A vulnerability was found in Qidianbang qdbcrm 1.1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /user/edit?id=2 of the component Password Reset. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252032. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Cross-site request forgery (CSRF) vulnerability in DrayTek Vigor AP910C devices with firmware 1.2.0_RC3 build r6594 allows remote attackers to hijack the authentication of unspecified users for requests that enable SNMP on the remote device via vectors involving goform/setSnmp.
Cross-Site Request Forgery (CSRF) vulnerability in National Keep Cyber Security Services CyberMath allows Cross Site Request Forgery.This issue affects CyberMath: from v1.4 before v1.5.
The CommentTweets WordPress plugin through 0.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
A cross-site request forgery vulnerability in Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers to connect to an attacker-specified URL.
Cross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple Job Board.This issue affects Simple Job Board: from n/a through 2.10.6.
Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Easy PayPal & Stripe Buy Now Button.This issue affects Easy PayPal & Stripe Buy Now Button: from n/a through 1.8.1.
The WP Blogs' Planetarium WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /system/site/userconfig_updagte.
Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Mega – Absolute Addons For Elementor.This issue affects HT Mega – Absolute Addons For Elementor: from n/a through 2.3.3.
Cross-Site Request Forgery (CSRF) vulnerability in Averta Depicter Slider.This issue affects Depicter Slider: from n/a through 2.0.6.
Cross-Site Request Forgery (CSRF) vulnerability in Pixelemu TerraClassifieds.This issue affects TerraClassifieds: from n/a through 2.0.3.
Cross-Site Request Forgery (CSRF) vulnerability in Rise Themes Rise Blocks – A Complete Gutenberg Page Builder.This issue affects Rise Blocks – A Complete Gutenberg Page Builder: from n/a through 3.1.
Cross-Site Request Forgery (CSRF) vulnerability in Bright Plugins Block IPs for Gravity Forms.This issue affects Block IPs for Gravity Forms: from n/a through 1.0.1.
A cross-site request forgery (CSRF) in Fortinet FortiVoiceEnterprise version 6.4.x, 6.0.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.0 through 6.2.7, 6.0.x, FortiMail version 7.0.0 through 7.0.3, 6.4.0 through 6.4.6, 6.2.x, 6.0.x FortiRecorder version 6.4.0 through 6.4.2, 6.0.x, 2.7.x, 2.6.x, FortiNDR version 1.x.x allows a remote unauthenticated attacker to execute commands on the CLI via tricking an authenticated administrator to execute malicious GET requests.
The Autotitle for WordPress plugin through 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.
Cross-site request forgery (CSRF) vulnerability in Rebooter(WATCH BOOT nino RPC-M2C [End of Sale] all firmware versions, WATCH BOOT light RPC-M5C [End of Sale] all firmware versions, WATCH BOOT L-zero RPC-M4L [End of Sale] all firmware versions, WATCH BOOT mini RPC-M4H [End of Sale] all firmware versions, WATCH BOOT nino RPC-M2CS firmware version 1.00A to 1.00D, WATCH BOOT light RPC-M5CS firmware version 1.00A to 1.00D, WATCH BOOT L-zero RPC-M4LS firmware version 1.00A to 1.20A, and Signage Rebooter RPC-M4HSi firmware version 1.00A), PoE Rebooter(PoE BOOT nino PoE8M2 firmware version 1.00A to 1.20A), Scheduler(TIME BOOT mini RSC-MT4H [End of Sale] all firmware versions, TIME BOOT RSC-MT8F [End of Sale] all firmware versions, TIME BOOT RSC-MT8FP [End of Sale] all firmware versions, TIME BOOT mini RSC-MT4HS firmware version 1.00A to 1.10A, and TIME BOOT RSC-MT8FS firmware version 1.00A to 1.00E), and Contact Converter(POSE SE10-8A7B1 firmware version 1.00A to 1.20A) allows a remote attacker to hijack the authentication of an administrator and conduct arbitrary operations by having a user to view a specially crafted page.
Cross-Site Request Forgery (CSRF) vulnerability in Rocket Elements Split Test For Elementor.This issue affects Split Test For Elementor: from n/a through 1.6.9.
Cross-Site Request Forgery (CSRF) vulnerability in SysBasics Customize My Account for WooCommerce.This issue affects Customize My Account for WooCommerce: from n/a through 1.8.3.
A CSRF issue in /api/crontab on iRZ Mobile Routers through 2022-03-16 allows a threat actor to create a crontab entry in the router administration panel. The cronjob will consequently execute the entry on the threat actor's defined interval, leading to remote code execution, allowing the threat actor to gain filesystem access. In addition, if the router's default credentials aren't rotated or a threat actor discovers valid credentials, remote code execution can be achieved without user interaction.
A cross-site request forgery (CSRF) vulnerability in Jenkins JiraTestResultReporter Plugin 165.v817928553942 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials.
Cross Site Request Forgery (CSRF) vulnerability in WBW Product Table by WBW.This issue affects Product Table by WBW: from n/a through 1.8.6.
QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 was discovered to contain a DOM Based Reflected Cross Site Scripting (XSS) vulnerability within the component qnme-ajax?method=tree_level.
Cross-Site Request Forgery (CSRF) vulnerability in MailerLite MailerLite – WooCommerce integration.This issue affects MailerLite – WooCommerce integration: from n/a through 2.0.8.
A cross-site request forgery (CSRF) vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers to change the owners and item-specific permissions of a job.
Cross-Site Request Forgery (CSRF) vulnerability in Ovation S.R.L. Dynamic Content for Elementor.This issue affects Dynamic Content for Elementor: from n/a before 2.12.5.
USVN (aka User-friendly SVN) before 1.0.10 allows CSRF, related to the lack of the SameSite Strict feature.
Cross-Site Request Forgery (CSRF) vulnerability in wp.Insider, wpaffiliatemgr Affiliates Manager.This issue affects Affiliates Manager: from n/a through 2.9.31.
Cross-Site Request Forgery (CSRF) vulnerability in WPExpertsio New User Approve.This issue affects New User Approve: from n/a through 2.5.1.
Cross-Site Request Forgery (CSRF) vulnerability in ARI Soft ARI Stream Quiz.This issue affects ARI Stream Quiz: from n/a through 1.2.32.
Cross-Site Request Forgery (CSRF) vulnerability in Marios Alexandrou Republish Old Posts.This issue affects Republish Old Posts: from n/a through 1.21.
Cross-Site Request Forgery (CSRF) vulnerability in Awesome Support Team Awesome Support – WordPress HelpDesk & Support Plugin.This issue affects Awesome Support – WordPress HelpDesk & Support Plugin: from n/a through 6.1.5.
Cross-site request forgery (CSRF) vulnerability in 'MicroPayments - Paid Author Subscriptions, Content, Downloads, Membership' versions prior to 1.9.6 allows a remote unauthenticated attacker to hijack the authentication of an administrator and perform unintended operation via unspecified vectors.
FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component system/site/webconfig_updagte.
The Custom User CSS WordPress plugin through 0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.
Cross-Site Request Forgery (CSRF) vulnerability in RedNao WooCommerce PDF Invoice Builder.This issue affects WooCommerce PDF Invoice Builder: from n/a through 1.2.101.
Cross-Site Request Forgery (CSRF) vulnerability in СleanTalk - Anti-Spam Protection Spam protection, Anti-Spam, FireWall by CleanTalk.This issue affects Spam protection, Anti-Spam, FireWall by CleanTalk: from n/a through 6.20.
Cross-Site Request Forgery (CSRF) vulnerability in WhiteWP White Label – WordPress Custom Admin, Custom Login Page, and Custom Dashboard.This issue affects White Label – WordPress Custom Admin, Custom Login Page, and Custom Dashboard: from n/a through 2.9.0.
With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier the change_email form in UAA is vulnerable to a CSRF attack. This allows an attacker to trigger an e-mail change for a user logged into a cloud foundry instance via a malicious link on a attacker controlled site. This vulnerability is applicable only when using the UAA internal user store for authentication. Deployments enabled for integration via SAML or LDAP are not affected.
The WordPress Users WordPress plugin through 1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.
Cross-Site Request Forgery (CSRF) vulnerability in Apollo13Themes Apollo13 Framework Extensions.This issue affects Apollo13 Framework Extensions: from n/a through 1.9.1.
Pandora FMS v7.0NG.759 allows Cross-Site Request Forgery in Bulk operation (User operation) resulting in elevation of privilege to Administrator group.
An issue was discovered in Quadbase EspressReports ES 7 Update 9. It allows CSRF, whereby an attacker may be able to trick an authenticated admin level user into uploading malicious files to the web server.
Cross-Site Request Forgery (CSRF) vulnerability in InspireUI MStore API.This issue affects MStore API: from n/a through 4.10.1.
Cross-Site Request Forgery (CSRF) vulnerability in Basix NEX-Forms – Ultimate Form Builder – Contact forms and much more.This issue affects NEX-Forms – Ultimate Form Builder – Contact forms and much more: from n/a through 8.5.2.
Dedecms v5.7.112 was discovered to contain a Cross-Site Request Forgery (CSRF) in the file manager.
qdPM 9.2 allows Cross-Site Request Forgery (CSRF) via the index.php/myAccount/update URI.
Cross-Site Request Forgery (CSRF) vulnerability in Keywordrush Content Egg plugin <= 5.4.0 on WordPress.
Cross-Site Request Forgery (CSRF) vulnerability in WP Job Portal WP Job Portal – A Complete Job Board.This issue affects WP Job Portal – A Complete Job Board: from n/a through 2.0.6.
A vulnerability classified as problematic was found in Jahastech NxFilter 4.3.2.5. This vulnerability affects unknown code of the file /config,admin.jsp. The manipulation of the argument admin_name leads to cross-site request forgery. The attack can be initiated remotely. VDB-248266 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.