Medium
CVE-2023-25443
Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Button Generator – easily Button Builder plugin <= 2.3.5 versions.
Tag: Cross-Site Request Forgery (CSRF)
All CVEs associated with "Cross-Site Request Forgery (CSRF)". Page 40/80 • 9570 CVEs.
Subscribe CVEs: RSS for “Cross-Site Request Forgery (CSRF)” · RSS (High+Critical only)
About “Cross-Site Request Forgery (CSRF)”
A curated feed of “Cross-Site Request Forgery (CSRF)”-related CVEs appears below. We currently track 9570 CVEs for this tag (all time). In the last 365 days, 1404 were published. Average CVSS is 6.4 (all time; 5.6 over 365d), and 37% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-352 - Cross-Site Request Forgery (CSRF), CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-862 - Missing Authorization.
In our taxonomy this topic maps to a MODERATE impact class. Common exploitation patterns for this weakness can lead to moderate. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2023-07-11
Medium
CVE-2023-24417
Cross-Site Request Forgery (CSRF) vulnerability in tiggersWelt.Net Worthy plugin <= 1.6.5-6497609 versions.
Medium
CVE-2023-35780
Cross-Site Request Forgery (CSRF) vulnerability in Andy Whalen Galleria plugin <= 1.0.3 versions.
Medium
CVE-2023-35778
Cross-Site Request Forgery (CSRF) vulnerability in Neha Goel Recent Posts Slider plugin <= 1.1 versions.
Medium
CVE-2023-35047
Cross-Site Request Forgery (CSRF) vulnerability in AREOI All Bootstrap Blocks plugin <= 1.3.6 versions.
Medium
CVE-2023-34185
Cross-Site Request Forgery (CSRF) vulnerability in John Brien WordPress NextGen GalleryView plugin <= 0.5.5 versions.
High
CVE-2023-23671
Cross-Site Request Forgery (CSRF) vulnerability in Muneeb Layer Slider plugin <= 1.1.9.7 versions.
Medium
CVE-2023-36687
Cross-Site Request Forgery (CSRF) vulnerability in Andrea Tarantini Menubar plugin <= 5.8.2 versions.
Medium
CVE-2023-37391
Cross-Site Request Forgery (CSRF) vulnerability in WPMobilePack.Com WordPress Mobile Pack – Mobile Plugin for Progressive Web Apps & Hybrid Mobile Apps plugin <= 3.4.1 versions.
Medium
CVE-2023-36693
Cross-Site Request Forgery (CSRF) vulnerability in Alain Gonzalez WP RSS Images plugin <= 1.1 versions.
High
CVE-2022-29561
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1…
Medium
CVE-2023-36517
Cross-Site Request Forgery (CSRF) vulnerability in Kevon Adonis WP Abstracts plugin <= 2.6.2 versions.
Medium
CVE-2023-35913
Cross-Site Request Forgery (CSRF) vulnerability in OOPSpam OOPSpam Anti-Spam plugin <= 1.1.44 versions.
Medium
CVE-2023-35774
Cross-Site Request Forgery (CSRF) vulnerability in LWS LWS Tools plugin <= 2.4.1 versions.
Medium
CVE-2023-34015
Cross-Site Request Forgery (CSRF) vulnerability in PI Websolution Conditional shipping & Advanced Flat rate shipping rates / Flexible shipping for WooCommerce shipping plugin <= 1.6.4.4 versions.
Medium
CVE-2023-35781
Cross-Site Request Forgery (CSRF) vulnerability in LWS Cleaner plugin <= 2.3.0 versions.
Medium
CVE-2023-25487
Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade PixTypes plugin <= 1.4.14 versions.
Medium
CVE-2023-25468
Cross-Site Request Forgery (CSRF) vulnerability in Reservation.Studio Reservation.Studio widget plugin <= 1.0.11 versions.
Medium
CVE-2023-25051
Cross-Site Request Forgery (CSRF) vulnerability in Denishua Comment Reply Notification plugin <= 1.4 versions.
