Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2017-18107

Summary
Assigner-atlassian
Assigner Org ID-f08a6ab8-ed46-4c22-8884-d911ccfe3c66
Published At-17 Dec, 2019 | 03:45
Updated At-16 Sep, 2024 | 20:06
Rejected At-
Credits

Various resources in the Crowd Demo application of Atlassian Crowd before version 3.1.1 allow remote attackers to modify add, modify and delete users & groups via a Cross-site request forgery (CSRF) vulnerability. Please be aware that the Demo application is not enabled by default.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:atlassian
Assigner Org ID:f08a6ab8-ed46-4c22-8884-d911ccfe3c66
Published At:17 Dec, 2019 | 03:45
Updated At:16 Sep, 2024 | 20:06
Rejected At:
▼CVE Numbering Authority (CNA)

Various resources in the Crowd Demo application of Atlassian Crowd before version 3.1.1 allow remote attackers to modify add, modify and delete users & groups via a Cross-site request forgery (CSRF) vulnerability. Please be aware that the Demo application is not enabled by default.

Affected Products
Vendor
AtlassianAtlassian
Product
Crowd
Versions
Affected
  • From unspecified before 3.1.1 (custom)
Problem Types
TypeCWE IDDescription
textN/ACross-Site Request Forgery (CSRF)
Type: text
CWE ID: N/A
Description: Cross-Site Request Forgery (CSRF)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://jira.atlassian.com/browse/CWD-5091
x_refsource_MISC
Hyperlink: https://jira.atlassian.com/browse/CWD-5091
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://jira.atlassian.com/browse/CWD-5091
x_refsource_MISC
x_transferred
Hyperlink: https://jira.atlassian.com/browse/CWD-5091
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@atlassian.com
Published At:17 Dec, 2019 | 04:15
Updated At:27 Dec, 2019 | 21:31

Various resources in the Crowd Demo application of Atlassian Crowd before version 3.1.1 allow remote attackers to modify add, modify and delete users & groups via a Cross-site request forgery (CSRF) vulnerability. Please be aware that the Demo application is not enabled by default.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Primary2.04.0MEDIUM
AV:N/AC:H/Au:N/C:N/I:P/A:P
Type: Primary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Type: Primary
Version: 2.0
Base score: 4.0
Base severity: MEDIUM
Vector:
AV:N/AC:H/Au:N/C:N/I:P/A:P
CPE Matches
Atlassian
atlassian
>>crowd>>Versions before 3.1.1(exclusive)
cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-352Primarynvd@nist.gov
CWE ID: CWE-352
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://jira.atlassian.com/browse/CWD-5091security@atlassian.com
Vendor Advisory
Hyperlink: https://jira.atlassian.com/browse/CWD-5091
Source: security@atlassian.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

536Records found
CVE-2020-2295
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 31.55%
||
7 Day CHG~0.00%
Published-08 Oct, 2020 | 12:40
Updated-04 Aug, 2024 | 07:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins Maven Cascade Release Plugin 1.3.2 and earlier allows attackers to start cascade builds and layout builds, and reconfigure the plugin.

Action-Not Available
Vendor-barchartJenkins
Product-maven_cascade_releaseJenkins Maven Cascade Release Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-27073
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 17.35%
||
7 Day CHG~0.00%
Published-14 Mar, 2023 | 00:00
Updated-27 Feb, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Cross-Site Request Forgery (CSRF) in Online Food Ordering System v1.0 allows attackers to change user details and credentials via a crafted POST request.

Action-Not Available
Vendor-online_food_ordering_system_projectn/a
Product-online_food_ordering_systemn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-27520
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 43.72%
||
7 Day CHG~0.00%
Published-11 Apr, 2023 | 00:00
Updated-10 Feb, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in SEIKO EPSON printers/network interface Web Config allows a remote unauthenticated attacker to hijack the authentication and perform unintended operations by having a logged-in user view a malicious page. [Note] Web Config is the software that allows users to check the status and change the settings of SEIKO EPSON printers/network interface via a web browser. According to SEIKO EPSON CORPORATION, it is also called as Remote Manager in some products. Web Config is pre-installed in some printers/network interface provided by SEIKO EPSON CORPORATION. For the details of the affected product names/model numbers, refer to the information provided by the vendor.

Action-Not Available
Vendor-epsonSEIKO EPSON CORPORATION
Product-lp-s5000_firmwaresc-s60650lsc-t5250d_firmwarepx-b500sc-px5v2prifnw7s_firmwaresc-t7255sc-s70650_firmwarepx-5vsc-p7050px-7500n_firmwaresc-t7250dsc-s30650sc-t3050sc-p6050_firmwaresc-s80650lpx-f10000sc-t3050_firmwareesnsb1sc-s50650_firmwarelp-s5300sc-f7200lp-9200c_firmwarelp-s6500_firmwarelp-s4500_firmwareprifnw3s_firmwaresc-t5255lp-s310nsc-t7250lp-s6000_firmwarepx-h10000lp-s4500lp-8200clp-9200ps2_firmwareprifnw2px-h7000sc-f6000tm-c3400lp-9200ps2lp-9200ps3px-h6000sc-p6050lp-s5300_firmwareprifnw2ac_firmwarepx-6250s_firmwareprifnw7ssc-f6350_firmwarelp-9200csc-p9050lp-8500cpx-7550_firmwarepx-h9000_firmwarelp-s3000z_firmwaresc-t3255_firmwarepa-w11gpx-w8000_firmwareesnsb1_firmwarepx-h8000_firmwareprifnw2spa-w11g2_firmwarelp-s3000pa-w11g_firmwaretm-c3400_firmwarepx-b510px-6550_firmwarestylus_pro_gs6000px-7500npx-5800prifnw6sc-s80650_firmwarepx-7550sstylus_pro_gs6000_firmwaresc-t5050_firmwarelp-9200ps3_firmwarelp-s4200px-f8000tm-c3500_firmwaresc-t7255d_firmwareprifnw1stm-c7500px-h6000_firmwarepx-7v_firmwarepx-5002sc-p20050_firmwarelp-s3000rlp-s7500_firmwaresc-f7200_firmwaresc-s80650l_firmwarepx-6250slp-s310n_firmwarelp-s3000_firmwarepx-9550s_firmwarepx-h7000_firmwaresc-f2000_firmwaresc-f2150px-5v_firmwarepx-9550_firmwarelp-s6500px-f8000_firmwaresc-f7100px-9500n_firmwareesnsb2_firmwaresc-p8050sc-f9450sc-f9450hlp-s5300r_firmwaresc-s60650_firmwarepx-h9000lp-s300nprifnw2s_firmwaresc-t5250dsc-t7250d_firmwaresc-t7255_firmwaresc-f9450h_firmwareprifnw1_firmwaresc-p10050_firmwarepx-h8000lp-s8100lp-s9000px-9550ssc-s80650lp-s5300rsc-s40650_firmwaresc-s30650_firmwaresc-t5250prifnw2acsc-t3250_firmwarelp-s3000r_firmwarelp-s6000sc-px7v2sc-p9050_firmwarelp-s4000_firmwarelp-s7000esnsb2esifnw1_firmwareprifnw3_firmwarelp-s7000_firmwarelp-8200c_firmwarelp-s5500px-f10000_firmwarepx-h10000_firmwareprifnw3spx-w8000px-b500_firmwarepx-7550s_firmwarelp-9200b_firmwaresc-t7255dtm-c3500sc-f9200_firmwareprifnw2sac_firmwarelp-s5000px-b510_firmwareprifnw1s_firmwarelp-s3000zprifnw1sc-f2150_firmwareesifnw1lp-8500c_firmwaresc-f6350sc-p8050_firmwaresc-s70650tm-c7500_firmwaresc-f9350prifnw7u_firmwarelp-9800c_firmwareprifnw7upx-7550prifnw2_firmwaresc-t7250_firmwarelp-9200bsc-f7100_firmwarepx-20000_firmwarelp-s9000_firmwarepx-9550lp-s4200_firmwaresc-t5255dsc-f9450_firmwareprifnw3prifnw7sc-t5050sc-s40650lp-s8100_firmwarepa-w11g2sc-s60650lp-s3500lp-8700ps3lp-s7500sc-t7050_firmwarelp-s3000ps_firmwaresc-t3250sc-px5v2_firmwaresc-f9200lp-9800csc-t3255px-9500nsc-px7v2_firmwarelp-s5500_firmwarelp-8700ps3_firmwarelp-s4000sc-s60650l_firmwarepx-5002_firmwaresc-f6000_firmwarelp-9300sc-t7050px-5800_firmwarepx-6550sc-f6200_firmwarelp-s3500_firmwarelp-9600sc-f9350_firmwareprifnw6_firmwarelp-9600_firmwarelp-9300_firmwaresc-t5250_firmwaresc-t5255_firmwaresc-p5050_firmwarelp-s7100_firmwaresc-p20050px-f8000mprifnw7_firmwaresc-p7050_firmwaresc-s50650lp-s7500pslp-s3000pslp-s7500ps_firmwarepx-20000sc-f6200px-f8000m_firmwaresc-f2000prifnw2saclp-9600ssc-p10050sc-t5255d_firmwaresc-px3vlp-s300n_firmwarelp-9600s_firmwaresc-p5050px-7vsc-px3v_firmwarelp-s7100SEIKO EPSON printers/network interface Web Config
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-22500
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 31.19%
||
7 Day CHG~0.00%
Published-06 Feb, 2021 | 01:03
Updated-03 Aug, 2024 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross Site Request Forgery vulnerability in Micro Focus Application Performance Management product, affecting versions 9.40, 9.50 and 9.51. The vulnerability could be exploited by attacker to trick the users into executing actions of the attacker's choosing.

