#csrf

Cross-Site Request Forgery (CSRF) vulnerability in Keywordrush Content Egg plugin <= 5.4.0 on WordPress.

Cross-Site Request Forgery (CSRF) vulnerability in a3rev Software Page View Count plugin <= 2.5.5 on WordPress allows an attacker to reset the plugin settings.

CandidATS version 3.0.0 allows an external attacker to elevate privileges in the application. This is possible because the application suffers from CSRF. This allows to persuade an administrator to create a new account with administrative permissions.

A vulnerability has been found in phpipam and classified as problematic. Affected by this vulnerability is an unknown functionality of the file app/admin/import-export/import-load-data.php of the component Import Preview Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.5.0 is able to address this issue. The name of the patch is 22c797c3583001211fe7d31bccd3f1d4aeeb3bbc. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-212863.

The application was vulnerable to Cross-Site Request Forgery (CSRF) attacks, allowing an attacker to coerce users into sending malicious requests to the site to delete their account, or in rare circumstances, hijack their account and create other admin accounts.

ProcessWire v3.0.200 was discovered to contain a Cross-Site Request Forgery (CSRF).

The Automatic User Roles Switcher WordPress plugin before 1.1.2 does not have authorisation and proper CSRF checks, allowing any authenticated users like subscriber to add any role to themselves, such as administrator

A vulnerability, which was classified as problematic, was found in easyii CMS. Affected is an unknown function of the file /admin/sign/out. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. VDB-212502 is the identifier assigned to this vulnerability.

ProcessWire v3.0.200 was discovered to contain a Cross-Site Request Forgery (CSRF).

A Cross-Site Request Forgery (CSRF) in dzzoffice 2.02.1_SC_UTF8 allows attackers to arbitrarily create user accounts and grant Administrator rights to regular users.