Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2018-17584

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-15 Apr, 2019 | 19:41
Updated At-05 Aug, 2024 | 10:54
Rejected At-
Credits

The WP Fastest Cache plugin 0.8.8.5 for WordPress has CSRF via the wp-admin/admin.php wpfastestcacheoptions page.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:15 Apr, 2019 | 19:41
Updated At:05 Aug, 2024 | 10:54
Rejected At:
▼CVE Numbering Authority (CNA)

The WP Fastest Cache plugin 0.8.8.5 for WordPress has CSRF via the wp-admin/admin.php wpfastestcacheoptions page.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://docs.google.com/document/d/17JSC97ecikWalB_ZTScNipFoud2aFXb5mXEZ7g-KIQI/edit?usp=sharing
x_refsource_MISC
https://ansawaf.blogspot.com/2019/04/csrf-multiple-stored-xss-in-wp-fastest.html
x_refsource_MISC
https://wpvulndb.com/vulnerabilities/9696
x_refsource_MISC
Hyperlink: https://docs.google.com/document/d/17JSC97ecikWalB_ZTScNipFoud2aFXb5mXEZ7g-KIQI/edit?usp=sharing
Resource:
x_refsource_MISC
Hyperlink: https://ansawaf.blogspot.com/2019/04/csrf-multiple-stored-xss-in-wp-fastest.html
Resource:
x_refsource_MISC
Hyperlink: https://wpvulndb.com/vulnerabilities/9696
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://docs.google.com/document/d/17JSC97ecikWalB_ZTScNipFoud2aFXb5mXEZ7g-KIQI/edit?usp=sharing
x_refsource_MISC
x_transferred
https://ansawaf.blogspot.com/2019/04/csrf-multiple-stored-xss-in-wp-fastest.html
x_refsource_MISC
x_transferred
https://wpvulndb.com/vulnerabilities/9696
x_refsource_MISC
x_transferred
Hyperlink: https://docs.google.com/document/d/17JSC97ecikWalB_ZTScNipFoud2aFXb5mXEZ7g-KIQI/edit?usp=sharing
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://ansawaf.blogspot.com/2019/04/csrf-multiple-stored-xss-in-wp-fastest.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://wpvulndb.com/vulnerabilities/9696
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:15 Apr, 2019 | 20:29
Updated At:07 Sep, 2019 | 05:15

The WP Fastest Cache plugin 0.8.8.5 for WordPress has CSRF via the wp-admin/admin.php wpfastestcacheoptions page.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.08.8HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.0
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches

wpfastestcache
wpfastestcache
>>wp_fastest_cache>>0.8.8.5
cpe:2.3:a:wpfastestcache:wp_fastest_cache:0.8.8.5:*:*:*:*:wordpress:*:*
Weaknesses
CWE IDTypeSource
CWE-352Primarynvd@nist.gov
CWE ID: CWE-352
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://ansawaf.blogspot.com/2019/04/csrf-multiple-stored-xss-in-wp-fastest.htmlcve@mitre.org
Exploit
Third Party Advisory
https://docs.google.com/document/d/17JSC97ecikWalB_ZTScNipFoud2aFXb5mXEZ7g-KIQI/edit?usp=sharingcve@mitre.org
Permissions Required
Third Party Advisory
https://wpvulndb.com/vulnerabilities/9696cve@mitre.org
N/A
Hyperlink: https://ansawaf.blogspot.com/2019/04/csrf-multiple-stored-xss-in-wp-fastest.html
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
Hyperlink: https://docs.google.com/document/d/17JSC97ecikWalB_ZTScNipFoud2aFXb5mXEZ7g-KIQI/edit?usp=sharing
Source: cve@mitre.org
Resource:
Permissions Required
Third Party Advisory
Hyperlink: https://wpvulndb.com/vulnerabilities/9696
Source: cve@mitre.org
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

2470Records found

CVE-2015-4089
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.99% / 58.30%
||
7 Day CHG~0.00%
Published-19 Sep, 2017 | 15:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in the optionsPageRequest function in admin.php in WP Fastest Cache plugin before 0.8.3.5 for WordPress allow remote attackers to hijack the authentication of unspecified victims for requests that call the (1) saveOption, (2) deleteCache, (3) deleteCssAndJsCache, or (4) addCacheTimeout method via the wpFastestCachePage parameter in the WpFastestCacheOptions/ page.