Action-Not Available
Vendor-n/aMicro Focus International Limited
Product-application_performance_managementApplication Performance Management
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-25706
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.04% / 10.94%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 12:19
Updated-02 Aug, 2024 | 14:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Robots.txt optimization plugin <= 1.4.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Pagup WordPress Robots.Txt optimization plugin <= 1.4.5 versions.

Action-Not Available
Vendor-pagupPagup
Product-better_robots.txtWordPress Robots.txt optimization
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-23582
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.22% / 44.48%
||
7 Day CHG~0.00%
Published-21 Nov, 2022 | 00:00
Updated-29 Apr, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the "/admin/wlmultipleap.asp" of optilink OP-XT71000N version: V2.2 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to create Multiple WLAN BSSID.

Action-Not Available
Vendor-optilinknetworkn/a
Product-op-xt71000n_firmwareop-xt71000nn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-23593
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.17% / 38.24%
||
7 Day CHG~0.00%
Published-23 Nov, 2022 | 00:00
Updated-29 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2, Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross site request forgery (CSRF) attack to enable syslog mode through ' /mgm_log_cfg.asp.' The system starts to log events, 'Remote' mode or 'Both' mode on "Syslog -- Configuration page" logs events and sends to remote syslog server IP and Port.

Action-Not Available
Vendor-optilinknetworkn/a
Product-op-xt71000n_firmwareop-xt71000nn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-21081
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 31.19%
||
7 Day CHG~0.00%
Published-14 Sep, 2021 | 15:57
Updated-04 Aug, 2024 | 14:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) in Maccms 8.0 causes administrators to add and modify articles without their knowledge via clicking on a crafted URL.

Action-Not Available
Vendor-maccmsn/a
Product-maccmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-21358
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 31.19%
||
7 Day CHG~0.00%
Published-06 Aug, 2021 | 22:37
Updated-04 Aug, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross site request forgery (CSRF) in Wage-CMS 1.5.x-dev allows attackers to arbitrarily add users.

Action-Not Available
Vendor-wagecms_projectn/a
Product-wage-cmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-20595
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 31.19%
||
7 Day CHG~0.00%
Published-22 Dec, 2021 | 22:39
Updated-04 Aug, 2024 | 14:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) in OPMS v1.3 and below allows attackers to arbitrarily add a user account via /user/add.

Action-Not Available
Vendor-opms_projectn/a
Product-opmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-20343
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 27.99%
||
7 Day CHG~0.00%
Published-01 Sep, 2021 | 21:25
Updated-04 Aug, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WTCMS 1.0 contains a cross-site request forgery (CSRF) vulnerability in the index.php?g=admin&m=nav&a=add_post component that allows attackers to arbitrarily add articles in the administrator background.

Action-Not Available
Vendor-wtcms_projectn/a
Product-wtcmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-2192
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.41% / 60.62%
||
7 Day CHG~0.00%
Published-03 Jun, 2020 | 12:40
Updated-04 Aug, 2024 | 07:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery vulnerability in Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier allows attackers to add or remove agent labels.

