.1.
network
low complexity
kaliforms CWE-352
8.8
8.8
2023-06-07 CVE-2021-4349 Cross-Site Request Forgery (CSRF) vulnerability in Coolplugins Process Steps Template Designer
The Process Steps Template Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1.
network
low complexity
coolplugins CWE-352
8.8
8.8