• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-352

CVE-2020-36174

February 26, 2023 by

The Ninja Forms plugin before 3.4.27.1 for WordPress allows CSRF via services integration.

CVE-2020-36191

February 26, 2023 by

JupyterHub 1.1.0 allows CSRF in the admin panel via a request that lacks an _xsrf field, as demonstrated by a /hub/api/user request (to add or remove a user account).

CVE-2020-36140

February 26, 2023 by

BloofoxCMS 0.5.2.1 allows Cross-Site Request Forgery (CSRF) via ‘mode=settings&page=editor’, as demonstrated by use of ‘mode=settings&page=editor’ to change any file content (Locally/Remotely).

CVE-2020-35950

February 26, 2023 by

An issue was discovered in the XCloner Backup and Restore plugin before 4.2.153 for WordPress. It allows CSRF (via almost any endpoint).

CVE-2020-35972

February 26, 2023 by

An issue was discovered in YzmCMS V5.8. There is a CSRF vulnerability that can add member user accounts via member/member/add.html.

CVE-2020-35942

February 26, 2023 by

A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugin before 3.5.0 for WordPress allows File Upload and Local File Inclusion via settings modification, leading to Remote Code Execution and XSS. (It is possible to bypass CSRF protection by simply not including a nonce parameter.)

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 120
  • Go to page 121
  • Go to page 122
  • Go to page 123
  • Go to page 124
  • Interim pages omitted …
  • Go to page 424
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE