CVE-2020-23593

A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2, Firmware Version: OPV3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross site request forgery CSRF attack to enable syslog mode through ' /mgmlogcfg.asp.' The system starts to log events, 'Remote' mode or 'Both...

CVE-2020-23590

A vulnerability in Optilink OP-XT71000N Hardware version: V2.2 , Firmware Version: OPV3.3.1-191028 allows an unauthenticated remote attacker to conduct a cross-site request forgery CSRF attack to change the Password for "WLAN SSID" through "wlwpa.asp"...

CVE-2020-23588

A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OPV3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack to "Enable or Disable Ports" and to "Change port number" through " /rmtacc.asp "...

CVE-2020-23587

A vulnerability found in the OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OPV3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack to men in the middle attack by adding New Routes in RoutingConfiguration on " /routing.asp "...

Fastify: Incorrect Content-Type parsing can lead to CSRF attack

Impact The attacker can use the incorrect Content-Type to bypass the Pre-Flight checking of fetch. fetch requests with Content-Type’s essence as "application/x-www-form-urlencoded", "multipart/form-data", or "text/plain", could potentially be used to invoke routes that only accepts application/js...

Cross site request forgery (csrf)

A vulnerability in the "/admin/wlmultipleap.asp" of optilink OP-XT71000N version: V2.2 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack to create Multiple WLAN BSSID...

CVE-2022-3763

The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.5, Booster Elite for WooCommerce WordPress plugin before 1.1.7 do not have CSRF check in place when deleting files uploaded at the checkout, allowing attackers to make a logged in...

CVE-2022-3336

The Event Monster WordPress plugin before 1.2.0 does not have CSRF check when deleting visitors, which could allow attackers to make logged in admin delete arbitrary visitors via a CSRF attack...

CVE-2022-3336

The Event Monster WordPress plugin before 1.2.0 does not have CSRF check when deleting visitors, which could allow attackers to make logged in admin delete arbitrary visitors via a CSRF attack...

Cross site request forgery (csrf)

The Event Monster WordPress plugin before 1.2.0 does not have CSRF check when deleting visitors, which could allow attackers to make logged in admin delete arbitrary visitors via a CSRF attack...

Cross site request forgery (csrf)

The WPQA Builder WordPress plugin before 5.9 does not have CSRF check when following and unfollowing users, which could allow attackers to make logged in users perform such actions via CSRF attacks...

CVE-2022-1578 My wpdb < 2.5 - Arbitrary SQL Query via CSRF

The My wpdb WordPress plugin before 2.5 is missing CSRF check when running SQL queries, which could allow attacker to make a logged in admin run arbitrary SQL query via a CSRF attack...

CVE-2022-3336 Event Monster < 1.2.0 - Visitors Deletion via CSRF

The Event Monster WordPress plugin before 1.2.0 does not have CSRF check when deleting visitors, which could allow attackers to make logged in admin delete arbitrary visitors via a CSRF attack...

CVE-2020-23582

A vulnerability in the "/admin/wlmultipleap.asp" of optilink OP-XT71000N version: V2.2 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack to create Multiple WLAN BSSID...

Cross-Site Request Forgery (CSRF)

Concrete CMS is vulnerable to cross-site request forgery. The vulnerability exists in multiple functions due to lack of checks in the State parameter for external concrete authentication service which allows an attacker to initiate unwanted actions within the web application...

Follow Me Plugin <= 3.1.1 - Stored XSS via CSRF

The plugin does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

Becustom < 1.0.5.3 - Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack PoC...

Feed Them Social < 3.0.1 - Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2022-45130

Plesk Obsidian allows a CSRF attack, e.g., via the /api/v2/cli/commands REST API to change an Admin password. NOTE: Obsidian is a specific version of the Plesk product: version numbers were used through version 12, and then the convention was changed so that versions are identified by names...

CVE-2022-45130

Plesk Obsidian allows a CSRF attack, e.g., via the /api/v2/cli/commands REST API to change an Admin password. NOTE: Obsidian is a specific version of the Plesk product: version numbers were used through version 12, and then the convention was changed so that versions are identified by names...