RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to CSRF because GET requests can be used for renames and deletions.
Cross-Site Request Forgery (CSRF) vulnerability in Cyle Conoly WP-FlyBox plugin <= 6.46 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Saas Disabler allows Cross Site Request Forgery.This issue affects Disabler: from n/a through 3.0.3.
Simple Exam Reviewer Management System v1.0 is vulnerable to Cross Site Request Forgery (CSRF) via the Exam List.
Cross-site request forgery (CSRF) vulnerability in 'MicroPayments - Paid Author Subscriptions, Content, Downloads, Membership' versions prior to 1.9.6 allows a remote unauthenticated attacker to hijack the authentication of an administrator and perform unintended operation via unspecified vectors.
Cross-Site Request Forgery (CSRF) vulnerability in Justin Klein WP Social AutoConnect plugin <= 4.6.1 versions.
Multiple cross-site request forgery (CSRF) vulnerabilities in Wuzly 2.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add an administrator, (2) perform cross-site scripting (XSS), (3) perform SQL injection, or have other unspecified impact via unknown vectors.
Cross-site request forgery (CSRF) vulnerability in Moodle 1.9.x before 1.9.11 allows remote attackers to hijack the authentication of unspecified victims for requests that modify an RSS feed in an RSS block.
A Cross-Site Request Forgery (CSRF) in the Admin portal of Cockpit CMS v2.5.2 allows attackers to execute arbitrary Administrator commands.
The SULly WordPress plugin before 4.3.1 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
Pandora FMS v7.0NG.759 allows Cross-Site Request Forgery in Bulk operation (User operation) resulting in elevation of privilege to Administrator group.
JForum v2.8.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via http://target_host:port/jforum-2.8.0/jforum.page, which allows attackers to arbitrarily add admin accounts.
Cross-Site Request Forgery (CSRF) in AdRotate Banner Manager Plugin <= 5.9 on WordPress.
A cross-site request forgery (CSRF) vulnerability in Jenkins Assembla Auth Plugin 1.14 and earlier allows attackers to trick users into logging in to the attacker's account.
Cross-site request forgery (CSRF) vulnerability in exists in WTC-C1167GC-B v1.17 and earlier, and WTC-C1167GC-W v1.17 and earlier. If a user views a malicious page while logged in, unintended operations may be performed.
PNP4Nagios through 81ebfc5 lacks CSRF protection in the AJAX controller. This affects 0.6.26.
Cross-Site Request Forgery (CSRF) vulnerability in PressPage Entertainment Inc. Smarty for WordPress plugin <= 3.1.35 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Apa APA Register Newsletter Form allows SQL Injection.This issue affects APA Register Newsletter Form: from n/a through 1.0.0.
A cross site request forgery (CSRF) vulnerability was discovered in Ice Hrm 29.0.0.OS which allows attackers to create new admin accounts or change users' passwords.
Cross-Site Request Forgery (CSRF) vulnerability in Henrique Rodrigues SafetyForms allows Blind SQL Injection.This issue affects SafetyForms: from n/a through 1.0.0.
icingaweb2-module-incubator is a working project of bleeding edge Icinga Web 2 libraries. In affected versions the class `gipfl\Web\Form` is the base for various concrete form implementations [1] and provides protection against cross site request forgery (CSRF) by default. This is done by automatically adding an element with a CSRF token to any form, unless explicitly disabled, but even if enabled, the CSRF token (sent during a client's submission of a form relying on it) is not validated. This enables attackers to perform changes on behalf of a user which, unknowingly, interacts with a prepared link or website. The version 0.22.0 is available to remedy this issue. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Cross-Site Request Forgery (CSRF) vulnerability in Alain Gonzalez plugin <= 3.1.2 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Michael Tran Table of Contents Plus allows Cross Site Request Forgery.This issue affects Table of Contents Plus: from n/a through 2408.
