Total
7649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-38342 | 1 Kylephillips | 1 Nested Pages | 2024-11-21 | 4.3 MEDIUM | 8.1 HIGH |
| The Nested Pages WordPress plugin <= 3.1.15 was vulnerable to Cross-Site Request Forgery via the `npBulkAction`s and `npBulkEdit` `admin_post` actions, which allowed attackers to trash or permanently purge arbitrary posts as well as changing their status, reassigning their ownership, and editing other metadata. | |||||
| CVE-2021-37725 | 2 Arubanetworks, Siemens | 4 Arubaos, Sd-wan, Scalance W1750d and 1 more | 2024-11-21 | 8.8 HIGH | 8.1 HIGH |
| A remote cross-site request forgery (csrf) vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.8.0.1, 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.15. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability. | |||||
| CVE-2021-37381 | 1 Southsoft | 1 Graduate Management Information System | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Southsoft GMIS 5.0 is vulnerable to CSRF attacks. Attackers can access other users' private information such as photos through CSRF. For example: any student's photo information can be accessed through /gmis/(S([1]))/student/grgl/PotoImageShow/?bh=[2]. Among them, the code in [1] is a random string generated according to the user's login related information. It can protect the user's identity, but it can not effectively prevent unauthorized access. The code in [2] is the student number of any student. The attacker can carry out CSRF attack on the system by modifying [2] without modifying [1]. | |||||
| CVE-2021-37366 | 1 Ctparental Project | 1 Ctparental | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| CTparental before 4.45.03 is vulnerable to cross-site request forgery (CSRF) in the CTparental admin panel. By combining CSRF with XSS, an attacker can trick the administrator into clicking a link that cancels the filtering for all standard users. | |||||
| CVE-2021-37201 | 1 Siemens | 1 Sinec Network Management System | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1). The web interface of affected devices is vulnerable to a Cross-Site Request Forgery (CSRF) attack. This could allow an attacker to manipulate the SINEC NMS configuration by tricking an unsuspecting user with administrative privileges to click on a malicious link. | |||||
| CVE-2021-36915 | 1 Cozmoslabs | 1 Profile Builder | 2024-11-21 | N/A | 4.2 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile Builder plugin <= 3.6.0 at WordPress allows uploading the JSON file and updating the options. Requires Import and Export add-on. | |||||
| CVE-2021-36914 | 1 Claderaform | 1 Calderawp License Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability leading to Reflected Cross-Site Scripting (XSS) in CalderaWP License Manager (WordPress plugin) <= 1.2.11. | |||||
| CVE-2021-36908 | 1 Webfactoryltd | 1 Wp Reset Pro | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in WebFactory Ltd. WP Reset PRO plugin <= 5.98 versions. | |||||
| CVE-2021-36891 | 1 Supsystic | 1 Photo Gallery | 2024-11-21 | 4.3 MEDIUM | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Photo Gallery by Supsystic plugin <= 1.15.5 at WordPress allows changing the plugin settings. | |||||
| CVE-2021-36890 | 1 Supsystic | 1 Social Share Buttons | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Social Share Buttons by Supsystic plugin <= 2.2.2 at WordPress. | |||||
| CVE-2021-36887 | 1 Tarteaucitron.js - Cookies Legislation \& Gdpr Project | 1 Tarteaucitron.js - Cookies Legislation \& Gdpr | 2024-11-21 | 6.8 MEDIUM | 6.1 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS) discovered in tarteaucitron.js – Cookies legislation & GDPR WordPress plugin (versions <= 1.5.4), vulnerable parameters "tarteaucitronEmail" and "tarteaucitronPass". | |||||
| CVE-2021-36886 | 1 Ciphercoin | 1 Contact Form 7 Database Addon | 2024-11-21 | 6.8 MEDIUM | 6.5 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability discovered in Contact Form 7 Database Addon – CFDB7 WordPress plugin (versions <= 1.2.5.9). | |||||
| CVE-2021-36878 | 1 Stylemixthemes | 1 Ulisting | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing plugin (versions <= 2.0.5) makes it possible for attackers to update settings. | |||||
| CVE-2021-36877 | 1 Stylemixthemes | 1 Ulisting | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing plugin (versions <= 2.0.5) makes it possible for attackers to modify user roles. | |||||
| CVE-2021-36876 | 1 Stylemixthemes | 1 Ulisting | 2024-11-21 | 6.8 MEDIUM | 5.4 MEDIUM |
| Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in WordPress uListing plugin (versions <= 2.0.5) as it lacks CSRF checks on plugin administration pages. | |||||
| CVE-2021-36861 | 1 Starfish | 1 Rich Review | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Rich Reviews by Starfish plugin <= 1.9.14 at WordPress allows an attacker to delete reviews. | |||||
| CVE-2021-36855 | 1 Bookingultrapro | 1 Booking Ultra Pro Appointments Booking Calendar | 2024-11-21 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in Booking Ultra Pro plugin <= 1.1.4 at WordPress. | |||||
| CVE-2021-36854 | 1 Bookingultrapro | 1 Booking Ultra Pro Appointments Booking Calendar | 2024-11-21 | N/A | 5.4 MEDIUM |
| Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Booking Ultra Pro plugin <= 1.1.4 at WordPress. | |||||
| CVE-2021-36852 | 1 Thimpress | 1 Wp Hotel Booking | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Hotel Booking plugin <= 1.10.5 at WordPress. | |||||
| CVE-2021-36850 | 1 Meowapps | 1 Media File Renamer - Auto \& Manual Rename | 2024-11-21 | 4.3 MEDIUM | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in WordPress Media File Renamer – Auto & Manual Rename plugin (versions <= 5.1.9). Affected parameters "post_title", "filename", "lock". This allows changing the uploaded media title, media file name, and media locking state. | |||||