Action-Not Available
Vendor-Jenkins
Product-self-organizing_swarm_modulesJenkins Self-Organizing Swarm Plug-in Modules Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-2508
Matching Score-4
Assigner-Fluid Attacks
ShareView Details
Matching Score-4
Assigner-Fluid Attacks
CVSS Score-5.3||MEDIUM
EPSS-0.03% / 6.08%
||
7 Day CHG~0.00%
Published-20 Sep, 2023 | 15:05
Updated-24 Sep, 2024 | 15:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CSRF in PaperCutNG Mobility Print leads to sophisticated phishing

The `PaperCutNG Mobility Print` version 1.0.3512 application allows an unauthenticated attacker to perform a CSRF attack on an instance administrator to configure the clients host (in the "configure printer discovery" section). This is possible because the application has no protections against CSRF attacks, like Anti-CSRF tokens, header origin validation, samesite cookies, etc.

Action-Not Available
Vendor-PaperCut Software Pty LtdApple Inc.
Product-mobility_print_servermacosMobility Print
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-21881
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 13.30%
||
7 Day CHG~0.00%
Published-31 Jul, 2023 | 00:00
Updated-22 Oct, 2024 | 19:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross Site Request Forgery (CSRF) vulnerability in admin.php in DuxCMS 2.1 allows remote attackers to modtify application data via article/admin/content/add.

Action-Not Available
Vendor-duxcms_projectn/a
Product-duxcmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-24423
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 34.08%
||
7 Day CHG~0.00%
Published-24 Jan, 2023 | 00:00
Updated-02 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins Gerrit Trigger Plugin 2.38.0 and earlier allows attackers to rebuild previous builds triggered by Gerrit.

Action-Not Available
Vendor-Jenkins
Product-gerrit_triggerJenkins Gerrit Trigger Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-24457
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.17% / 39.12%
||
7 Day CHG~0.00%
Published-24 Jan, 2023 | 00:00
Updated-02 Apr, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins Keycloak Authentication Plugin 2.3.0 and earlier allows attackers to trick users into logging in to the attacker's account.

Action-Not Available
Vendor-Jenkins
Product-keycloak_authenticationJenkins Keycloak Authentication Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-25015
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.20% / 42.70%
||
7 Day CHG+0.01%
Published-02 Feb, 2023 | 00:00
Updated-26 Mar, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Clockwork Web before 0.1.2, when Rails before 5.2 is used, allows CSRF.

Action-Not Available
Vendor-clockwork_web_projectn/aRuby on Rails
Product-clockwork_webrailsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-652
Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')
CVE-2023-24417
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 17.50%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 12:38
Updated-07 Oct, 2024 | 17:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Worthy – VG WORT Integration für WordPress Plugin <= 1.6.5-6497609 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in tiggersWelt.Net Worthy plugin <= 1.6.5-6497609 versions.

Action-Not Available
Vendor-tiggerswelttiggersWelt.net
Product-worthyWorthy
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-25443
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 17.50%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 12:29
Updated-07 Oct, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Button Generator – easily Button Builder Plugin <= 2.3.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Button Generator – easily Button Builder plugin <= 2.3.5 versions.

Action-Not Available
Vendor-wow-companyWow-Company
Product-button_generatorButton Generator – easily Button Builder
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-2326
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 31.20%
||
7 Day CHG~0.00%
Published-27 Jun, 2023 | 13:17
Updated-27 Nov, 2024 | 19:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Gravity Forms Google Sheet Connector < 1.3.5 - Access Code Update via CSRF

The Gravity Forms Google Sheet Connector WordPress plugin before 1.3.5, gsheetconnector-gravityforms-pro WordPress plugin through 1.3.5 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack

Action-Not Available
Vendor-gsheetconnectorUnknown
Product-gravity_forms_google_sheets_connectorGravity Forms Google Sheet Connectorgsheetconnector-gravityforms-pro
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-19964
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 34.15%
||
7 Day CHG~0.00%
Published-14 Oct, 2021 | 14:17
Updated-04 Aug, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Cross Site Request Forgery (CSRF) vulnerability was discovered in PHPMyWind 5.6 which allows attackers to create a new administrator account without authentication.