Medium
CVE-2023-24421
Cross-Site Request Forgery (CSRF) vulnerability in WP Engine PHP Compatibility Checker plugin <= 1.5.2 versions.
Medium
CVE-2023-23997
Cross-Site Request Forgery (CSRF) vulnerability in Dave Jesch Database Collation Fix plugin <= 1.2.7 versions.
Medium
CVE-2023-23731
Cross-Site Request Forgery (CSRF) vulnerability in HasTheme WishSuite plugin <= 1.3.3 versions.
Medium
CVE-2023-23704
Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade Comments Ratings plugin <= 1.1.6 versions.
Medium
CVE-2022-45823
Cross-Site Request Forgery (CSRF) vulnerability in GalleryPlugins Video Contest WordPress plugin <= 3.2 versions.
Medium
CVE-2023-23803
Cross-Site Request Forgery (CSRF) vulnerability in HasThemes JustTables plugin <= 1.4.9 versions.
Medium
CVE-2023-23791
Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Menu plugin <= 1.2.1 versions.
Medium
CVE-2023-23792
Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Swatchly plugin <= 1.2.0 versions.
High
CVE-2023-2079
The "Buy Me a Coffee – Button and Widget Plugin" plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the recieve_post, bmc_disconnect, name_post, and w…
2023-07-10
Critical
CVE-2023-37277
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The REST API allows executing all actions via POST requests and accepts `text/plain`, `multipa…
Medium
CVE-2023-3579
A vulnerability, which was classified as problematic, has been found in HadSky 7.11.8. Affected by this issue is some unknown functionality of the component User Handler. The manipulation leads to cr…
Medium
CVE-2023-37392
Cross-Site Request Forgery (CSRF) vulnerability in Deepak Anand WP Dummy Content Generator plugin <= 2.3.0 versions.
Medium
CVE-2023-36691
Cross-Site Request Forgery (CSRF) vulnerability in Albert Peschar WebwinkelKeur plugin <= 3.24 versions.
Medium
CVE-2023-35912
Cross-Site Request Forgery (CSRF) vulnerability in WP Zone Potent Donations for WooCommerce plugin <= 1.1.9 versions.
Medium
CVE-2023-2495
The Greeklish-permalink WordPress plugin through 3.3 does not implement correct authorization or nonce checks in the cyrtrans_ajax_old AJAX action, allowing unauthenticated and low-privilege users to…
Medium
CVE-2023-28995
Cross-Site Request Forgery (CSRF) vulnerability in Keith Solomon Configurable Tag Cloud (CTC) plugin <= 5.2 versions.
Medium
CVE-2023-28989
Cross-Site Request Forgery (CSRF) vulnerability in weDevs Happy Addons for Elementor plugin <= 3.8.2 versions.
Medium
CVE-2023-28986
Cross-Site Request Forgery (CSRF) vulnerability in wp.Insider, wpaffiliatemgr Affiliates Manager plugin <= 2.9.20 versions.
Medium
CVE-2023-25478
Cross-Site Request Forgery (CSRF) vulnerability in Jason Rouet Weather Station plugin <= 3.8.12 versions.
Medium
CVE-2023-24405
Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Contact Form 7 – PayPal & Stripe Add-on plugin <= 1.9.3 versions.
Medium
CVE-2023-24395
Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Contact Form 7 Redirect & Thank You Page plugin <= 1.0.3 versions.
Medium
CVE-2023-23993
Cross-Site Request Forgery (CSRF) vulnerability in LionScripts.Com LionScripts: IP Blocker Lite plugin <= 11.1.1 versions.
Medium
CVE-2023-23897
Cross-Site Request Forgery (CSRF) vulnerability in Ozette Plugins Simple Mobile URL Redirect plugin <= 1.7.2 versions.
Medium
CVE-2023-23869
Cross-Site Request Forgery (CSRF) vulnerability in Amit Agarwal Google XML Sitemap for Mobile plugin <= 1.6.1 versions.
Medium
CVE-2023-23804
Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Feed plugin <= 1.2.7 versions.
