Total
7956 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-0920 | 1 Banner Effect Header Project | 1 Banner Effect Header | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Banner Effect Header plugin 1.2.6 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the banner_effect_email parameter in the BannerEffectOptions page to wp-admin/options-general.php. | ||||
| CVE-2015-0905 | 1 Bblog Project | 1 Bblog | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in bBlog allows remote attackers to hijack the authentication of arbitrary users. | ||||
| CVE-2015-0807 | 2 Mozilla, Redhat | 4 Firefox, Firefox Esr, Thunderbird and 1 more | 2025-04-12 | N/A |
| The navigator.sendBeacon implementation in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 processes HTTP 30x status codes for redirects after a preflight request has occurred, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site, a similar issue to CVE-2014-8638. | ||||
| CVE-2015-0542 | 1 Emc | 1 Rsa Archer Egrc | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in EMC RSA Archer GRC 5.5 SP1 before P3 allow remote attackers to hijack the authentication of arbitrary users. | ||||
| CVE-2015-0541 | 1 Rsa | 1 Web Threat Detection | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in EMC RSA Web Threat Detection before 5.1 allows remote attackers to hijack the authentication of arbitrary users. | ||||
| CVE-2012-4921 | 1 Dvs Custom Notification Project | 1 Dvs Custom Notification | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the DVS Custom Notification plugin 1.0.1 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change application settings or (2) conduct cross-site scripting (XSS) attacks. | ||||
| CVE-2015-3367 | 1 Patterns | 1 Patterns | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Patterns module before 7.x-2.2 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) restore, (2) publish, or (3) unpublish a pattern via unspecified vectors. | ||||
| CVE-2015-3363 | 1 Joshics | 1 Contact Form Fields | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Contact Form Fields module before 6.x-2.3 for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete fields via unspecified vectors. | ||||
| CVE-2015-0145 | 1 Ibm | 1 Openpages Grc Platform | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. | ||||
| CVE-2015-3354 | 1 Wishlist Project | 1 Wishlist | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Wishlist module before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that delete wishlist purchase intentions via unspecified vectors. | ||||
| CVE-2015-3352 | 1 Jammer Project | 1 Jammer | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Jammer module before 6.x-1.8 and 7.x-1.x before 7.x-1.4 for Drupal allow remote attackers to hijack the authentication of administrators for requests that delete a setting for (1) hidden form elements or (2) status messages via unspecified vectors, related to "report administration." | ||||
| CVE-2014-9587 | 1 Roundcube | 1 Webmail | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Roundcube Webmail before 1.0.4 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, related to (1) address book operations or the (2) ACL or (3) Managesieve plugins. | ||||
| CVE-2014-9525 | 1 Timed Popup Project | 1 Timed Popup | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Timed Popup (wp-timed-popup) plugin 1.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or (2) conduct cross-site scripting (XSS) attacks via the sc_popup_subtitle parameter in the wp-popup.php page to wp-admin/options-general.php. | ||||
| CVE-2014-9524 | 1 Facebook Like Box Project | 1 Facebook Like Box | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Facebook Like Box (cardoza-facebook-like-box) plugin before 2.8.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or conduct cross-site scripting (XSS) attacks via the (2) frm_title, (3) frm_url, (4) frm_border_color, (5) frm_width, or (6) frm_height parameter in the slug_for_fb_like_box page to wp-admin/admin.php. | ||||
| CVE-2015-3351 | 1 Log Watcher Project | 1 Log Watcher | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Log Watcher module before 6.x-1.2 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable, (2) disable, or (3) delete a report via unspecified vectors. | ||||
| CVE-2014-9510 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the administration console in TP-Link TL-WR840N (V1) router with firmware before 3.13.27 build 141120 allows remote attackers to hijack the authentication of administrators for requests that change router settings via a configuration file import. | ||||
| CVE-2014-9460 | 1 Justin Klein | 1 Wp-vipergb | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the WP-ViperGB plugin before 1.3.11 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or conduct cross-site scripting (XSS) attacks via the (2) vgb_page or (3) vgb_items_per_pg parameter in the wp-vipergb page to wp-admin/options-general.php. | ||||
| CVE-2015-3350 | 1 Todo Filter Project | 1 Todo Filter | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Todo Filter module before 6.x-1.1 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that toggle a task via unspecified vectors. | ||||
| CVE-2014-9454 | 1 Simple Sticky Footer Project | 1 Simple Sticky Footer | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Simple Sticky Footer plugin before 1.3.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or conduct cross-site scripting (XSS) attacks via the (2) simple_sf_width or (3) simple_sf_style parameter in the simple-simple-sticky-footer page to wp-admin/themes.php. | ||||
| CVE-2015-3349 | 1 Htaccess Project | 1 Htaccess | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Htaccess module before 7.x-2.3 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) deploy or (2) delete an .htaccess file via unspecified vectors. | ||||