| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The facebook-by-weblizar plugin before 2.8.5 for WordPress has CSRF. |
| The insta-gallery plugin before 2.4.8 for WordPress has no nonce validation for qligg_dismiss_notice or qligg_form_item_delete. |
| The woo-address-book plugin before 1.6.0 for WordPress has save calls without nonce verification checks. |
| The handl-utm-grabber plugin before 2.6.5 for WordPress has CSRF via add_option and update_option. |
| The wp-members plugin before 3.2.8 for WordPress has CSRF. |
| The insert-or-embed-articulate-content-into-wordpress plugin before 4.29991 for WordPress has insufficient restrictions on deleting or renaming by a Subscriber. |
| The zoho-salesiq plugin before 1.0.9 for WordPress has CSRF. |
| Exposure of Private Information in Nextcloud Server 16.0.1 causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled. |
| Discourse 2.3.2 sends the CSRF token in the query string. |
| MyT Project Management 1.5.1 lacks CSRF protection and, for example, allows a user/create CSRF attack. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page. |
| openITCOCKPIT before 3.7.1 has CSRF, aka RVID 2-445b21. |
| The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has CSRF. |
| The cforms2 plugin before 15.0.2 for WordPress has CSRF related to the IP address field. |
| FUEL CMS 1.4.4 has CSRF in the blocks/create/ Create Blocks section of the Admin console. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page. |
| rpcapd/daemon.c in libpcap before 1.9.1 allows SSRF because a URL may be provided as a capture source. |
| In the OAuth2 Client extension before 0.4 for MediaWiki, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callback function. |
| iF.SVNAdmin through 1.6.2 allows svnadmin/usercreate.php CSRF to create a user. |
| An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503. |
| The peters-login-redirect plugin before 2.9.2 for WordPress has CSRF. |
| The formcraft-form-builder plugin before 1.2.2 for WordPress has CSRF. |
