CWE-352

CVE-2022-2762

February 23, 2023 by godfreyd94

The AdminPad WordPress plugin before 2.2 does not have CSRF check when updating admin’s note, allowing attackers to make a logged in admin update their notes via a CSRF attack

CVE-2022-27340

February 23, 2023 by godfreyd94

MCMS v5.2.7 contains a Cross-Site Request Forgery (CSRF) via /role/saveOrUpdateRole.do. This vulnerability allows attackers to escalate privileges and modify data.

CVE-2022-27374

February 23, 2023 by godfreyd94

Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via the function sub_42E328 at /goform/SysToolReboot.

CVE-2022-27375

February 23, 2023 by godfreyd94

Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via the function sub_422168 at /goform/WifiExtraSet.

CVE-2022-27432

February 23, 2023 by godfreyd94

A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attackers to change the password of any given user by exploiting this feature leading to account takeover.

Cross-site request forgery (CSRF) vulnerability in Easy Blog for EC-CUBE4 Ver.1.0.1 and earlier allows a remote unauthenticated attacker to hijack the authentication of the administrator and delete a blog article or a category via a specially crafted page.