Action-Not Available
Vendor-phpmywindn/a
Product-phpmywindn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2009-3022
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 37.51%
||
7 Day CHG~0.00%
Published-31 Aug, 2009 | 20:00
Updated-21 Jan, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in bingo!CMS 1.2 and earlier allows remote attackers to hijack the authentication of other users for requests that modify configuration or change content via unspecified vectors.

Action-Not Available
Vendor-itd-incn/a
Product-bingo\!cmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-2407
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.1||MEDIUM
EPSS-0.06% / 17.21%
||
7 Day CHG~0.00%
Published-03 Jun, 2023 | 04:35
Updated-20 Dec, 2024 | 23:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Event Registration Calendar By vcita plugin, versions up to and including 3.9.1, and Online Payments – Get Paid with PayPal, Square & Stripe plugin, for WordPress are vulnerable to Cross-Site Request Forgery. This is due to missing nonce validation in the ls_parse_vcita_callback() function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-vcitavcita
Product-online_payments_-_get_paid_with_paypal\,_square_\&_stripeevent_registration_calendar_by_vcitaOnline Payments – Get Paid with PayPal, Square & StripeEvent Registration Calendar By vcita
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-23671
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.06% / 19.16%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 11:22
Updated-02 Aug, 2024 | 14:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Layer Slider Plugin <= 1.1.9.7 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Muneeb Layer Slider plugin <= 1.1.9.7 versions.

Action-Not Available
Vendor-web-settlerMuneeb
Product-layer_sliderLayer Slider
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-23973
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.14% / 34.63%
||
7 Day CHG~0.00%
Published-01 Mar, 2023 | 12:49
Updated-13 Jan, 2025 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Contact Us page - Contact people LITE Plugin <= 3.7.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in a3rev Software Contact Us Page – Contact People plugin <= 3.7.0.

Action-Not Available
Vendor-a3reva3rev Software
Product-contact_us_page_-_contact_peopleContact Us Page – Contact People
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-19264
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 30.92%
||
7 Day CHG~0.00%
Published-09 Sep, 2021 | 17:44
Updated-04 Aug, 2024 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) in MipCMS v5.0.1 allows attackers to arbitrarily add users via index.php?s=/user/ApiAdminUser/itemAdd.

Action-Not Available
Vendor-mipcmsn/a
Product-mipcmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-2405
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.1||MEDIUM
EPSS-0.06% / 17.21%
||
7 Day CHG~0.00%
Published-03 Jun, 2023 | 04:35
Updated-20 Dec, 2024 | 23:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.6.2. This is due to missing nonce validation in the vcita-callback.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-vcitavcita
Product-crm_and_lead_management_by_vcitaCRM and Lead Management by vcita
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-2307
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-4.7||MEDIUM
EPSS-0.05% / 14.82%
||
7 Day CHG~0.00%
Published-26 Apr, 2023 | 00:00
Updated-31 Jan, 2025 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery (CSRF) in builderio/qwik

Cross-Site Request Forgery (CSRF) in GitHub repository builderio/qwik prior to 0.104.0.

Action-Not Available
Vendor-builderbuilderio
Product-qwikbuilderio/qwik
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-22852
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.15% / 35.95%
||
7 Day CHG~0.00%
Published-14 Jan, 2023 | 00:00
Updated-07 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tiki through 25.0 allows CSRF attacks that are related to tiki-importer.php and tiki-import_sheet.php.

Action-Not Available
Vendor-tikin/a
Product-tikin/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-21139
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 31.19%
||
7 Day CHG~0.00%
Published-04 Nov, 2021 | 19:09
Updated-04 Aug, 2024 | 14:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

EC Cloud E-Commerce System v1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add admin accounts via /admin.html?do=user&act=add.

Action-Not Available
Vendor-ec_cloud_e-commerce_system_projectn/a
Product-ec_cloud_e-commerce_systemn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-2179
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.5||MEDIUM
EPSS-0.15% / 36.20%
||
7 Day CHG~0.00%
Published-15 May, 2023 | 12:15
Updated-24 Jan, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WooCommerce Order Status Change Notifier <= 1.1.0 - Subscriber+ Arbitrary Order Status Update

The WooCommerce Order Status Change Notifier WordPress plugin through 1.1.0 does not have authorisation and CSRF when updating status orders via an AJAX action available to any authenticated users, which could allow low privilege users such as subscriber to update arbitrary order status, making them paid without actually paying for them for example

Action-Not Available
Vendor-UnknownWooCommerce
Product-woocommerce_order_status_change_notifierWooCommerce Order Status Change Notifier
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-862
Missing Authorization
CVE-2023-22681
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 20.91%
||
7 Day CHG~0.00%
Published-20 Mar, 2023 | 10:56
Updated-10 Jan, 2025 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Online Exam Software : eExamhall Plugin <= 4.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Aarvanshinfotech Online Exam Software: eExamhall plugin <= 4.0 versions.

