Total
8615 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-36740 | 1 Radio Buttons For Taxonomies Project | 1 Radio Buttons For Taxonomies | 2024-11-21 | 4.3 Medium |
| The Radio Buttons for Taxonomies plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.5. This is due to missing or incorrect nonce validation on the save_single_term() function. This makes it possible for unauthenticated attackers to save terms via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2020-36633 | 1 Moodle-block Sitenews Project | 1 Moodle-block Sitenews | 2024-11-21 | 4.3 Medium |
| A vulnerability was found in moodle-block_sitenews 1.0. It has been classified as problematic. This affects the function get_content of the file block_sitenews.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 1.1 is able to address this issue. The name of the patch is cd18d8b1afe464ae6626832496f4e070bac4c58f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216879. | ||||
| CVE-2020-36625 | 1 Destiny | 1 Chat | 2024-11-21 | 4.3 Medium |
| A vulnerability was found in destiny.gg chat. It has been rated as problematic. This issue affects the function websocket.Upgrader of the file main.go. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The name of the patch is bebd256fc3063111fb4503ca25e005ebf6e73780. It is recommended to apply a patch to fix this issue. The identifier VDB-216521 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2020-36505 | 1 Delete All Comments Easily Project | 1 Delete All Comments Easily | 2024-11-21 | 6.5 Medium |
| The Delete All Comments Easily WordPress plugin through 1.3 is lacking Cross-Site Request Forgery (CSRF) checks, which could result in an unauthenticated attacker making a logged in admin delete all comments from the blog. | ||||
| CVE-2020-36504 | 1 Wp-pro-quiz Project | 1 Wp-pro-quiz | 2024-11-21 | 6.5 Medium |
| The WP-Pro-Quiz WordPress plugin through 0.37 does not have CSRF check in place when deleting a quiz, which could allow an attacker to make a logged in admin delete arbitrary quiz on the blog | ||||
| CVE-2020-36389 | 1 Civicrm | 1 Civicrm | 2024-11-21 | 4.3 Medium |
| In CiviCRM before 5.28.1 and CiviCRM ESR before 5.27.5 ESR, the CKEditor configuration form allows CSRF. | ||||
| CVE-2020-36334 | 1 Themegrill | 1 Themegrill Demo Importer | 2024-11-21 | 8.8 High |
| themegrill-demo-importer before 1.6.3 allows CSRF, as demonstrated by wiping the database. | ||||
| CVE-2020-36283 | 1 Hidglobal | 4 Omnikey 5127, Omnikey 5127 Firmware, Omnikey 5427 and 1 more | 2024-11-21 | 9.6 Critical |
| HID OMNIKEY 5427 and OMNIKEY 5127 readers are vulnerable to CSRF when using the EEM driver (Ethernet Emulation Mode). By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to upload a configuration file to the device. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities. | ||||
| CVE-2020-36247 | 1 Osc | 1 Open Ondemand | 2024-11-21 | 8.8 High |
| Open OnDemand before 1.5.7 and 1.6.x before 1.6.22 allows CSRF. | ||||
| CVE-2020-36191 | 1 Jupyter | 1 Jupyterhub | 2024-11-21 | 4.5 Medium |
| JupyterHub 1.1.0 allows CSRF in the admin panel via a request that lacks an _xsrf field, as demonstrated by a /hub/api/user request (to add or remove a user account). | ||||
| CVE-2020-36174 | 1 Ninjaforms | 1 Ninja Forms | 2024-11-21 | 6.5 Medium |
| The Ninja Forms plugin before 3.4.27.1 for WordPress allows CSRF via services integration. | ||||
| CVE-2020-36140 | 1 Bloofox | 1 Bloofoxcms | 2024-11-21 | 6.5 Medium |
| BloofoxCMS 0.5.2.1 allows Cross-Site Request Forgery (CSRF) via 'mode=settings&page=editor', as demonstrated by use of 'mode=settings&page=editor' to change any file content (Locally/Remotely). | ||||
| CVE-2020-35972 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | 4.3 Medium |
| An issue was discovered in YzmCMS V5.8. There is a CSRF vulnerability that can add member user accounts via member/member/add.html. | ||||
| CVE-2020-35950 | 1 Xcloner | 1 Xcloner | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the XCloner Backup and Restore plugin before 4.2.153 for WordPress. It allows CSRF (via almost any endpoint). | ||||
| CVE-2020-35944 | 1 Pagelayer | 1 Pagelayer | 2024-11-21 | 8.8 High |
| An issue was discovered in the PageLayer plugin before 1.1.2 for WordPress. The pagelayer_settings_page function is vulnerable to CSRF, which can lead to XSS. | ||||
| CVE-2020-35943 | 1 Imagely | 1 Nextgen Gallery | 2024-11-21 | 6.5 Medium |
| A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugin before 3.5.0 for WordPress allows File Upload. (It is possible to bypass CSRF protection by simply not including a nonce parameter.) | ||||
| CVE-2020-35942 | 1 Imagely | 1 Nextgen Gallery | 2024-11-21 | 8.8 High |
| A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugin before 3.5.0 for WordPress allows File Upload and Local File Inclusion via settings modification, leading to Remote Code Execution and XSS. (It is possible to bypass CSRF protection by simply not including a nonce parameter.) | ||||
| CVE-2020-35778 | 1 Netgear | 4 Gs716t, Gs716t Firmware, Gs724t and 1 more | 2024-11-21 | 4.3 Medium |
| Certain NETGEAR devices are affected by CSRF. This affects GS716Tv3 before 6.3.1.36 and GS724Tv4 before 6.3.1.36. | ||||
| CVE-2020-35773 | 1 Freehtmldesigns | 1 Site Offline | 2024-11-21 | 8.8 High |
| The site-offline plugin before 1.4.4 for WordPress lacks certain wp_create_nonce and wp_verify_nonce calls, aka CSRF. | ||||
| CVE-2020-35759 | 1 Bloofox | 1 Bloofoxcms | 2024-11-21 | 6.5 Medium |
| bloofoxCMS 0.5.2.1 is infected with a CSRF Attack that leads to an attacker editing any file content (Locally/Remotely). | ||||