Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,308)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-54256 1Adobe 1Dreamweaver Sep 15, 2025 Sep 9, 2025 N/A· v4 8.6 HIGH· v3 N/A· v2 Dreamweaver Desktop versions 21.5 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue...Show more Dreamweaver Desktop versions 21.5 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must click on a malicious link, and scope is changed.Show less
CVE-2025-58997 - - Apr 23, 2026 Sep 9, 2025 N/A· v4 9.6 CRITICAL· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Frenify Mow mow allows Code Injection.This issue affects Mow: from n/a through <= 4.10.
CVE-2025-58991 - - Apr 28, 2026 Sep 9, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Cristiano Zanca WooCommerce Booking Bundle Hours allows Stored XSS. This issue affects WooCommerce Booking Bundle Hours: from n/a through 0.7.4.
CVE-2025-58975 - - Apr 23, 2026 Sep 9, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Helmut Wandl Advanced Settings advanced-settings allows Cross Site Request Forgery.This issue affects Advanced Settings: from n/a through <= 3.1.1.
CVE-2025-8711 1Ivanti 4Connect Secure Neurons For Secure AccessPolicy Secure+1 more Sep 24, 2025 Sep 9, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 CSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allo...Show more CSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote unauthenticated attacker to execute limited actions on behalf of the victim user. User interaction is required.Show less
CVE-2025-55147 1Ivanti 4Connect Secure Neurons For Secure AccessPolicy Secure+1 more Sep 24, 2025 Sep 9, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 CSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allo...Show more CSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote unauthenticated attacker to execute sensitive actions on behalf of the victim user. User interaction is requiredShow less
CVE-2025-42923 - - Sep 9, 2025 Sep 9, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Due to insufficient CSRF protection in SAP Fiori App Manage Work Center Groups, an authenticated user could be tricked by an attacker to send unintended request to the web server. This has low impact on integrity and no...Show more Due to insufficient CSRF protection in SAP Fiori App Manage Work Center Groups, an authenticated user could be tricked by an attacker to send unintended request to the web server. This has low impact on integrity and no impact on confidentiality and availability of the application.Show less
CVE-2024-48341 1Geeeeeeeek 1Dingfanzu Sep 18, 2025 Sep 8, 2025 N/A· v4 3.7 LOW· v3 N/A· v2 dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/doAdminAction.php?act=addShop
CVE-2025-48104 - - Apr 23, 2026 Sep 5, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in ericzane Floating Window Music Player floating-window-music-player allows Stored XSS.This issue affects Floating Window Music Player: from n/a through <= 3.4.2.
CVE-2025-27003 - - Apr 23, 2026 Sep 5, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in fullworks Quick Paypal Payments quick-paypal-payments allows Cross Site Request Forgery.This issue affects Quick Paypal Payments: from n/a through <= 5.7.46.
CVE-2025-58878 - - Apr 23, 2026 Sep 5, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in usamafarooq Woocommerce Gifts Product woo-gift-product allows Cross Site Request Forgery.This issue affects Woocommerce Gifts Product: from n/a through <= 1.0.0.
CVE-2025-58869 - - Apr 23, 2026 Sep 5, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Simasicher SimaCookie simasicher-dsgvo-cookie allows Stored XSS.This issue affects SimaCookie: from n/a through <= 1.3.2.
CVE-2025-58865 - - Apr 23, 2026 Sep 5, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in reimund Compact Admin compact-admin allows Cross Site Request Forgery.This issue affects Compact Admin: from n/a through <= 1.3.3.
CVE-2025-58861 - - Apr 23, 2026 Sep 5, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in WP Corner Quick Event Calendar quick-event-calendar allows Stored XSS.This issue affects Quick Event Calendar: from n/a through <= 1.4.9.
CVE-2025-58860 - - Apr 23, 2026 Sep 5, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in KaizenCoders Enable Latex enable-latex allows Stored XSS.This issue affects Enable Latex: from n/a through <= 1.2.16.
CVE-2025-58859 - - Apr 23, 2026 Sep 5, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in David Merinas Add to Feedly add-to-feedly allows Stored XSS.This issue affects Add to Feedly: from n/a through <= 1.2.11.
CVE-2025-58856 - - Apr 23, 2026 Sep 5, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in ablancodev Woocommerce Notify Updated Product woocommerce-notify-updated-product allows Stored XSS.This issue affects Woocommerce Notify Updated Product: from n/a throug...Show more Cross-Site Request Forgery (CSRF) vulnerability in ablancodev Woocommerce Notify Updated Product woocommerce-notify-updated-product allows Stored XSS.This issue affects Woocommerce Notify Updated Product: from n/a through <= 1.6.Show less
CVE-2025-58854 - - Apr 23, 2026 Sep 5, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Samer Bechara Ultimate AJAX Login ultimate-ajax-login allows Reflected XSS.This issue affects Ultimate AJAX Login: from n/a through <= 1.2.1.
CVE-2025-58853 - - Apr 23, 2026 Sep 5, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes Popping Sidebars and Widgets Light popping-sidebars-and-widgets-light allows Reflected XSS.This issue affects Popping Sidebars and Widgets Light: from n/a thro...Show more Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes Popping Sidebars and Widgets Light popping-sidebars-and-widgets-light allows Reflected XSS.This issue affects Popping Sidebars and Widgets Light: from n/a through <= 1.27.Show less
CVE-2025-58852 - - Apr 23, 2026 Sep 5, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Mark O'Donnell MSTW League Manager mstw-league-manager allows Stored XSS.This issue affects MSTW League Manager: from n/a through <= 2.10.

Previous 1...525354...466 Next