The church-admin plugin before 1.2550 for WordPress has CSRF affecting the upload of a bible reading plan.
CWE-352
CVE-2018-20972
The companion-auto-update plugin before 3.2.1 for WordPress has CSRF.
CVE-2018-20974
The js-jobs plugin before 1.0.7 for WordPress has CSRF.
CVE-2018-20872
DrayTek routers before 2018-05-23 allow CSRF attacks to change DNS or DHCP settings, a related issue to CVE-2017-11649.
CVE-2018-20848
Advisto PEEL SHOPPING 9.0.0 has CSRF via en/achat/caddie_ajout.php and en/achat/caddie_affichage.php, as demonstrated by an XSS payload in the couleurId[0] parameter to the latter.
CVE-2018-20816
An XSS combined with CSRF vulnerability discovered in SalesAgility SuiteCRM 7.x before 7.8.24 and 7.10.x before 7.10.11 leads to cookie stealing, aka session hijacking. This issue affects the “add dashboard pages” feature where users can receive a malicious attack through a phished URL, with script executed.