Improper Control of Generation of Code ('Code Injection'), Cross-Site Request Forgery (CSRF), : Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.17. Users are recommended to upgrade to version 18.12.17, which fixes the issue.
Cross-Site Request Forgery (CSRF) vulnerability in Martin Gibson IdeaPush allows Cross Site Request Forgery.This issue affects IdeaPush: from n/a through 8.69.
Cross-Site Request Forgery (CSRF) vulnerability in WPWeb Social Auto Poster allows Cross Site Request Forgery.This issue affects Social Auto Poster: from n/a through 5.3.15.
Cross-Site Request Forgery (CSRF) vulnerability in OptiMonk OptiMonk: Popups, Personalization & A/B Testing plugin <= 2.0.4 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Bhaskar Dhote Back Link Tracker allows Blind SQL Injection.This issue affects Back Link Tracker: from n/a through 1.0.0.
Cross-site request forgery (CSRF) vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 allows remote attackers to hijack the authentication of privileged users for requests that process XACML requests via an entitlement/eval-policy-submit.jsp request.
Cross-Site Request Forgery (CSRF) vulnerability in David Pokorny Replace Word plugin <= 2.1 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Kemal YAZICI - PluginPress Shortcode IMDB plugin <= 6.0.8 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Infomaniak Staff VOD Infomaniak allows Cross Site Request Forgery.This issue affects VOD Infomaniak: from n/a through 1.5.7.
Cross-Site Request Forgery (CSRF) vulnerability in Noor Alam WordPress Image SEO allows Cross Site Request Forgery.This issue affects WordPress Image SEO: from n/a through 1.1.4.
Cross-Site Request Forgery (CSRF) vulnerability in Chetan Gole WP-CopyProtect [Protect your blog posts] plugin <= 3.1.0 versions.
A CSRF vulnerability in Pagekit 1.0.17 allows an attacker to upload an arbitrary file by removing the CSRF token from a request.
RPCMS v3.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add an administrator account.
Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force US LLC Schema Pro allows Cross Site Request Forgery.This issue affects Schema Pro: from n/a through 2.7.7.
A Cross Site Request Forgery (CSRF) vulnerability exists in the administrator functions in WebsiteBaker 2.8.1 and earlier due to inadequate confirmation for sensitive transactions.
Cross-site request forgery (CSRF) vulnerability in Mahara before 1.4.1 allows remote attackers to hijack the authentication of administrators for requests that add a user to an institution.
Cross-Site Request Forgery (CSRF) vulnerability in Alain Gonzalez WP RSS Images plugin <= 1.1 versions.
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Shipping Multiple Addresses plugin <= 3.8.5 versions.
OpenWRT firmware version 18.06.4 is vulnerable to CSRF via wireless/radio0.network1, wireless/radio1.network1, firewall, firewall/zones, firewall/forwards, firewall/rules, network/wan, network/wan6, or network/lan under /cgi-bin/luci/admin/network/.
Piwigo v14.5.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Edit album function.
Cross-Site Request Forgery (CSRF) vulnerability in Albert Peschar WebwinkelKeur plugin <= 3.24 versions.
Zoho ManageEngine ADSelfService Plus 5.x through 5803 has CSRF on the users' profile information page. Users who are attacked with this vulnerability will be forced to modify their enrolled information, such as email and mobile phone, unintentionally. Attackers could use the reset password function and control the system to send the authentication code back to the channel that the attackers own.
In FileCloud before 21.3, file upload is not protected against Cross-Site Request Forgery (CSRF).
Cross-Site Request Forgery (CSRF) in GitHub repository salesagility/suitecrm-core prior to 8.3.1.
Cross-Site Request Forgery (CSRF) vulnerability in Deepak Anand WP Dummy Content Generator plugin <= 2.3.0 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Media Library Helper plugin <= 1.2.0 versions.
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce AutomateWoo plugin <= 5.7.5 versions.