Total
8514 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-18607 | 1 Theme-fusion | 1 Avada | 2024-11-21 | 8.8 High |
| The avada theme before 5.1.5 for WordPress has CSRF. | ||||
| CVE-2017-18569 | 1 Mythemeshop | 1 My Wp Translate | 2024-11-21 | N/A |
| The my-wp-translate plugin before 1.0.4 for WordPress has CSRF. | ||||
| CVE-2017-18547 | 1 Neliosoftware | 1 Nelio Ab Testing | 2024-11-21 | N/A |
| The nelio-ab-testing plugin before 4.6.4 for WordPress has CSRF in experiment forms. | ||||
| CVE-2017-18546 | 1 Jayj Quicktag Project | 1 Jayj Quicktag | 2024-11-21 | N/A |
| The jayj-quicktag plugin before 1.3.2 for WordPress has CSRF. | ||||
| CVE-2017-18544 | 1 Invite Anyone Project | 1 Invite Anyone | 2024-11-21 | N/A |
| The invite-anyone plugin before 1.3.16 for WordPress has admin-panel CSRF. | ||||
| CVE-2017-18523 | 1 Eelv Newsletter Project | 1 Eelv Newsletter | 2024-11-21 | N/A |
| The eelv-newsletter plugin before 4.6.1 for WordPress has CSRF in the address book. | ||||
| CVE-2017-18521 | 1 Wp-kama | 1 Democracy Poll | 2024-11-21 | N/A |
| The democracy-poll plugin before 5.4 for WordPress has CSRF via wp-admin/options-general.php?page=democracy-poll&subpage=l10n. | ||||
| CVE-2017-18513 | 1 Expresstech | 1 Responsive Menu | 2024-11-21 | N/A |
| The responsive-menu plugin before 3.1.4 for WordPress has no CSRF protection mechanism for the admin interface. | ||||
| CVE-2017-18512 | 1 Supsystic | 1 Newsletter By Supsystic | 2024-11-21 | N/A |
| The newsletter-by-supsystic plugin before 1.1.8 for WordPress has CSRF. | ||||
| CVE-2017-18511 | 1 Wpmudev | 1 Custom Sidebars | 2024-11-21 | N/A |
| The custom-sidebars plugin before 3.0.8.1 for WordPress has CSRF. | ||||
| CVE-2017-18510 | 1 Wpmudev | 1 Custom Sidebars | 2024-11-21 | N/A |
| The custom-sidebars plugin before 3.1.0 for WordPress has CSRF related to set location, import actions, and export actions. | ||||
| CVE-2017-18504 | 1 Wpdeveloper | 1 Twitter Cards Meta | 2024-11-21 | N/A |
| The twitter-cards-meta plugin before 2.5.0 for WordPress has CSRF. | ||||
| CVE-2017-18485 | 1 Elementalpath | 2 Cognitoys Dino, Cognitoys Dino Firmware | 2024-11-21 | N/A |
| Cognitoys Dino devices allow profiles_add.html CSRF. | ||||
| CVE-2017-18366 | 1 Intelliants | 1 Subrion Cms | 2024-11-21 | N/A |
| Subrion CMS 4.1.5 has CSRF in blog/delete/. | ||||
| CVE-2017-18107 | 1 Atlassian | 1 Crowd | 2024-11-21 | 6.5 Medium |
| Various resources in the Crowd Demo application of Atlassian Crowd before version 3.1.1 allow remote attackers to modify add, modify and delete users & groups via a Cross-site request forgery (CSRF) vulnerability. Please be aware that the Demo application is not enabled by default. | ||||
| CVE-2017-18080 | 1 Atlassian | 1 Bamboo | 2024-11-21 | N/A |
| The saveConfigureSecurity resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify security settings via a Cross-site request forgery (CSRF) vulnerability. | ||||
| CVE-2017-18042 | 1 Atlassian | 1 Bamboo | 2024-11-21 | N/A |
| The update user administration resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify user data including passwords via a Cross-site request forgery (CSRF) vulnerability. | ||||
| CVE-2017-18033 | 1 Atlassian | 1 Jira | 2024-11-21 | N/A |
| The Jira-importers-plugin in Atlassian Jira before version 7.6.1 allows remote attackers to create new projects and abort an executing external system import via various Cross-site request forgery (CSRF) vulnerabilities. | ||||
| CVE-2017-17835 | 1 Apache | 1 Airflow | 2024-11-21 | N/A |
| In Apache Airflow 1.8.2 and earlier, a CSRF vulnerability allowed for a remote command injection on a default install of Airflow. | ||||
| CVE-2017-17550 | 1 Zyxel | 2 Zywall Usg 100, Zywall Usg 100 Firmware | 2024-11-21 | N/A |
| ZyXEL ZyWALL USG 2.12 AQQ.2 and 3.30 AQQ.7 devices are affected by a CSRF vulnerability via a cgi-bin/zysh-cgi cmd action to add a user account. This account's access could, for example, subsequently be used for stored XSS. | ||||