CVE-2023-5979

The eCommerce Product Catalog Plugin for WordPress plugin before 3.3.26 does not have CSRF checks in some of its admin pages, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as delete all products...

CVE-2023-45645

Cross-Site Request Forgery CSRF vulnerability in InfoD74 WP Open Street Map plugin = 1.25 versions...

CVE-2021-4412

The WP Prayer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.5. This is due to missing or incorrect nonce validation on the save and export functions. This makes it possible for unauthenticated attackers to save plugin settings and trigger a...

CVE-2023-0831

The Under Construction plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.96. This is due to missing or incorrect nonce validation on the dismissnotice function called via the adminactionucpdismissnotice action. This makes it possible for...

PT-2023-16748 · WordPress · Oauth Single Sign On

Name of the Vulnerable Software and Affected Versions: OAuth Single Sign On WordPress plugin versions prior to 6.24.2 Description: The issue concerns a lack of CSRF checks when discarding Identify providers IdP in the OAuth Single Sign On WordPress plugin. This could allow attackers to make...

PT-2023-13767 · Standalonetech · Standalonetech Terawallet

Name of the Vulnerable Software and Affected Versions: StandaloneTech TeraWallet – For WooCommerce plugin versions = 1.3.24 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which can lead to changes in the plugin settings. Recommendations: For versions = 1.3.24, update t...

PT-2023-19341 · WordPress · Automatorwp

Name of the Vulnerable Software and Affected Versions: AutomatorWP plugin versions = 2.5.0 Description: A Cross-Site Request Forgery CSRF issue allows for object deletion. Recommendations: For AutomatorWP plugin versions = 2.5.0, update to a version greater than 2.5.0 to resolve the issue...

GHSA-M6Q8-MWF6-6MMC CSRF vulnerability in Jenkins GitHub Pull Request Builder Plugin

A cross-site request forgery CSRF vulnerability in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2022-2839

The Zephyr Project Manager WordPress plugin before 3.2.55 does not have any authorisation as well as CSRF in all its AJAX actions, allowing unauthenticated users to call them either directly or via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it could also allow them t...

GHSA-CRHM-QPJC-CM64 Django CSRF Protection Bypass

The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies...

GHSA-H2RR-M97P-6JQ9 Selenium Server (Grid) CSRF

Selenium Server Grid before 4.0.0-alpha-7 allows CSRF because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain...

CVE-2016-10997

The beauty-premium theme 1.0.8 for WordPress has CSRF with resultant arbitrary file upload in includes/sendmail.php...

jolokia: system-wide CSRF that could lead to Remote Code Execution

A flaw was found in Jolokia, versions 1.2 through 1.6.0, where Jolokia did not correctly handle checking for origin and referrer headers when strict checking was enabled. An attacker could use this vulnerability to conduct cross-site request forgery or further attacks...

CVE-2016-1265

A remote unauthenticated network based attacker with access to Junos Space may execute arbitrary code on Junos Space or gain access to devices managed by Junos Space using cross site request forgery CSRF, default authentication credentials, information leak and command injection attack vectors. A...

MediaWiki CSRF Protection Bypass Vulnerability

MediaWiki is a free and free web-based Wiki engine developed and maintained by the Wikimedia Foundation and MediaWiki volunteers, which can be used to deploy in-house knowledge management and content management systems. MediaWiki suffers from a CSRF protection bypass vulnerability that allows...

DEBIAN-CVE-2012-4448

Cross-site request forgery CSRF vulnerability in wp-admin/index.php in WordPress 3.4.2 allows remote attackers to hijack the authentication of administrators for requests that modify an RSS URL via a dashboardincominglinks edit action...