Vulnerabilities (CVE)

CWE filter

CWE-352

Filter

2251 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-4167 1 Ibm 1 Storediq 2019-08-23 4.3
IBM StoredIQ 7.6.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158700.
CVE-2019-15329 1 Codection 1 Import Users From Csv With Meta 2019-08-23 6.8
The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has CSRF.
CVE-2019-14216 1 Wp Svg Icons Project 1 Wp Svg Icons 2019-08-23 6.8
An issue was discovered in the svg-vector-icon-plugin (aka WP SVG Icons) plugin through 3.2.1 for WordPress. wp-admin/admin.php?page=wp-svg-icons-custom-set mishandles Custom Icon uploads. CSRF leads to upload of a ZIP archive containing a .php file.
CVE-2016-10903 1 Godaddy 1 Godaddy Email Marketing 2019-08-23 6.8
The GoDaddy godaddy-email-marketing-sign-up-forms plugin before 1.1.3 for WordPress has CSRF.
CVE-2017-18521 1 Wp-kama 1 Democracy Poll 2019-08-23 6.8
The democracy-poll plugin before 5.4 for WordPress has CSRF via wp-admin/options-general.php?page=democracy-poll&subpage=l10n.
CVE-2019-15150 1 Schine.games 1 Mw-oauth2client 2019-08-23 6.8
In the OAuth2 Client extension before 0.4 for MediaWiki, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callback function.
CVE-2019-5924 1 Rednao 1 Smart Forms 2019-08-23 6.8
Cross-site request forgery (CSRF) vulnerability in Smart Forms 2.6.15 and earlier allows remote attackers to hijack the authentication of administrators via a specially crafted page.
CVE-2019-11591 2019-08-23 6.8
The WebDorado Contact Form plugin before 1.13.5 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the...
CVE-2019-11557 1 Web-dorado 1 Wp Form Builder 2019-08-23 6.8
The WebDorado Contact Form Builder plugin before 1.0.69 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the...
CVE-2016-10902 1 Gowebsolutions 1 Wp Customer Reviews 2019-08-22 6.8
The wp-customer-reviews plugin before 3.0.9 for WordPress has CSRF in the admin tools.
CVE-2019-15115 1 Peters Login Redirect Project 1 Peters Login Redirect 2019-08-22 6.8
The peters-login-redirect plugin before 2.9.2 for WordPress has CSRF.
CVE-2017-18569 1 Mythemeshop 1 My Wp Translate 2019-08-22 6.8
The my-wp-translate plugin before 1.0.4 for WordPress has CSRF.
CVE-2017-18523 2019-08-22 6.8
The eelv-newsletter plugin before 4.6.1 for WordPress has CSRF in the address book.
CVE-2016-10914 1 Add From Server Project 1 Add From Server 2019-08-22 6.8
The add-from-server plugin before 3.3.2 for WordPress has CSRF for importing a large file.
CVE-2019-15238 2019-08-22 6.8
The cforms2 plugin before 15.0.2 for WordPress has CSRF related to the IP address field.
CVE-2019-14682 1 Acf%3a Better Search Project 1 Acf%3a Better Search 2019-08-22 4.3
The acf-better-search (aka ACF: Better Search) plugin before 3.3.1 for WordPress allows wp-admin/options-general.php?page=acfbs_admin_page CSRF.
CVE-2016-10885 2019-08-22 6.8
The wp-editor plugin before 1.2.6 for WordPress has CSRF.
CVE-2015-9332 1 Wordpress Uninstall Project 1 Wordpress Uninstall 2019-08-22 5.8
The uninstall plugin before 1.2 for WordPress has CSRF to delete all tables via the wp-admin/admin-ajax.php?action=uninstall URI.
CVE-2019-14683 1 Codection 1 Import Users From Csv With Meta 2019-08-22 4.9
The codection "Import users from CSV with meta" plugin before 1.14.2.2 for WordPress allows wp-admin/admin-ajax.php?action=acui_delete_attachment CSRF.
CVE-2015-9322 2019-08-21 6.8
The erident-custom-login-and-dashboard plugin before 3.5 for WordPress has CSRF.