Total
7603 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-9421 | 1 Olevmedia | 1 Olevmedia Shortcodes | 2024-11-21 | 6.5 Medium |
| The olevmedia-shortcodes plugin before 1.1.9 for WordPress has CSRF with resultant XSS via the wp-admin/admin-ajax.php?action=omsc_popup id parameter. | ||||
| CVE-2015-9418 | 1 Kibokolabs | 1 Watupro | 2024-11-21 | 4.3 Medium |
| The Watu Pro plugin before 4.9.0.8 for WordPress has CSRF that allows an attacker to delete quizzes. | ||||
| CVE-2015-9417 | 1 Slidervilla | 1 Testimonial Slider | 2024-11-21 | 6.5 Medium |
| The testimonial-slider plugin through 1.2.1 for WordPress has CSRF with resultant XSS. | ||||
| CVE-2015-9413 | 1 Eshop Project | 1 Eshop | 2024-11-21 | 6.5 Medium |
| The eshop plugin through 6.3.13 for WordPress has CSRF with resultant XSS via the wp-admin/admin.php?page=eshop-downloads.php title parameter. | ||||
| CVE-2015-9409 | 1 Alo-easymail Project | 1 Alo-easymail | 2024-11-21 | 6.5 Medium |
| The alo-easymail plugin before 2.6.01 for WordPress has CSRF with resultant XSS in pages/alo-easymail-admin-options.php. | ||||
| CVE-2015-9408 | 1 Cyberseo | 1 Xpinner Lite | 2024-11-21 | 6.5 Medium |
| The xpinner-lite plugin through 2.2 for WordPress has wp-admin/options-general.php CSRF with resultant XSS. | ||||
| CVE-2015-9394 | 1 Usersultra | 1 Users Ultra Membership | 2024-11-21 | 8.8 High |
| The users-ultra plugin before 1.5.63 for WordPress has CSRF via action=package_add_new to wp-admin/admin-ajax.php. | ||||
| CVE-2015-9388 | 1 Mtouch Quiz Project | 1 Mtouch Quiz | 2024-11-21 | 6.5 Medium |
| The mtouch-quiz plugin before 3.1.3 for WordPress has wp-admin/edit.php CSRF with resultant XSS. | ||||
| CVE-2015-9387 | 1 Mtouch Quiz Project | 1 Mtouch Quiz | 2024-11-21 | 6.5 Medium |
| The mtouch-quiz plugin before 3.1.3 for WordPress has wp-admin/options-general.php CSRF. | ||||
| CVE-2015-9380 | 1 10web | 1 Photo Gallery | 2024-11-21 | N/A |
| The photo-gallery plugin before 1.2.42 for WordPress has CSRF. | ||||
| CVE-2015-9343 | 1 Impress | 1 Wp Rollback | 2024-11-21 | N/A |
| The wp-rollback plugin before 1.2.3 for WordPress has CSRF. | ||||
| CVE-2015-9332 | 1 Wordpress Uninstall Project | 1 Wordpress Uninstall | 2024-11-21 | N/A |
| The uninstall plugin before 1.2 for WordPress has CSRF to delete all tables via the wp-admin/admin-ajax.php?action=uninstall URI. | ||||
| CVE-2015-9322 | 1 Erident Custom Login And Dashboard Project | 1 Erident Custom Login And Dashboard | 2024-11-21 | N/A |
| The erident-custom-login-and-dashboard plugin before 3.5 for WordPress has CSRF. | ||||
| CVE-2015-9292 | 1 6kbbs | 1 6kbbs | 2024-11-21 | N/A |
| 6kbbs 7.1 and 8.0 allows CSRF via portalchannel_ajax.php (id or code parameter) or admin.php (fileids parameter). | ||||
| CVE-2015-9284 | 1 Omniauth | 1 Omniauth | 2024-11-21 | 8.8 High |
| The request phase of the OmniAuth Ruby gem (1.9.1 and earlier) is vulnerable to Cross-Site Request Forgery when used as part of the Ruby on Rails framework, allowing accounts to be connected without user intent, user interaction, or feedback to the user. This permits a secondary account to be able to sign into the web application as the primary account. | ||||
| CVE-2015-8536 | 1 Lenovo | 1 Solution Center | 2024-11-21 | 8.8 High |
| MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow cross-site request forgery. | ||||
| CVE-2015-7610 | 2 Synacor, Zimbra | 2 Zimbra Collaboration Suite, Zimbra Collaboration Suite | 2024-11-21 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the login form in Zimbra Collaboration Suite (aka ZCS) before 8.6.0 Patch 10, 8.7.x before 8.7.11 Patch 2, and 8.8.x before 8.8.8 Patch 1 allows remote attackers to hijack the authentication of unspecified victims by leveraging failure to use a CSRF token. | ||||
| CVE-2015-5686 | 1 Puppet | 1 Puppet Enterprise | 2024-11-21 | 8.8 High |
| Parts of the Puppet Enterprise Console 3.x were found to be susceptible to clickjacking and CSRF (Cross-Site Request Forgery) attacks. This would allow an attacker to redirect user input to an untrusted site or hijack a user session. | ||||
| CVE-2015-5595 | 1 Zenphoto | 1 Zenphoto | 2024-11-21 | 6.5 Medium |
| Cross-site request forgery (CSRF) vulnerability in admin.php in Zenphoto before 1.4.9 allows remote attackers to hijack the authentication of admin users for requests that may cause a denial of service (resource consumption). | ||||
| CVE-2015-5483 | 1 Private Only Project | 1 Private Only | 2024-11-21 | 8.8 High |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Private Only plugin 3.5.1 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) add users, (2) delete posts, or (3) modify PHP files via unspecified vectors, or (4) conduct cross-site scripting (XSS) attacks via the po_logo parameter in the privateonly.php page to wp-admin/options-general.php. | ||||