Cross-site request forgery (CSRF) vulnerability in GROWI v3.4.6 and earlier allows remote attackers to hijack the authentication of administrators via updating user’s ‘Basic Info’.
CWE-352
CVE-2019-5971
Cross-site request forgery (CSRF) vulnerability in Attendance Manager 0.5.6 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
CVE-2019-5973
Cross-site request forgery (CSRF) vulnerability in Online Lesson Booking 0.8.6 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
CVE-2019-5974
Cross-site request forgery (CSRF) vulnerability in Contest Gallery versions prior to 10.4.5 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
CVE-2019-5979
Cross-site request forgery (CSRF) vulnerability in Personalized WooCommerce Cart Page 2.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
CVE-2019-5980
Cross-site request forgery (CSRF) vulnerability in Related YouTube Videos versions prior to 1.9.9 allows remote attackers to hijack the authentication of administrators via unspecified vectors.