Medium
CVE-2023-23787
Cross-Site Request Forgery (CSRF) vulnerability in Premmerce Premmerce Redirect Manager plugin <= 1.0.9 versions.
Medium
CVE-2023-22695
Cross-Site Request Forgery (CSRF) vulnerability in Hiroaki Miyashita Custom Field Template plugin <= 2.5.8 versions.
Medium
CVE-2023-22694
Cross-Site Request Forgery (CSRF) vulnerability in Arian Khosravi, Norik Davtian BigContact Contact Page plugin <= 1.5.8 versions.
Medium
CVE-2023-22673
Cross-Site Request Forgery (CSRF) vulnerability in MageNet Website Monetization by MageNet plugin <= 1.0.29.1 versions.
High
CVE-2023-1597
The tagDiv Cloud Library WordPress plugin before 2.7 does not have authorisation and CSRF in an AJAX action accessible to both unauthenticated and authenticated users, allowing unauthenticated users…
2023-07-07
Medium
CVE-2023-20180
A vulnerability in the web interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulne…
Medium
CVE-2023-36256
The Online Examination System Project 1.0 version is vulnerable to Cross-Site Request Forgery (CSRF) attacks. An attacker can craft a malicious link that, when clicked by an admin user, will delete a…
High
CVE-2023-25201
Cross Site Request Forgery (CSRF) vulnerability in MultiTech Conduit AP MTCAP2-L4E1 MTCAP2-L4E1-868-042A v.6.0.0 allows a remote attacker to execute arbitrary code via a crafted script upload.
High
CVE-2023-35120
PiiGAB M-Bus is vulnerable to cross-site request forgery. An attacker who wants to execute a certain command could send a phishing mail to the owner of the device and hope that the owner clicks on th…
2023-07-06
Medium
CVE-2023-37131
A Cross-Site Request Forgery (CSRF) in the component /public/admin/profile/update.html of YznCMS v1.1.0 allows attackers to arbitrarily change the Administrator password via a crafted POST request.
2023-07-05
Medium
CVE-2023-30607
icingaweb2-module-jira provides integration with Atlassian Jira. Starting in version 1.3.0 and prior to version 1.3.2, template and field configuration forms perform the deletion action before user i…
2023-07-03
High
CVE-2023-36162
Cross Site Request Forgery vulnerability in ZZCMS v.2023 and earlier allows a remote attacker to gain privileges via the add function in adminlist.php.
2023-07-01
Medium
CVE-2021-4405
The ElasticPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.3. This is due to missing or incorrect nonce validation on the epio_send_autosu…
Medium
CVE-2021-4404
The Event Espresso 4 Decaf plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.10.11. This is due to missing or incorrect nonce validation on the ajax…
Medium
CVE-2021-4403
The Remove Schema plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the validate() functi…
Medium
CVE-2021-4402
The Multiple Roles plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.1. This is due to missing or incorrect nonce validation on the mu_add_roles_i…
High
CVE-2021-4401
The Style Kits plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.0. This is due to missing or incorrect nonce validation on the update_posts_style…
Medium
CVE-2021-4400
The Better Search plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.2. This is due to missing or incorrect nonce validation on the bsearch_process…
Medium
CVE-2021-4399
The Edwiser Bridge plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including,2.0.6. This is due to missing or incorrect nonce validation on the user_data_synch…
Medium
CVE-2021-4398
The Amministrazione Trasparente plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 7.1. This is due to missing or incorrect nonce validation on the at…
Medium
CVE-2021-4397
The Staff Directory Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6. This is due to missing or incorrect nonce validation on the saveCust…
Medium
CVE-2021-4396
The Rucy plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.4.4. This is due to missing or incorrect nonce validation on the save_rc_post_meta() func…
Medium
CVE-2021-4395
The Abandoned Cart Recovery for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validat…
Medium
CVE-2020-36749
The Easy Testimonials plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6.1. This is due to missing or incorrect nonce validation on the saveCustomF…
Medium
CVE-2020-36748
The Dokan plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.8. This is due to missing or incorrect nonce validation on the handle_order_export() f…
Medium
CVE-2020-36747
The Lightweight Sidebar Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.4. This is due to missing or incorrect nonce validation on the m…
Medium
CVE-2020-36746
