Total
6084 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-15781 | 1 Weblizar | 1 Social Likebox \& Feed | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The facebook-by-weblizar plugin before 2.8.5 for WordPress has CSRF. | |||||
| CVE-2019-15779 | 1 Quadlayers | 1 Wp Social Feed Gallery | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The insta-gallery plugin before 2.4.8 for WordPress has no nonce validation for qligg_dismiss_notice or qligg_form_item_delete. | |||||
| CVE-2019-15770 | 1 Hallme | 1 Woocommerce Address Book | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The woo-address-book plugin before 1.6.0 for WordPress has save calls without nonce verification checks. | |||||
| CVE-2019-15769 | 1 Haktansuren | 1 Handl Utm Grabber | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The handl-utm-grabber plugin before 2.6.5 for WordPress has CSRF via add_option and update_option. | |||||
| CVE-2019-15660 | 1 Butlerblog | 1 Wp-members | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The wp-members plugin before 3.2.8 for WordPress has CSRF. | |||||
| CVE-2019-15648 | 1 Elearningfreak | 1 Insert Or Embed Articulate Content | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
| The insert-or-embed-articulate-content-into-wordpress plugin before 4.29991 for WordPress has insufficient restrictions on deleting or renaming by a Subscriber. | |||||
| CVE-2019-15645 | 1 Zoho | 1 Salesiq | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The zoho-salesiq plugin before 1.0.9 for WordPress has CSRF. | |||||
| CVE-2019-15515 | 1 Discourse | 1 Discourse | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Discourse 2.3.2 sends the CSRF token in the query string. | |||||
| CVE-2019-15496 | 1 Manageyourteam | 1 Myt Project Management | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| MyT Project Management 1.5.1 lacks CSRF protection and, for example, allows a user/create CSRF attack. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page. | |||||
| CVE-2019-15491 | 1 It-novum | 1 Openitcockpit | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| openITCOCKPIT before 3.7.1 has CSRF, aka RVID 2-445b21. | |||||
| CVE-2019-15329 | 1 Codection | 1 Import Users From Csv With Meta | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has CSRF. | |||||
| CVE-2019-15238 | 1 Cformsii Project | 1 Cformsii | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The cforms2 plugin before 15.0.2 for WordPress has CSRF related to the IP address field. | |||||
| CVE-2019-15229 | 1 Thedaylightstudio | 1 Fuel Cms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| FUEL CMS 1.4.4 has CSRF in the blocks/create/ Create Blocks section of the Admin console. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page. | |||||
| CVE-2019-15150 | 1 Schine.games | 1 Mw-oauth2client | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| In the OAuth2 Client extension before 0.4 for MediaWiki, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callback function. | |||||
| CVE-2019-15128 | 1 If.svnadmin Project | 1 If.svnadmin | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| iF.SVNAdmin through 1.6.2 allows svnadmin/usercreate.php CSRF to create a user. | |||||
| CVE-2019-15115 | 1 Profilepress | 1 Loginwp | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The peters-login-redirect plugin before 2.9.2 for WordPress has CSRF. | |||||
| CVE-2019-15114 | 1 Ncrafts | 1 Formcraft | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The formcraft-form-builder plugin before 1.2.2 for WordPress has CSRF. | |||||
| CVE-2019-15113 | 1 Codeermeneer | 1 Companion Sitemap Generator | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The companion-sitemap-generator plugin before 3.7.0 for WordPress has CSRF. | |||||
| CVE-2019-15089 | 1 Prise | 1 Adas | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in PRiSE adAS 1.7.0. Forms have no CSRF protection, letting an attacker execute actions as the administrator. | |||||
| CVE-2019-15062 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 6.0 MEDIUM | 8.0 HIGH |
| An issue was discovered in Dolibarr 11.0.0-alpha. A user can store an IFRAME element (containing a user/card.php CSRF request) in his Linked Files settings page. When visited by the admin, this could completely take over the admin account. (The protection mechanism for CSRF is to check the Referer header; however, because the attack is from one of the application's own settings pages, this mechanism is bypassed.) | |||||