Total
7595 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-2039 | 1 Acobot Live Chat \& Contact Form Project | 1 Acobot Live Chat \& Contact Form | 2025-04-12 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Acobot Live Chat & Contact Form plugin 2.0 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings or (2) conduct cross-site scripting (XSS) attacks via the acobot_token parameter in the acobot page to wp-admin/options-general.php. | |||||
| CVE-2014-9394 | 1 Pwgrandom Project | 1 Pwgrandom | 2025-04-12 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the PWGRandom plugin 1.11 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) pwgrandom_title or (2) pwgrandom_category parameter in the pwgrandom page to wp-admin/options-general.php. | |||||
| CVE-2014-5335 | 1 Innovaphone | 1 Innovaphone Pbx | 2025-04-12 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in innovaphone PBX 10.00 sr11 and earlier allow remote attackers to hijack the authentication of administrators for requests that modify configurations or user accounts, as demonstrated by (1) changing the administrator password via a crafted request to CMD0/mod_cmd.xml or (2) adding a new SIP user via a crafted request to PBX0/ADMIN/mod_cmd_login.xml. | |||||
| CVE-2016-1167 | 1 Aterm | 2 Wg300hp, Wg300hp Firmware | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability on NEC Aterm WG300HP devices allows remote attackers to hijack the authentication of arbitrary users. | |||||
| CVE-2016-6635 | 1 Wordpress | 1 Wordpress | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in the wp_ajax_wp_compression_test function in wp-admin/includes/ajax-actions.php in WordPress before 4.5 allows remote attackers to hijack the authentication of administrators for requests that change the script compression option. | |||||
| CVE-2014-9368 | 1 Twitterdash Project | 1 Twitterdash | 2025-04-12 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the twitterDash plugin 2.1 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the username_twitterDash parameter in the twitterDash.php page to wp-admin/options-general.php. | |||||
| CVE-2015-8152 | 1 Symantec | 1 Endpoint Protection Manager | 2025-04-12 | 8.5 HIGH | 8.0 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to hijack the authentication of administrators for requests that execute arbitrary code by adding lines to a logging script. | |||||
| CVE-2014-9129 | 1 Cminds | 1 Cm Download Manager | 2025-04-12 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the CreativeMinds CM Downloads Manager plugin before 2.0.7 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the addons_title parameter in the CMDM_admin_settings page to wp-admin/admin.php. | |||||
| CVE-2014-8073 | 1 Openmrs | 1 Openmrs | 2025-04-12 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in OpenMRS 2.1 Standalone Edition allows remote attackers to hijack the authentication of administrators for requests that add a new user via a Save User action to admin/users/user.form. | |||||
| CVE-2013-2706 | 2 Rodrigo Polo, Wordpress | 2 Stream Video Player, Wordpress | 2025-04-12 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Stream Video Player plugin 1.4.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors. | |||||
| CVE-2015-7366 | 1 Revive-adserver | 1 Revive Adserver | 2025-04-12 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Revive Adserver before 3.2.2 allow remote attackers to hijack the authentication of users for requests that (1) perform certain plugin actions and possibly cause a denial of service (disabled core plugins) via unknown vectors or (2) change the contact name and language or possibly have unspecified other impact via a crafted POST request to an account-user-*.php script. | |||||
| CVE-2015-5991 | 1 Philippine Long Distance Telephone | 4 Kasda Kw58293, Kasda Kw58293 Firmware, Speedsurf 504an and 1 more | 2025-04-12 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in form2WlanSetup.cgi on Philippine Long Distance Telephone (PLDT) SpeedSurf 504AN devices with firmware GAN9.8U26-4-TX-R6B018-PH.EN and Kasda KW58293 devices allows remote attackers to hijack the authentication of administrators for requests that perform setup operations, as demonstrated by modifying network settings. | |||||
| CVE-2014-9398 | 1 Twitter Liveblog Project | 1 Twitter Liveblog | 2025-04-12 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Twitter LiveBlog plugin 1.1.2 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the mashtlb_twitter_username parameter in the twitter-liveblog.php page to wp-admin/options-general.php. | |||||
| CVE-2016-2884 | 1 Ibm | 1 Forms Experience Builder | 2025-04-12 | 6.0 MEDIUM | 8.0 HIGH |
| Cross-site request forgery (CSRF) vulnerability in IBM Forms Experience Builder 8.5.x and 8.6.x before 8.6.3.1, in an unspecified non-default configuration, allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. | |||||
| CVE-2015-4362 | 1 Tracking Code Project | 1 Tracking Code | 2025-04-12 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in tracking_code.admin.inc in the Tracking Code module 7.x-1.x before 7.x-1.6 for Drupal allows remote attackers to hijack the authentication of administrators for requests that disable tracking codes via unspecified vectors. | |||||
| CVE-2013-3257 | 1 Zemanta | 1 Related Posts | 2025-04-12 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Related Posts plugin before 2.7.2 for WordPress allows remote attackers to hijack the authentication of users for requests that modify settings via unspecified vectors. | |||||
| CVE-2015-3624 | 1 Ektron | 1 Ektron Content Management System | 2025-04-12 | 5.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Test/WorkArea/DmsMenu/menuActions/MenuActions.aspx in Ektron Content Management System (CMS) before 9.10 SP1 (Build 9.1.0.184.1.120) allows remote attackers to hijack the authentication of content administrators for requests that delete content via a delete action. | |||||
| CVE-2015-4360 | 1 Registration Codes Project | 1 Registration Codes | 2025-04-12 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Registration codes module before 6.x-1.6, 6.x-2.x before 6.x-2.8, and 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete role-rules via unspecified vectors. | |||||
| CVE-2014-3881 | 1 Intercom | 1 Web Kyukincho | 2025-04-12 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Intercom Web Kyukincho 3.x before 3.0.030 allows remote attackers to hijack the authentication of arbitrary users. | |||||
| CVE-2012-4921 | 1 Dvs Custom Notification Project | 1 Dvs Custom Notification | 2025-04-12 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the DVS Custom Notification plugin 1.0.1 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change application settings or (2) conduct cross-site scripting (XSS) attacks. | |||||