The Menu Swapper plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.0.2. This is due to missing or incorrect nonce validation on the mswp_save_meta…
Medium
CVE-2021-4394
The Locations plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.1. This is due to missing or incorrect nonce validation on the saveCustomFields()…
Medium
CVE-2021-4393
The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.17. This is due to missing or incorrect nonce…
Medium
CVE-2021-4392
The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.9.43. This is due to missing or incorrect nonce…
Medium
CVE-2021-4391
The Ultimate Gift Cards for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.1. This is due to missing or incorrect nonce validation…
Medium
CVE-2021-4390
The Contact Form 7 Style plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2. This is due to missing or incorrect nonce validation on the manage_wp_…
Medium
CVE-2021-4389
The WP Travel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.4.6. This is due to missing or incorrect nonce validation on the save_meta_data() fu…
Medium
CVE-2020-36745
The WP Project Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.0. This is due to missing or incorrect nonce validation on the do_updates…
Medium
CVE-2020-36744
The NotificationX plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.2. This is due to missing or incorrect nonce validation on the generate_conver…
Medium
CVE-2020-36743
The Product Catalog Simple plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.13. This is due to missing or incorrect nonce validation on the imple…
Medium
CVE-2020-36742
The Custom Field Template plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.1. This is due to missing or incorrect nonce validation on the edit_me…
Medium
CVE-2020-36741
The MultiVendorX plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.7. This is due to missing or incorrect nonce validation on the submit_comment()…
Medium
CVE-2020-36740
The Radio Buttons for Taxonomies plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.5. This is due to missing or incorrect nonce validation on the…
Medium
CVE-2021-4387
The Opal Estate plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.11. This is due to missing or incorrect nonce validation on the opalestate_set_f…
Medium
CVE-2021-4386
The WP Security Question plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.5. This is due to missing or incorrect nonce validation on the save() f…
Medium
CVE-2021-4385
The WP Private Content Plus plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1. This is due to missing or incorrect nonce validation on the save_gr…
Medium
CVE-2021-4384
The WordPress Photo Gallery – Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.6. This is due to missing or incorrect nonce validat…
Medium
CVE-2020-36739
The Feed Them Social – Page, Post, Video, and Photo Galleries plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.8.6. This is due to missing or incor…
Medium
CVE-2020-36738
The Cool Timeline (Horizontal & Vertical Timeline) plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.2. This is due to missing or incorrect nonce…
Medium
CVE-2020-36737
The Import / Export Customizer Settings plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation…
Medium
CVE-2020-36736
The WooCommerce Checkout & Funnel Builder by CartFlows plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.15. This is due to missing or incorrect n…
Medium
CVE-2020-36735
The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6…
2023-06-28
Medium
CVE-2023-3407
The Subscribe2 plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 10.40. This is due to missing or incorrect nonce validation when sending test emails.…
Medium
CVE-2023-3427
The Salon Booking System plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.4.6. This is due to missing or incorrect nonce validation on the 'save_cu…
2023-06-27
Medium
CVE-2020-18409
Cross Site Request Forgery (CSRF) vulnerability was discovered in CatfishCMS 4.8.63 that would allow attackers to obtain administrator permissions via /index.php/admin/index/modifymanage.html.
Medium
CVE-2020-18416
An cross site request forgery (CSRF) vulnerability discovered in Jymusic v2.0.0.,that allows attackers to execute arbitrary code via /admin.php?s=/addons/config.html&id=6 to modify payment informatio…
High
CVE-2020-18418
A Cross site request forgery (CSRF) vulnerability was discovered in FeiFeiCMS v4.1.190209, which allows attackers to create administrator accounts via /index.php?s=Admin-Admin-Insert.