Action-Not Available
Vendor-wpfastestcachen/a
Product-wp_fastest_cachen/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-1924
Matching Score-6
Assigner-Wordfence
ShareView Details
Matching Score-6
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.23% / 13.38%
||
7 Day CHG~0.00%
Published-06 Apr, 2023 | 19:57
Updated-08 Apr, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'wpfc_toolbar_save_settings_callback'

The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_toolbar_save_settings_callback function. This makes it possible for unauthenticated attackers to change cache settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-wpfastestcacheemrevona
Product-wp_fastest_cacheWP Fastest Cache – WordPress Cache Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-1926
Matching Score-6
Assigner-Wordfence
ShareView Details
Matching Score-6
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.23% / 13.38%
||
7 Day CHG~0.00%
Published-06 Apr, 2023 | 19:59
Updated-08 Apr, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'deleteCacheToolbar'

The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the deleteCacheToolbar function. This makes it possible for unauthenticated attackers to perform cache deletion via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-wpfastestcacheemrevona
Product-wp_fastest_cacheWP Fastest Cache – WordPress Cache Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-1923
Matching Score-6
Assigner-Wordfence
ShareView Details
Matching Score-6
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.23% / 13.38%
||
7 Day CHG~0.00%
Published-06 Apr, 2023 | 19:57
Updated-08 Apr, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'wpfc_remove_cdn_integration_ajax_request_callback'

The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_remove_cdn_integration_ajax_request_callback function. This makes it possible for unauthenticated attackers to change cdn settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-wpfastestcacheemrevona
Product-wp_fastest_cacheWP Fastest Cache – WordPress Cache Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-1918
Matching Score-6
Assigner-Wordfence
ShareView Details
Matching Score-6
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.23% / 13.38%
||
7 Day CHG~0.00%
Published-06 Apr, 2023 | 19:54
Updated-08 Apr, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'wpfc_preload_single_callback'

The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_preload_single_callback function. This makes it possible for unauthenticated attackers to invoke a cache building action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-wpfastestcacheemrevona
Product-wp_fastest_cacheWP Fastest Cache – WordPress Cache Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-1938
Matching Score-6
Assigner-WPScan
ShareView Details
Matching Score-6
Assigner-WPScan
CVSS Score-8.8||HIGH
EPSS-8.47% / 94.36%
||
7 Day CHG~0.00%
Published-30 May, 2023 | 07:49
Updated-10 Jan, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Fatest Cache < 1.1.5 - Blind SSRF via CSRF

The WP Fastest Cache WordPress plugin before 1.1.5 does not have CSRF check in an AJAX action, and does not validate user input before using it in the wp_remote_get() function, leading to a Blind SSRF issue

Action-Not Available
Vendor-wpfastestcacheUnknown
Product-wp_fastest_cacheWP Fastest Cache
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2023-1921
Matching Score-6
Assigner-Wordfence
ShareView Details
Matching Score-6
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.23% / 13.38%
||
7 Day CHG~0.00%
Published-06 Apr, 2023 | 19:56
Updated-08 Apr, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'wpfc_start_cdn_integration_ajax_request_callback'

The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_start_cdn_integration_ajax_request_callback function. This makes it possible for unauthenticated attackers to change cdn settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-wpfastestcacheemrevona
Product-wp_fastest_cacheWP Fastest Cache – WordPress Cache Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-1922
Matching Score-6
Assigner-Wordfence
ShareView Details
Matching Score-6
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.23% / 13.38%
||
7 Day CHG~0.00%
Published-06 Apr, 2023 | 19:56
Updated-08 Apr, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'wpfc_pause_cdn_integration_ajax_request_callback'

The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_pause_cdn_integration_ajax_request_callback function. This makes it possible for unauthenticated attackers to change cdn settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-wpfastestcacheemrevona
Product-wp_fastest_cacheWP Fastest Cache – WordPress Cache Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-1925
Matching Score-6
Assigner-Wordfence
ShareView Details
Matching Score-6
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.23% / 13.38%
||
7 Day CHG~0.00%
Published-06 Apr, 2023 | 19:57
Updated-08 Apr, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'wpfc_clear_cache_of_allsites_callback'

The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_clear_cache_of_allsites_callback function. This makes it possible for unauthenticated attackers to clear caches via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-wpfastestcacheemrevona
Product-wp_fastest_cacheWP Fastest Cache – WordPress Cache Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-1919
Matching Score-6
Assigner-Wordfence
ShareView Details
Matching Score-6
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.23% / 13.38%
||
7 Day CHG~0.00%
Published-06 Apr, 2023 | 19:55
Updated-08 Apr, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'wpfc_preload_single_save_settings_callback'

The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_preload_single_save_settings_callback function. This makes it possible for unauthenticated attackers to change cache-related settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-wpfastestcacheemrevona
Product-wp_fastest_cacheWP Fastest Cache – WordPress Cache Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-1927
Matching Score-6
Assigner-Wordfence
ShareView Details
Matching Score-6
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.23% / 13.38%
||
7 Day CHG~0.00%
Published-06 Apr, 2023 | 20:00
Updated-08 Apr, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'deleteCssAndJsCacheToolbar'

The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the deleteCssAndJsCacheToolbar function. This makes it possible for unauthenticated attackers to perform cache deletion via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-wpfastestcacheemrevona
Product-wp_fastest_cacheWP Fastest Cache – WordPress Cache Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-1920
Matching Score-6
Assigner-Wordfence
ShareView Details
Matching Score-6
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.23% / 13.38%
||
7 Day CHG~0.00%
Published-06 Apr, 2023 | 19:55
Updated-08 Apr, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'wpfc_purgecache_varnish_callback'

The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_purgecache_varnish_callback function. This makes it possible for unauthenticated attackers to purge the varnish cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-wpfastestcacheemrevona
Product-wp_fastest_cacheWP Fastest Cache – WordPress Cache Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-24870
Matching Score-6
Assigner-WPScan
ShareView Details
Matching Score-6
Assigner-WPScan
CVSS Score-6.1||MEDIUM
EPSS-0.25% / 16.74%
||
7 Day CHG~0.00%
Published-16 Jan, 2024 | 15:49
Updated-09 Jan, 2026 | 21:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Fastest Cache < 0.9.5 - CSRF to Stored Cross-Site Scripting

The WP Fastest Cache WordPress plugin before 0.9.5 is lacking a CSRF check in its wpfc_save_cdn_integration AJAX action, and does not sanitise and escape some the options available via the action, which could allow attackers to make logged in high privilege users call it and set a Cross-Site Scripting payload

Action-Not Available
Vendor-wpfastestcacheUnknown
Product-wp_fastest_cacheWP Fastest Cache
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-36836
Matching Score-6
Assigner-Wordfence
ShareView Details
Matching Score-6
Assigner-Wordfence
CVSS Score-8||HIGH
EPSS-1.37% / 68.52%
||
7 Day CHG~0.00%
Published-16 Oct, 2024 | 06:43
Updated-08 Apr, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Fastest Cache <= 0.9.0.2 - Authenticated (Subscriber+) Arbitrary File Deletion

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized arbitrary file deletion in versions up to, and including, 0.9.0.2 due to a lack of capability checking and insufficient path validation. This makes it possible for authenticated users with minimal permissions to delete arbitrary files from the server.

Action-Not Available
Vendor-wpfastestcacheemrevonawpfastestcache
Product-wp_fastest_cacheWP Fastest Cache – WordPress Cache Pluginwp_fastest_cache
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-18935
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.59% / 43.78%
||
7 Day CHG~0.00%
Published-05 Nov, 2018 | 08:00
Updated-05 Aug, 2024 | 11:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in PopojiCMS v2.0.1. It has CSRF via the po-admin/route.php?mod=component&act=addnew URI, as demonstrated by adding a level=1 account.

Action-Not Available
Vendor-popojicmsn/a
Product-popojicmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-12589
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.60% / 44.62%
||
7 Day CHG~0.00%
Published-18 Aug, 2017 | 17:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ToMAX R60G R60GV2-V2.0-v.2.6.3-170330 devices do not have any protection against a CSRF attack.

Action-Not Available
Vendor-tomaxcomn/a
Product-r60gr60g_firmwarer60gv2_firmwarer60gv2n/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-1218
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.90% / 55.32%
||
7 Day CHG~0.00%
Published-19 Jul, 2017 | 20:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Tivoli Endpoint Manager is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 123858.

Action-Not Available
Vendor-IBM Corporation
Product-bigfix_platformBigFix family
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-18842
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.81% / 52.62%
||
7 Day CHG~0.00%
Published-30 Oct, 2018 | 06:00
Updated-05 Aug, 2024 | 11:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CSRF exists in zb_users/plugin/AppCentre/theme.js.php in Z-BlogPHP 1.5.2.1935 (Zero), which allows remote attackers to execute arbitrary PHP code.

Action-Not Available
Vendor-zblogcnn/a
Product-z-blogphpn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-27975
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.60% / 44.50%
||
7 Day CHG~0.00%
Published-28 Oct, 2020 | 14:31
Updated-04 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

osCommerce Phoenix CE before 1.0.5.4 allows admin/define_language.php CSRF.

Action-Not Available
Vendor-oscommercen/a
Product-oscommercen/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-18773
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-3.41% / 87.42%
||
7 Day CHG~0.00%
Published-20 Nov, 2018 | 19:00
Updated-05 Aug, 2024 | 11:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=rootpwd, as demonstrated by changing the root password.

Action-Not Available
Vendor-control-webpaneln/a
Product-webpaneln/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-18742
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.52% / 40.52%
||
7 Day CHG~0.00%
Published-28 Oct, 2018 | 03:00
Updated-05 Aug, 2024 | 11:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CSRF issue was discovered in SEMCMS 3.4 via the admin/SEMCMS_User.php?Class=add&CF=user URI.

Action-Not Available
Vendor-sem-cmsn/a
Product-semcmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2007-1520
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.78% / 51.43%
||
7 Day CHG~0.00%
Published-20 Mar, 2007 | 20:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The cross-site request forgery (CSRF) protection in PHP-Nuke 8.0 and earlier does not ensure the SERVER superglobal is an array before validating the HTTP_REFERER, which allows remote attackers to conduct CSRF attacks.

Action-Not Available
Vendor-phpnuken/a
Product-php-nuken/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-18712
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.65% / 46.67%
||
7 Day CHG~0.00%
Published-27 Oct, 2018 | 22:00
Updated-05 May, 2025 | 18:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can change the super administrator's username via index.php?m=member&f=index&v=edit&uid=1.

Action-Not Available
Vendor-wuzhicmsn/a
Product-wuzhicmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2007-1489
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.67% / 47.54%
||
7 Day CHG~0.00%
Published-16 Mar, 2007 | 21:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in web-app.org Web Automated Perl Portal (WebAPP) 0.9.9.4 to 0.9.9.6 allows remote attackers to obtain admin access by modifying cookies and performing "certain consecutive actions," possibly due to a cross-site request forgery (CSRF) vulnerability.

Action-Not Available
Vendor-web-app.orgn/a
Product-webappn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-18436
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.51% / 39.96%
||
7 Day CHG~0.00%
Published-17 Oct, 2018 | 05:00
Updated-16 Sep, 2024 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

JTBC(PHP) 3.0 allows CSRF for creating an account via the console/account/manage.php?type=action&action=add URI.

Action-Not Available
Vendor-jtbcn/a
Product-jtbc_phpn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-18201
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.49% / 38.80%
||
7 Day CHG~0.00%
Published-09 Oct, 2018 | 23:00
Updated-05 Aug, 2024 | 11:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

qibosoft V7.0 allows CSRF via admin/index.php?lfj=member&action=addmember to add a user account.

Action-Not Available
Vendor-qibosoftn/a
Product-qibosoftn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-17389
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.91% / 55.67%
||
7 Day CHG~0.00%
Published-19 Jun, 2019 | 16:55
Updated-05 Aug, 2024 | 10:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CSRF exists in server.php in Live Call Support Application 1.5 for adding an admin account.

Action-Not Available
Vendor-ranksoln/a
Product-live_call_supportn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2014-0168
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.74% / 50.10%
||
7 Day CHG~0.00%
Published-06 Oct, 2014 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Jolokia before 1.2.1 allows remote attackers to hijack the authentication of users for requests that execute MBeans methods via a crafted web page.

Action-Not Available
Vendor-jolokian/a
Product-jolokian/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-28649
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.77% / 50.97%
||
7 Day CHG~0.00%
Published-16 Nov, 2020 | 02:50
Updated-04 Aug, 2024 | 16:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The orbisius-child-theme-creator plugin before 1.5.2 for WordPress allows CSRF via orbisius_ctc_theme_editor_manage_file.

Action-Not Available
Vendor-orbisiusn/a
Product-child_theme_creatorn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-11726
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.48% / 37.76%
||
7 Day CHG~0.00%
Published-31 Jul, 2017 | 23:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

services/system_io/actionprocessor/System.rails in ConnectWise Manage 2017.5 is vulnerable to Cross-Site Request Forgery (CSRF), as demonstrated by changing an e-mail address setting.

Action-Not Available
Vendor-connectwisen/a
Product-managen/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-11455
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.31% / 67.06%
||
7 Day CHG~0.00%
Published-29 Aug, 2017 | 15:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

diag.cgi in Pulse Connect Secure 8.2R1 through 8.2R5, 8.1R1 through 8.1R10 and Pulse Policy Secure 5.3R1 through 5.3R5, 5.2R1 through 5.2R8, and 5.1R1 through 5.1R10 allow remote attackers to hijack the authentication of administrators for requests to start tcpdump, related to the lack of anti-CSRF tokens.

Action-Not Available
Vendor-n/aPulse SecureIvanti Software
Product-pulse_policy_secureconnect_securepulse_connect_securen/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-11648
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.45% / 36.02%
||
7 Day CHG~0.00%
Published-31 Jul, 2017 | 23:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Techroutes TR 1803-3G Wireless Cellular Router/Modem 2.4.25 devices do not possess any protection against a CSRF vulnerability, as demonstrated by a goform/BasicSettings request to disable port filtering.

Action-Not Available
Vendor-techroutesn/a
Product-tr_1803-3g_firmwaretr_1803-3gn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-15568
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.48% / 38.14%
||
7 Day CHG~0.00%
Published-20 Aug, 2018 | 01:00
Updated-05 Aug, 2024 | 10:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

tp5cms through 2017-05-25 has CSRF via admin.php/category/delete.html.

Action-Not Available
Vendor-tp5cms_projectn/a
Product-tp5cmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-15565
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.57% / 43.03%
||
7 Day CHG~0.00%
Published-20 Aug, 2018 | 01:00
Updated-05 Aug, 2024 | 10:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in daveismyname simple-cms through 2014-03-11. admin/addpage.php does not require authentication for adding a page. This can also be exploited via CSRF.

Action-Not Available
Vendor-simple-cms_projectn/a
Product-simple_cmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-16338
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.47% / 37.44%
||
7 Day CHG~0.00%
Published-02 Sep, 2018 | 18:00
Updated-05 Aug, 2024 | 10:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in AuraCMS 2.3. There is a CSRF vulnerability that can change the administrator's password via admin.php?mod=users and subsequently add a page or menu, or submit a topic.

Action-Not Available
Vendor-auracmsn/a
Product-auracmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-15844
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-2.47% / 82.54%
||
7 Day CHG~0.00%
Published-25 Aug, 2018 | 21:00
Updated-05 Aug, 2024 | 10:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in DamiCMS 6.0.0. There is an CSRF vulnerability that can revise the administrator account's password via /admin.php?s=/Admin/doedit.

Action-Not Available
Vendor-damicmsn/a
Product-damicmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-16218
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.26% / 66.06%
||
7 Day CHG~0.00%
Published-29 May, 2019 | 17:56
Updated-05 Aug, 2024 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CSRF (Cross Site Request Forgery) in the web interface of the Yeahlink Ultra-elegant IP Phone SIP-T41P firmware version 66.83.0.35 allows a remote attacker to trigger code execution or settings modification on the device by providing a crafted link to the victim.

Action-Not Available
Vendor-n/aYealink Network Technology Co., Ltd
Product-ultra-elegant_ip_phone_sip-t41pultra-elegant_ip_phone_sip-t41p_firmwaren/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-16365
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.61% / 45.06%
||
7 Day CHG~0.00%
Published-02 Sep, 2018 | 22:00
Updated-05 Aug, 2024 | 10:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in idreamsoft iCMS V7.0.10. admincp.php?app=group&do=save allows CSRF.

Action-Not Available
Vendor-idreamsoftn/a
Product-icmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-12253
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-1.17% / 63.55%
||
7 Day CHG~0.00%
Published-21 Sep, 2017 | 05:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to a lack of cross-site request forgery (CSRF) protection. An attacker could exploit this vulnerability by tricking the user of a web application into executing an adverse action. Cisco Bug IDs: CSCve76872.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_intelligence_centerCisco Unified Intelligence Center
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-7473
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.61% / 45.06%
||
7 Day CHG~0.00%
Published-01 Aug, 2019 | 14:21
Updated-06 Aug, 2024 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Windu CMS 2.2 allows CSRF via admin/users/?mn=admin.message.error to add an admin account.

