Cross-Site Request Forgery (CSRF) vulnerability in Etoile Web Design Front End Users plugin <= 3.2.24 versions.
Cross-site request forgery (CSRF) vulnerability in HTML5 Maps 1.6.5.6 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
Certain NETGEAR devices are affected by CSRF. This affects D1500 before 1.0.0.25, D500 before 1.0.0.25, D6100 before 1.0.0.55, D7000 before 1.0.1.50, D7800 before 1.0.1.28, EX6100v2 before 1.0.1.60, EX6150v2 before 1.0.1.60, JNR1010v2 before 1.1.0.46, JR6150 before 1.0.1.16, JWNR2010v5 before 1.1.0.46, PR2000 before 1.0.0.18, R6020 before 1.0.0.26, R6050 before 1.0.1.16, R6080 before 1.0.0.26, R6100 before 1.0.1.20, R6220 before 1.1.0.60, R7500 before 1.0.0.118, R7500v2 before 1.0.3.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WN3000RPv3 before 1.0.2.50, WN3100RPv2 before 1.0.0.40, WNDR3700v5 before 1.1.0.48, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.46, WNR2000v5 before 1.0.0.62, WNR2020 before 1.1.0.46, and WNR2050 before 1.1.0.46.
Cross-Site Request Forgery (CSRF) vulnerability in Krzysztof Wielogórski Stop Referrer Spam plugin <= 1.3.0 versions.
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. CSRF can occur if CORS is enabled.
The avada theme before 5.1.5 for WordPress has CSRF.
Cross-Site Request Forgery (CSRF) vulnerability in Creative Themes HQ Blocksy.This issue affects Blocksy: from n/a through 2.0.22.
Cross-Site Request Forgery (CSRF) vulnerability in WP Inventory Manager plugin <= 2.1.0.13 versions.
The WordPress Menu Plugin — Superfly Responsive Menu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0.29. This is due to missing or incorrect nonce validation on the ajax_handle_delete_icons() function. This makes it possible for unauthenticated attackers to delete arbitrary files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Please not the CSRF was patched in 5.0.28, however, adequate directory traversal protection wasn't introduced until 5.0.30.
IBM QRadar User Behavior Analytics 4.1.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 202168.
Cross-Site Request Forgery (CSRF) vulnerability in WPDeveloper Essential Addons for Elementor Pro.This issue affects Essential Addons for Elementor Pro: from n/a through 5.4.8.
Cross-Site Request Forgery (CSRF) vulnerability in Criss Swaim TPG Redirect plugin <= 1.0.7 versions.
MFScripts YetiShare 3.5.2 through 4.5.3 does not set the SameSite flag on session cookies, allowing the cookie to be sent in cross-site requests and potentially be used in cross-site request forgery attacks.
Cross-Site Request Forgery (CSRF) vulnerability in xtemos WoodMart - Multipurpose WooCommerce Theme <= 7.1.1 versions.
An issue was discovered in Mattermost Server before 5.12.0, 5.11.1, 5.10.2, 5.9.2, and 4.10.10. The login page allows CSRF.
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Product Recommendations plugin <= 2.3.0 versions.
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Product Add-Ons plugin <= 6.1.3 versions.
Cross-site request forgery (CSRF) vulnerability in Custom Body Class 0.6.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
Cross-Site Request Forgery (CSRF) vulnerability in Himanshu Parashar Google Site Verification plugin using Meta Tag.This issue affects Google Site Verification plugin using Meta Tag: from n/a through 1.2.
Cross-Site Request Forgery (CSRF) vulnerability in Sybre Waaijer Pro Mime Types – Manage file media types plugin <= 1.0.7 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Web_Trendy WP Custom Cursors | WordPress Cursor Plugin plugin < 3.2 versions.
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 209399.
Cross Site Request Forgery (CSRF) in Simple-Log v1.6 allows remote attackers to gain privilege and execute arbitrary code via the component "Simple-Log/admin/admin.php?act=act_add_member".
snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)
Cross-site request forgery (CSRF) vulnerability in Custom CSS Pro 1.0.3 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
Cross-site request forgery (CSRF) vulnerability in Online Lesson Booking 0.8.6 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
Cross-Site Request Forgery (CSRF) vulnerability in Benedict B., Maciej Gryniuk Hyphenator plugin <= 5.1.5 versions.
Cross-Site Request Forgery (CSRF) vulnerability in LOKALYZE CALL ME NOW plugin <= 3.0 versions.
IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 214210.
Cross-Site Request Forgery (CSRF) vulnerability in cleverplugins.Com SEO Booster.This issue affects SEO Booster: from n/a through 3.8.9.
Southsoft GMIS 5.0 is vulnerable to CSRF attacks. Attackers can access other users' private information such as photos through CSRF. For example: any student's photo information can be accessed through /gmis/(S([1]))/student/grgl/PotoImageShow/?bh=[2]. Among them, the code in [1] is a random string generated according to the user's login related information. It can protect the user's identity, but it can not effectively prevent unauthorized access. The code in [2] is the student number of any student. The attacker can carry out CSRF attack on the system by modifying [2] without modifying [1].
Cross-Site Request Forgery (CSRF) vulnerability in Prashant Walke WP All Backup plugin <= 2.4.3 versions.
Cross-Site Request Forgery (CSRF) vulnerability in WP Reactions, LLC WP Reactions Lite plugin <= 1.3.8 versions.
The POST SMTP Mailer WordPress plugin before 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the manage_postman_smtp capability resend an email to an arbitrary address (for example a password reset email could be resent to an attacker controlled email, and allow them to take over an account).
Cross-site request forgery (CSRF) vulnerability in WP Spell Check 7.1.9 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin <= 6.0.9.0 versions.
Cross-site request forgery (CSRF) vulnerability in WordPress Ultra Simple Paypal Shopping Cart v4.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
Cross-site request forgery (CSRF) vulnerability in the persona_xsrf_token function in persona.module in the Mozilla Persona module 7.x-1.x before 7.x-1.11 for Drupal allows remote attackers to hijack the authentication of aribitrary users via a security token that is not a string data type.
Cross-site request forgery (CSRF) vulnerability in Opsview before 4.4.1 and Opsview Core before 20130522 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via unspecified vectors.
Cross-Site Request Forgery (CSRF) vulnerability in BRANDbrilliance Post State Tags plugin <= 2.0.6 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Kainex Wise Chat.This issue affects Wise Chat: from n/a through 3.1.3.
Cross-Site Request Forgery (CSRF) vulnerability in ShortPixel ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization plugin <= 3.7.1 versions.
Cross-site request forgery (CSRF) vulnerability in Smart Forms 2.6.15 and earlier allows remote attackers to hijack the authentication of administrators via a specially crafted page.
Cross-Site Request Forgery (CSRF) vulnerability in Arul Prasad J Publish Confirm Message plugin <= 1.3.1 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Designs & Code Forget About Shortcode Buttons plugin <= 2.1.2 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Palasthotel by Edward Bock, Katharina Rompf Sunny Search plugin <= 1.0.2 versions.
Cross-Site Request Forgery (CSRF) vulnerability in E4J s.R.L. VikBooking Hotel Booking Engine & PMS plugin <= 1.6.1 versions.
Cross-site request forgery (CSRF) vulnerability in Cisco Linksys WRT110 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors.
Cross-Site Request Forgery (CSRF) vulnerability in Daniel Powney Multi Rating plugin <= 5.0.6 versions.
Repetier Server through 1.4.10 does not have CSRF protection.