The admin-renamer-extended (aka Admin renamer extended) plugin 3.2.1 for WordPress allows wp-admin/plugins.php?page=admin-renamer-extended/admin.php CSRF.
CWE-352
CVE-2019-14681
The Deny All Firewall plugin before 1.1.7 for WordPress allows wp-admin/options-general.php?page=daf_settings&daf_remove=true CSRF.
CVE-2019-14682
The acf-better-search (aka ACF: Better Search) plugin before 3.3.1 for WordPress allows wp-admin/options-general.php?page=acfbs_admin_page CSRF.
CVE-2019-14683
The codection “Import users from CSV with meta” plugin before 1.14.2.2 for WordPress allows wp-admin/admin-ajax.php?action=acui_delete_attachment CSRF.
CVE-2019-14703
A CSRF issue was discovered in webparam?user&action=set¶m=add in HTTPD on MicroDigital N-series cameras with firmware through 6400.0.8.5 to create an admin account.
CVE-2019-14551
Das Q before 2019-08-02 allows web sites to execute arbitrary code on client machines, as demonstrated by a cross-origin /install request with an attacker-controlled releaseUrl, which triggers download and execution of code within a ZIP archive.