4 matches found
CVE-2022-1845
The WP Post Styling WordPress plugin before 1.3.1 does not have CSRF checks in various actions, which could allow attackers to make a logged in admin delete plugin's data, update the settings, add new entries and more via CSRF attacks...
Cross site request forgery (csrf)
A Cross-Site Request Forgery CSRF vulnerability exists in ProjectWorlds College Management System Php 1.0 that allows a remote attacker to modify, delete, or make a new entry of the student, faculty, teacher, subject, scores, location, and article data...
CVE-2020-25408
A Cross-Site Request Forgery CSRF vulnerability exists in ProjectWorlds College Management System Php 1.0 that allows a remote attacker to modify, delete, or make a new entry of the student, faculty, teacher, subject, scores, location, and article data...
Authentication flaw
SleeperChat 0.3f and earlier allows remote attackers to bypass authentication and create new entries via the txt parameter to 1 chatno.php and 2 chatif.php...