Action-Not Available
Vendor-online_exam_software_\Aarvanshinfotech
Product-_eexamhall_projectOnline Exam Software : eExamhall
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-20468
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 31.19%
||
7 Day CHG~0.00%
Published-21 Jun, 2021 | 04:00
Updated-04 Aug, 2024 | 14:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

White Shark System (WSS) 1.3.2 is vulnerable to CSRF. Attackers can use the user_edit_password.php file to modify the user password.

Action-Not Available
Vendor-white_shark_systems_projectn/a
Product-white_shark_systemsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-17901
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 37.53%
||
7 Day CHG~0.00%
Published-30 Nov, 2020 | 18:22
Updated-04 Aug, 2024 | 14:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) in PbootCMS 1.3.2 allows attackers to change the password of a user.

Action-Not Available
Vendor-pbootcmsn/a
Product-pbootcmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-2091
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 27.84%
||
7 Day CHG~0.00%
Published-11 Jul, 2022 | 12:57
Updated-03 Aug, 2024 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cache Images < 3.2.1 - Image Upload / Import via CSRF

The Cache Images WordPress plugin before 3.2.1 does not implement nonce checks, which could allow attackers to make any logged user upload images via a CSRF attack.

Action-Not Available
Vendor-cache_images_projectUnknown
Product-cache_imagesCache Images
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-20650
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 26.90%
||
7 Day CHG~0.00%
Published-12 Feb, 2021 | 06:15
Updated-03 Aug, 2024 | 17:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in ELECOM NCC-EWF100RMWH2 allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. As a result, the device settings may be altered and/or telnet daemon may be started.

Action-Not Available
Vendor-Elecom Co., Ltd.
Product-ncc-ewf100rmwh2ncc-ewf100rmwh2_firmwareNCC-EWF100RMWH2
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-1624
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 31.20%
||
7 Day CHG~0.00%
Published-24 Apr, 2023 | 18:30
Updated-04 Feb, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WPCode Lite < 2.0.9 - Arbitrary Log File Deletion via CSRF

The WPCode WordPress plugin before 2.0.9 has a flawed CSRF when deleting log, and does not ensure that the file to be deleted is inside the expected folder. This could allow attackers to make users with the wpcode_activate_snippets capability delete arbitrary log files on the server, including outside of the blog folders

Action-Not Available
Vendor-UnknownWPCode, LLC (WPCode)
Product-wpcodeWPCode
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-0438
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-5.4||MEDIUM
EPSS-0.12% / 31.08%
||
7 Day CHG~0.00%
Published-23 Jan, 2023 | 00:00
Updated-03 Apr, 2025 | 16:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery (CSRF) in modoboa/modoboa

Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4.

Action-Not Available
Vendor-modoboamodoboa
Product-modoboamodoboa/modoboa
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-1330
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 28.14%
||
7 Day CHG~0.00%
Published-03 Apr, 2023 | 14:38
Updated-14 Feb, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Redirection < 1.1.4 - Redirect Creation via CSRF

The Redirection WordPress plugin before 1.1.4 does not add nonce verification in place when adding the redirect, which could allow attackers to add redirects via a CSRF attack.

Action-Not Available
Vendor-inisevUnknown
Product-redirectionRedirection
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-0502
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 32.97%
||
7 Day CHG~0.00%
Published-27 Mar, 2023 | 15:37
Updated-19 Feb, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP News <= 1.1.9 - Arbitrary Plugin Activation via CSRF

The WP News WordPress plugin through 1.1.9 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack

Action-Not Available
Vendor-UnknownHasTech IT Limited (HasThemes)
Product-wp_newsWP News
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-0735
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 33.11%
||
7 Day CHG~0.00%
Published-07 Feb, 2023 | 00:00
Updated-25 Mar, 2025 | 14:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery (CSRF) in wallabag/wallabag

Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.5.4.