Action-Not Available
Vendor-windun/a
Product-windu_cmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-15402
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.48% / 38.03%
||
7 Day CHG~0.00%
Published-17 Oct, 2018 | 20:00
Updated-26 Nov, 2024 | 14:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Enterprise NFV Infrastructure Software Cross-Site Request Forgery Vulnerability

A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks. The vulnerability is due to improper validation of Origin headers on HTTP requests within the management interface. An attacker could exploit this vulnerability by convincing a targeted user to follow a URL to a malicious website. An exploit could allow the attacker to take actions within the software with the privileges of the targeted user or gain access to sensitive information.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-enterprise_network_virtualization_softwareCisco Enterprise NFV Infrastructure Software
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-14331
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.52% / 40.51%
||
7 Day CHG~0.00%
Published-17 Jul, 2018 | 02:00
Updated-05 Aug, 2024 | 09:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in XiaoCms X1 v20140305. There is a CSRF vulnerability to change the administrator account password via admin/index.php?c=index&a=my.

Action-Not Available
Vendor-xiaocmsn/a
Product-xiaocms_x1n/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-15202
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.37% / 29.08%
||
7 Day CHG~0.00%
Published-08 Aug, 2018 | 04:00
Updated-16 Sep, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Juunan06 eCommerce through 2018-08-05. There is a CSRF vulnerability in ee/eBoutique/app/template/includes/crudTreatment.php that can add new users and add products.

Action-Not Available
Vendor-juunan06n/a
Product-ecommercen/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-11646
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.45% / 36.01%
||
7 Day CHG~0.00%
Published-28 Jul, 2017 | 05:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3 are vulnerable to CSRF attacks, as demonstrated by using administration.html to disable the firewall. They does not contain any token that can mitigate CSRF vulnerabilities within the device.

Action-Not Available
Vendor-netcommn/a
Product-4gt101w_bootloader4gt101w_softwaren/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-12584
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.93% / 56.27%
||
7 Day CHG~0.00%
Published-06 Aug, 2017 | 03:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is no CSRF mitigation in SLiMS 8 Akasia through 8.3.1. Also, an entire user profile (including the password) can be updated without sending the current password. This allows remote attackers to trick a user into changing to an attacker-controlled password, a complete account takeover, via the passwd1 and passwd2 fields in an admin/modules/system/app_user.php changecurrent=true operation.

Action-Not Available
Vendor-slimsn/a
Product-senayan_library_management_systemn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-1455
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.78% / 51.46%
||
7 Day CHG~0.00%
Published-15 Aug, 2018 | 15:00
Updated-16 Sep, 2024 | 19:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 11029.

Action-Not Available
Vendor-IBM Corporation
Product-tivoli_application_dependency_discovery_managerTivoli Application Dependency Discovery Manager
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-12271
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.98% / 58.00%
||
7 Day CHG+0.28%
Published-19 Oct, 2017 | 08:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in Cisco SPA300 and SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute unwanted actions on an affected device. The vulnerability is due to a lack of cross-site request forgery (CSRF) protection. An attacker could exploit this vulnerability by tricking the user of a web application into executing an adverse action. Cisco Bug IDs: CSCuz88421, CSCuz91356, CSCve56308.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-spa500_firmwarespa300_firmwarespa500_series_ip_phonespa300_series_ip_phoneCisco SPA300 and SPA500 Series IP Phones
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-11680
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.51% / 39.47%
||
7 Day CHG~0.00%
Published-27 Jul, 2017 | 06:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-Site Request Forgery (CSRF) exists in Hashtopussy 0.4.0, allowing an admin password change via users.php.

Action-Not Available
Vendor-project_hashtopussyn/a
Product-hashtopussyn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-1194
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.88% / 54.64%
||
7 Day CHG~0.00%
Published-28 Apr, 2017 | 17:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 123669.

Action-Not Available
Vendor-IBM Corporation
Product-websphere_application_serverIBM WebSphere Application Server
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-11567
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-4.13% / 89.61%
||
7 Day CHG~0.00%
Published-07 Sep, 2017 | 13:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Mongoose Web Server before 6.9 allows remote attackers to hijack the authentication of users for requests that modify Mongoose.conf via a request to __mg_admin?save. NOTE: this issue can be leveraged to execute arbitrary code remotely.

Action-Not Available
Vendor-cesantan/a
Product-mongoose_embedded_web_server_libraryn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 49
  • 50
  • Next
Details not found