Medium
CVE-2023-34839
A Cross Site Request Forgery (CSRF) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows a remote attacker to gain privileges via a Custom CSRF exploit to create new user function in the application.
High
CVE-2023-2842
The WP Inventory Manager WordPress plugin before 2.1.0.14 does not have CSRF checks, which could allow attackers to make logged-in admins delete Inventory Items via a CSRF attack
High
CVE-2023-2628
The KiviCare WordPress plugin before 3.2.1 does not have CSRF checks (either flawed or missing completely) in various AJAX actions, which could allow attackers to make logged in users perform unwante…
Medium
CVE-2023-2627
The KiviCare WordPress plugin before 3.2.1 does not have proper CSRF and authorisation checks in various AJAX actions, allowing any authenticated users, such as subscriber to call them. Attacks inclu…
Critical
CVE-2023-2601
The wpbrutalai WordPress plugin before 2.0.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin via CSRF.
Medium
CVE-2023-2326
The Gravity Forms Google Sheet Connector WordPress plugin before 1.3.5, gsheetconnector-gravityforms-pro WordPress plugin through 1.3.5 does not have CSRF check when updating its Access Code, which c…
Medium
CVE-2023-3411
The Image Map Pro – Drag-and-drop Builder for Interactive Images – Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.0. This is due to missin…
2023-06-23
High
CVE-2023-36345
A Cross-Site Request Forgery (CSRF) in POS Codekop v2.0 allows attackers to escalate privileges.
High
CVE-2023-35157
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to perform an XSS by forging a request to a delete attachment action with a spec…
2023-06-22
Medium
CVE-2023-34028
Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional plugin <= 1.0.7 versions.
Medium
CVE-2023-34927
Casdoor v1.331.0 and below was discovered to contain a Cross-Site Request Forgery (CSRF) in the endpoint /api/set-password. This vulnerability allows attackers to arbitrarily change the victim user's…
High
CVE-2023-32960
Cross-Site Request Forgery (CSRF) vulnerability in UpdraftPlus.Com, DavidAnderson UpdraftPlus WordPress Backup Plugin <= 1.23.3 versions leads to sitewide Cross-Site Scripting (XSS).
Medium
CVE-2023-35917
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce PayPal Payments plugin <= 2.0.4 versions.
High
CVE-2023-23795
Cross-Site Request Forgery (CSRF) vulnerability in Muneeb Form Builder plugin <= 1.9.9.0 versions.
2023-06-21
High
CVE-2022-3372
There is a CSRF vulnerability on Netman-204 version 02.05. An attacker could manage to change administrator passwords through a Cross Site Request Forgery due to the lack of proper validation on the…
2023-06-20
High
CVE-2023-2533
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in PaperCut NG/MF, which, under specific conditions, could potentially enable an attacker to alter security settings or execute a…
High
CVE-2020-21366
Cross Site Request Forgery vulnerability in GreenCMS v.2.3 allows an attacker to gain privileges via the adduser function of index.php.
High
CVE-2020-21252
Cross Site Request Forgery vulnerability in Neeke HongCMS 3.0.0 allows a remote attacker to execute arbitrary code and escalate privileges via the updateusers parameter.
High
CVE-2020-20726
Cross Site Request Forgery vulnerability in Gila GilaCMS v.1.11.4 allows a remote attacker to execute arbitrary code via the cm/update_rows/user parameter.
Medium
CVE-2020-20502
Cross Site Request Forgery found in yzCMS v.2.0 allows a remote attacker to execute arbitrary code via the token check function.
Medium
CVE-2023-3320
The WP Sticky Social plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing nonce validation in the ~/admin/views/admin.php…
2023-06-19
Medium
CVE-2023-34373
Cross-Site Request Forgery (CSRF) vulnerability in Dylan James Zephyr Project Manager plugin <= 3.3.93 versions.
2023-06-15
High
CVE-2023-27634
Cross-Site Request Forgery (CSRF) vulnerability allows arbitrary file upload in Shingo Intrepidity plugin <= 1.5.1 versions.