Action-Not Available
Vendor-wallabagwallabag
Product-wallabagwallabag/wallabag
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-1331
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 31.20%
||
7 Day CHG~0.00%
Published-17 Apr, 2023 | 12:17
Updated-06 Feb, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Redirection < 1.1.5 - Plugin Reset via CSRF

The Redirection WordPress plugin before 1.1.5 does not have CSRF checks in the uninstall action, which could allow attackers to make logged in admins delete all the redirections through a CSRF attack.

Action-Not Available
Vendor-inisevUnknown
Product-redirectionRedirection
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-18889
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.15% / 36.28%
||
7 Day CHG~0.00%
Published-06 May, 2021 | 16:54
Updated-04 Aug, 2024 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross Site Request Forgery (CSRF) vulnerability in puppyCMS v5.1 that can change the admin's password via /admin/settings.php.

Action-Not Available
Vendor-puppycmsn/a
Product-puppycmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-1092
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 33.59%
||
7 Day CHG~0.00%
Published-27 Mar, 2023 | 15:39
Updated-19 Feb, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OAuth Single Sign On - SSO (OAuth Client) - IdP Deletion via CSRF

The OAuth Single Sign On Free WordPress plugin before 6.24.2, OAuth Single Sign On Standard WordPress plugin before 28.4.9, OAuth Single Sign On Premium WordPress plugin before 38.4.9 and OAuth Single Sign On Enterprise WordPress plugin before 48.4.9 do not have CSRF checks when deleting Identity Providers (IdP), which could allow attackers to make logged in admins delete arbitrary IdP via a CSRF attack

Action-Not Available
Vendor-miniorangeMiniOrange
Product-oauth_single_sign_onOAuth Single Sign On EnterpriseOAuth Single Sign On StandardOAuth Single Sign On PremiumOAuth Single Sign On Free
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-0674
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 16.30%
||
7 Day CHG~0.00%
Published-04 Feb, 2023 | 07:34
Updated-02 Aug, 2024 | 05:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
XXL-JOB New Password updatePwd cross-site request forgery

A vulnerability, which was classified as problematic, has been found in XXL-JOB 2.3.1. Affected by this issue is some unknown functionality of the file /user/updatePwd of the component New Password Handler. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220196.

Action-Not Available
Vendor-n/aXuxueli
Product-xxl-jobXXL-JOB
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-18151
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 29.53%
||
7 Day CHG~0.00%
Published-14 Jul, 2021 | 18:18
Updated-04 Aug, 2024 | 14:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross Site Request Forgery (CSRF) vulnerability in ThinkCMF v5.1.0, which can add an admin account.

Action-Not Available
Vendor-thinkcmfn/a
Product-thinkcmfn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-0522
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 26.54%
||
7 Day CHG~0.00%
Published-08 May, 2023 | 13:58
Updated-04 Feb, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Enable/Disable Auto Login when Register <= 1.1.0 - Settings Update via CSRF

The Enable/Disable Auto Login when Register WordPress plugin through 1.1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Action-Not Available
Vendor-enable\/disable_auto_login_when_register_projectUnknown
Product-enable\/disable_auto_login_when_registerEnable/Disable Auto Login when Register
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-0500
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 32.97%
||
7 Day CHG~0.00%
Published-27 Mar, 2023 | 15:37
Updated-19 Feb, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Film Studio < 1.3.5 - Arbitrary Plugin Activation via CSRF

The WP Film Studio WordPress plugin before 1.3.5 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack

Action-Not Available
Vendor-UnknownHasTech IT Limited (HasThemes)
Product-wp_film_studioWP Film Studio
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-15600
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 32.23%
||
7 Day CHG~0.00%
Published-07 Jul, 2020 | 21:17
Updated-04 Aug, 2024 | 13:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in CMSUno before 1.6.1. uno.php allows CSRF to change the admin password.

Action-Not Available
Vendor-cmsuno_projectn/a
Product-cmsunon/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-0398
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-5.4||MEDIUM
EPSS-0.24% / 46.74%
||
7 Day CHG~0.00%
Published-19 Jan, 2023 | 00:00
Updated-03 Apr, 2025 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery (CSRF) in modoboa/modoboa

Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4.

Action-Not Available
Vendor-modoboamodoboa
Product-modoboamodoboa/modoboa
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 10
  • 11
  • Next
Details not found