| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The eelv-newsletter plugin before 4.6.1 for WordPress has CSRF in the address book. |
| The democracy-poll plugin before 5.4 for WordPress has CSRF via wp-admin/options-general.php?page=democracy-poll&subpage=l10n. |
| The responsive-menu plugin before 3.1.4 for WordPress has no CSRF protection mechanism for the admin interface. |
| The newsletter-by-supsystic plugin before 1.1.8 for WordPress has CSRF. |
| The custom-sidebars plugin before 3.0.8.1 for WordPress has CSRF. |
| The custom-sidebars plugin before 3.1.0 for WordPress has CSRF related to set location, import actions, and export actions. |
| The twitter-cards-meta plugin before 2.5.0 for WordPress has CSRF. |
| Cognitoys Dino devices allow profiles_add.html CSRF. |
| Subrion CMS 4.1.5 has CSRF in blog/delete/. |
| Various resources in the Crowd Demo application of Atlassian Crowd before version 3.1.1 allow remote attackers to modify add, modify and delete users & groups via a Cross-site request forgery (CSRF) vulnerability. Please be aware that the Demo application is not enabled by default. |
| The saveConfigureSecurity resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify security settings via a Cross-site request forgery (CSRF) vulnerability. |
| The update user administration resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify user data including passwords via a Cross-site request forgery (CSRF) vulnerability. |
| The Jira-importers-plugin in Atlassian Jira before version 7.6.1 allows remote attackers to create new projects and abort an executing external system import via various Cross-site request forgery (CSRF) vulnerabilities. |
| In Apache Airflow 1.8.2 and earlier, a CSRF vulnerability allowed for a remote command injection on a default install of Airflow. |
| /LoadFrame in Zoho ManageEngine AD Manager Plus build 6590 - 6613 allows attackers to conduct URL Redirection attacks via the src parameter, resulting in a bypass of CSRF protection, or potentially masquerading a malicious URL as trusted. |
| ZyXEL ZyWALL USG 2.12 AQQ.2 and 3.30 AQQ.7 devices are affected by a CSRF vulnerability via a cgi-bin/zysh-cgi cmd action to add a user account. This account's access could, for example, subsequently be used for stored XSS. |
| The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 uses SOAP based web services in order to interact with the portal. Unauthorized Access to Web Services via CSRF can result in an unauthorized change of username or password of the administrator of the portal. |
| The IncomingMailServers resource in Atlassian Jira before version 7.6.2 allows remote attackers to modify the "incoming mail" whitelist setting via a Cross-site request forgery (CSRF) vulnerability. |
| An issue was discovered in Userscape HelpSpot before 4.7.2. A cross-site request forgery vulnerability exists on POST requests to the "index.php?pg=password.change" endpoint. This allows an attacker to change the password of another user's HelpSpot account. |
| Inedo ProGet before 5.0 Beta5 has CSRF, allowing an attacker to change advanced settings. |
