• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-352

CVE-2020-36504

February 26, 2023 by

The WP-Pro-Quiz WordPress plugin through 0.37 does not have CSRF check in place when deleting a quiz, which could allow an attacker to make a logged in admin delete arbitrary quiz on the blog

CVE-2020-36505

February 26, 2023 by

The Delete All Comments Easily WordPress plugin through 1.3 is lacking Cross-Site Request Forgery (CSRF) checks, which could result in an unauthenticated attacker making a logged in admin delete all comments from the blog.

CVE-2020-36334

February 26, 2023 by

themegrill-demo-importer before 1.6.3 allows CSRF, as demonstrated by wiping the database.

CVE-2020-36389

February 26, 2023 by

In CiviCRM before 5.28.1 and CiviCRM ESR before 5.27.5 ESR, the CKEditor configuration form allows CSRF.

CVE-2020-36283

February 26, 2023 by

HID OMNIKEY 5427 and OMNIKEY 5127 readers are vulnerable to CSRF when using the EEM driver (Ethernet Emulation Mode). By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to upload a configuration file to the device. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.

CVE-2020-36247

February 26, 2023 by

Open OnDemand before 1.5.7 and 1.6.x before 1.6.22 allows CSRF.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 119
  • Go to page 120
  • Go to page 121
  • Go to page 122
  • Go to page 123
  • Interim pages omitted …
  • Go to page 424
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE