CVE-2022-1780

The LaTeX for WordPress plugin through 3.4.10 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack which could also lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping...

CVE-2022-1790

The New User Email Set Up WordPress plugin through 0.5.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2022-1608

The OnePress Social Locker WordPress plugin through 5.6.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2022-1712

The LiveSync for WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2022-27331

An access control issue in Zammad v5.0.3 broadcasts administrative configuration changes to all users who have an active application instance, including settings that should only be visible to authenticated users...

Cross site request forgery (csrf)

The WP Limits WordPress plugin through 1.0 does not have CSRF check when saving its settings, allowing attacker to make a logged in admin change them, which could make the blog unstable by setting low values...

WP Cookie Choice <= 1.1.0 - CSRF to Stored Cross-Site Scripting

The plugin is lacking any CSRF check when saving its options, and do not escape them when outputting them in attributes. As a result, an attacker could make a logged in admin change them to arbitrary values including XSS payloads via a CSRF attack. PoC...

CVE-2021-24586

The Per page add to head WordPress plugin before 1.4.4 is lacking any CSRF check when saving its settings, which could allow attackers to make a logged in admin change them. Furthermore, as the plugin allows arbitrary HTML to be inserted in one of the setting feature mentioned by the plugin, this...

CVE-2021-24178

The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.1 suffered from Cross-Site Request Forgery issues, allowing an attacker to make a logged in administrator add, edit or delete form fields, which could also lead to Stored Cross-Site Scripting issue...

CVE-2020-9277

An issue was discovered on D-Link DSL-2640B B2 EU4.01B devices. Authentication can be bypassed when accessing cgi modules. This allows one to perform administrative tasks e.g., modify the admin password with no authentication...

CVE-2019-7654

Wowza Streaming Engine 4.8.0 and earlier suffers from multiple CSRF vulnerabilities. For example, an administrator, by following a link, can be tricked into making unwanted changes such as adding another admin user via enginemanager/server/user/edit.htm in the Server-Users component. This issue w...

Multiple Remote Vulnerabilities in Geovision IP Camera Devices

Geovision is a Taiwan-based company specializing in the innovative research and development of digital security surveillance systems, providing customers with intelligent applications and the most cost-effective surveillance solutions based on the core technologies of image capture, image analysi...

CVE-2016-8201

CVE-2016-8201 is a CSRF vulnerability in Brocade Virtual Traffic Manager (vTM) affecting versions up to 11.0. An attacker could trick a logged-in admin into performing administrative changes on the traffic-manager cluster. Remediation and confirmed fixes are available in later releases: vTM 11.1,...

baserCMS plugin "Casebook Plugin" vulnerable to cross-site request forgery

Overview baserCMS plugin "Casebook Plugin" contains a cross-site request forgery vulnerability CWE-352. Takaesu Isao of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...

CVE-1999-0361

CVE-1999-0361 affects NetWare deployments running LaserFiche (Novell NetWare version of LaserFiche). The vulnerable component is the storage of usernames and passwords in unencrypted form, and the vulnerability allows administrative changes to occur without logging. Public documentation consisten...