CVE-2021-25092

The Link Library WordPress plugin before 7.2.8 does not have CSRF check when resetting library settings, allowing attackers to make a logged in admin reset arbitrary settings via a CSRF attack...

CVE-2021-25073

The WP125 WordPress plugin before 1.5.5 does not have CSRF checks in various action, for example when deleting an ad, allowing attackers to make a logged in admin delete them via a CSRF attack...

CVE-2021-25098

The Pricing Tables WordPress Plugin WordPress plugin before 3.1.3 does not verify the CSRF nonce when removing posts, allowing attackers to make a logged in admin remove arbitrary posts from the blog via a CSRF attack, which will be put in the trash...

CVE-2021-24735

The Compact WP Audio Player WordPress plugin before 1.9.7 does not implement nonce checks, which could allow attackers to make a logged in admin change the "Disable Simultaneous Play" setting via a CSRF attack...

CVE-2021-24581

The Blue Admin WordPress plugin through 21.06.01 does not sanitise or escape its "Logo Title" setting before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin does not have CSRF check in place when saving its settings, allowing the issue to be exploited...

CVE-2021-24490

The Email Artillery MASS EMAIL WordPress plugin through 4.1 does not properly check the uploaded files from the Import Emails feature, allowing arbitrary files to be uploaded. Furthermore, the plugin is also lacking any CSRF check, allowing such issue to be exploited via a CSRF attack as well...

CVE-2021-40173

Zoho ManageEngine Cloud Security Plus before Build 4117 allows a CSRF attack on the server proxy settings...

CVE-2021-40174

Zoho ManageEngine Log360 before Build 5224 allows a CSRF attack for disabling the logon security settings...

CVE-2021-40172

Zoho ManageEngine Log360 before Build 5219 allows a CSRF attack on proxy settings...

CVE-2021-24767

The Redirect 404 Error Page to Homepage or Custom Page with Logs WordPress plugin before 1.7.9 does not check for CSRF when deleting logs, which could allow attacker to make a logged in admin delete them via a CSRF attack...

CVE-2021-24802

The Colorful Categories WordPress plugin before 2.0.15 does not enforce nonce checks which could allow attackers to make a logged in admin or editor change taxonomy colors via a CSRF attack...

CVE-2021-24784

The WP Admin Logo Changer WordPress plugin through 1.0 does not have CSRF check when saving its settings, which could allow attackers to make a logged in admin update them via a CSRF attack...

CVE-2021-24636

The Print My Blog WordPress Plugin before 3.4.2 does not enforce nonce CSRF checks, which allows attackers to make logged in administrators deactivate the Print My Blog plugin and delete all saved data for that plugin by tricking them to open a malicious link...

CVE-2021-24805

The DW Question & Answer Pro WordPress plugin through 1.3.4 does not properly check for CSRF in some of its functions, allowing attackers to make logged in users perform unwanted actions, such as update a comment or a question status...

CVE-2020-8168

We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and XM boards, according to the description below:Attackers can abuse multiple end-points not protected against cross-site reques...

CVE-2020-9042

In Couchbase Server 6.0, credentials cached by a browser can be used to perform a CSRF attack if an administrator has used their browser to check the results of a REST API request...

CVE-2020-6849

The marketo-forms-and-tracking plugin through 1.0.2 for WordPress allows wp-admin/admin.php?page=marketofat CSRF with resultant XSS...

CVE-2020-23590

A vulnerability in Optilink OP-XT71000N Hardware version: V2.2 , Firmware Version: OPV3.3.1-191028 allows an unauthenticated remote attacker to conduct a cross-site request forgery CSRF attack to change the Password for "WLAN SSID" through "wlwpa.asp"...

CVE-2020-5501

phpBB 3.2.8 allows a CSRF attack that can modify a group avatar...

CVE-2020-13658

In Lansweeper 8.0.130.17, the web console is vulnerable to a CSRF attack that would allow a low-level Lansweeper user to elevate their privileges within the application...