The WP Lead Plus X plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.99. This is due to missing or incorrect nonce validation on several functions. T
PHP-SHOP 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to add administrative users by crafting malicious HTML forms. Attackers can trick authenticated a
Redaxo CMS 5.2 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by tricking authenticated administrators into visiting m
The Simple add pages or posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.0. This is due to missing or incorrect nonce validation. This m
The Resource Library for Logged In Users plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing nonce validation on multiple
A Cross-Site Request Forgery (CSRF) in the /mwapi?method=add-user component of Magewell Pro Convert v1.2.213 allows attackers to arbitrarily create accounts via a crafted GET request.
Snews CMS 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials without authentication by crafting malicious HTML forms. Attackers can trick
The User Generator and Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.2.2. This is due to missing nonce validation in the "Import Using CSV
A Cross-Site Request Forgery (CSRF) in the /usapi?method=add-user component of Magewell Pro Convert v1.2.213 allows attackers to arbitrarily create accounts via a crafted GET request.
Medical Informatics Engineering Enterprise Health has a cross site request forgery vulnerability that allows an unauthenticated attacker to trick administrative users into clicking a crafted URL and p
A Cross-Site Request Forgery (CSRF) vulnerability in the SourceCodester Client Database Management System 1.0 allows an attacker to cause an authenticated administrative user to perform user deletion
The Peer Publish plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the website management pages. Th
The web application is not protected against cross-site request forgery attacks. Therefore, an attacker can trick users into performing actions on the application when they visit an attacker-controlle
P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages
Cross-site request forgery (CSRF) vulnerability in multiple Alps System Integration products and the OEM products allow a remote unauthenticated attacker to hijack the authentication of the user and t
Devolo dLAN 500 AV Wireless+ 3.1.0-1 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft
AVE DOMINAplus 1.10.x contains cross-site request forgery and cross-site scripting vulnerabilities that allow attackers to perform administrative actions without user consent. Attackers can craft mali
Cross-site request forgery vulnerability exists in Web Caster V130 versions 1.08 and earlier. If a logged-in user views a malicious page created by an attacker, the settings of the product may be unin
The Peter’s Custom Anti-Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.3. This is due to missing nonce validation on the cas_register_p
Next Click Ventures RealtyScript 4.0.2 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create unauthorized user accounts and administrative users by crafti