Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE	CVE	VULNERABILITY TITLE	RISK
2023-03-27	CVE-2023-0498	Cross-Site Request Forgery (CSRF) vulnerability in Hasthemes WP Education The WP Education WordPress plugin before 1.2.7 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack network low complexity hasthemes CWE-352	4.3
2023-03-27	CVE-2023-1089	Cross-Site Request Forgery (CSRF) vulnerability in Hasthemes Coupon ZEN The Coupon Zen WordPress plugin before 1.0.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack network low complexity hasthemes CWE-352	4.3
2023-03-23	CVE-2023-28335	Cross-Site Request Forgery (CSRF) vulnerability in Moodle 4.1.0/4.1.1 The link to reset all templates of a database activity did not include the necessary token to prevent a CSRF risk. network low complexity moodle CWE-352	8.8
2023-03-23	CVE-2023-20113	Cross-Site Request Forgery (CSRF) vulnerability in Cisco Sd-Wan A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. network low complexity cisco CWE-352	8.1
2023-03-22	CVE-2023-0870	Cross-Site Request Forgery (CSRF) vulnerability in Opennms Horizon A form can be manipulated with cross-site request forgery in multiple versions of OpenNMS Meridian and Horizon. low complexity opennms CWE-352	6.7
2023-03-17	CVE-2022-46867	Cross-Site Request Forgery (CSRF) vulnerability in Universal Star Rating Project Universal Star Rating 2.1.0 Cross-Site Request Forgery (CSRF) vulnerability in Chasil Universal Star Rating plugin <= 2.1.0 version. network low complexity universal-star-rating-project CWE-352	8.8
2023-03-17	CVE-2023-1472	Cross-Site Request Forgery (CSRF) vulnerability in Rapidload Power-Up for Autoptimize The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. network low complexity rapidload CWE-352	6.3
2023-03-15	CVE-2023-27234	Cross-Site Request Forgery (CSRF) vulnerability in Jizhicms 2.4.5 A Cross-Site Request Forgery (CSRF) in /Sys/index.html of Jizhicms v2.4.5 allows attackers to arbitrarily make configuration changes within the application. network low complexity jizhicms CWE-352	6.5
2023-03-14	CVE-2023-27073	Cross-Site Request Forgery (CSRF) vulnerability in Online Food Ordering System Project Online Food Ordering System 1.0 A Cross-Site Request Forgery (CSRF) in Online Food Ordering System v1.0 allows attackers to change user details and credentials via a crafted POST request. network low complexity online-food-ordering-system-project CWE-352	6.5
2023-03-14	CVE-2022-47155	Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Slider Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Slider by Supsystic plugin <= 1.8.5 versions. network low complexity supsystic CWE-352	8.8