Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,308)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-58792 - - Apr 23, 2026 Sep 5, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in WPKube Authors List authors-list allows Cross Site Request Forgery.This issue affects Authors List: from n/a through <= 2.0.6.2.
CVE-2025-9616 - - Sep 4, 2025 Sep 4, 2025 N/A· v4 5.3 MEDIUM· v3 N/A· v2 The PopAd plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on the PopAd_reset_cookie_time function. This m...Show more The PopAd plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on the PopAd_reset_cookie_time function. This makes it possible for unauthenticated attackers to reset cookie time settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2025-20326 1Cisco 1Unified Communications Manager Sep 10, 2025 Sep 3, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) Software and Cisco Unified CM Session Management Edition (SME) Software could allow an unauthenticated, remote at...Show more A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) Software and Cisco Unified CM Session Management Edition (SME) Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user.Show less
CVE-2025-58611 - - Apr 23, 2026 Sep 3, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Tickera Tickera tickera-event-ticketing-system allows Cross Site Request Forgery.This issue affects Tickera: from n/a through <= 3.5.5.6.
CVE-2025-58272 - - Sep 4, 2025 Sep 3, 2025 2.0 LOW· v4 3.7 LOW· v3 N/A· v2 Cross-site request forgery vulnerability exists in Web Caster V130 versions 1.08 and earlier. If a logged-in user views a malicious page created by an attacker, the settings of the product may be unintentionally changed.
CVE-2025-0610 - - Jun 6, 2026 Sep 1, 2025 N/A· v4 8.6 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Akınsoft QR Menü allows Cross Site Request Forgery. This issue affects QR Menü: from s1.05.06 before v1.05.12.
CVE-2025-9747 1Benjaminjonard 1Koillection Apr 29, 2026 Aug 31, 2025 2.1 LOW· v4 8.8 HIGH· v3 5.0 MEDIUM· v2 A vulnerability has been found in Koillection up to 1.6.18. Affected is an unknown function of the file assets/controllers/csrf_protection_controller.js. Such manipulation leads to cross-site request forgery. The attack...Show more A vulnerability has been found in Koillection up to 1.6.18. Affected is an unknown function of the file assets/controllers/csrf_protection_controller.js. Such manipulation leads to cross-site request forgery. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.7.0 is able to address this issue. The name of the patch is 9ab8562d3f1e953da93fed63f9ee802c7ea26a9a. It is suggested to upgrade the affected component. The vendor explains: "I ended up switching to a newer CSRF handling using stateless token."Show less
CVE-2025-9618 - - Sep 2, 2025 Aug 30, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Related Posts Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12. This is due to missing or incorrect nonce validation on the settings update functionalit...Show more The Related Posts Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12. This is due to missing or incorrect nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to modify plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2025-9374 - - Aug 29, 2025 Aug 29, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Ultimate Tag Warrior Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on a function. This makes...Show more The Ultimate Tag Warrior Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to import tags granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2025-48363 - - Apr 23, 2026 Aug 28, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Metin Saraç Popup for CF7 with Sweet Alert cf7-sweet-alert-popup allows Cross Site Request Forgery.This issue affects Popup for CF7 with Sweet Alert: from n/a through <=...Show more Cross-Site Request Forgery (CSRF) vulnerability in Metin Saraç Popup for CF7 with Sweet Alert cf7-sweet-alert-popup allows Cross Site Request Forgery.This issue affects Popup for CF7 with Sweet Alert: from n/a through <= 1.6.5.Show less
CVE-2025-48362 - - Apr 23, 2026 Aug 28, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Saeed Sattar Beglou Hesabfa Accounting hesabfa-accounting allows Cross Site Request Forgery.This issue affects Hesabfa Accounting: from n/a through <= 2.2.5.
CVE-2025-48359 - - Apr 23, 2026 Aug 28, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in thaihavnn07 ATT YouTube Widget att-youtube allows Stored XSS.This issue affects ATT YouTube Widget: from n/a through <= 1.0.
CVE-2025-48357 - - Apr 23, 2026 Aug 28, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Theme Century Century ToolKit century-toolkit allows Cross Site Request Forgery.This issue affects Century ToolKit: from n/a through <= 1.2.1.
CVE-2025-48353 - - Apr 23, 2026 Aug 28, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in dactum Clickbank WordPress Plugin (Niche Storefront) clickbank-niche-storefronts allows Stored XSS.This issue affects Clickbank WordPress Plugin (Niche Storefront): from...Show more Cross-Site Request Forgery (CSRF) vulnerability in dactum Clickbank WordPress Plugin (Niche Storefront) clickbank-niche-storefronts allows Stored XSS.This issue affects Clickbank WordPress Plugin (Niche Storefront): from n/a through <= 1.3.5.Show less
CVE-2025-48351 - - Apr 23, 2026 Aug 28, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in PluginsPoint Kento Splash Screen kento-splash-screen allows Stored XSS.This issue affects Kento Splash Screen: from n/a through <= 1.4.
CVE-2025-48343 - - Apr 23, 2026 Aug 28, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Aaron Axelsen WPMU Ldap Authentication wpmuldap allows Stored XSS.This issue affects WPMU Ldap Authentication: from n/a through <= 5.0.1.
CVE-2025-48325 - - Apr 23, 2026 Aug 28, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in shmish111 WP Admin Theme wp-admin-theme allows Stored XSS.This issue affects WP Admin Theme: from n/a through <= 1.0.
CVE-2025-48321 - - Apr 23, 2026 Aug 28, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in dyiosah Ultimate twitter profile widget ultimate-twitter-profile-widget allows Stored XSS.This issue affects Ultimate twitter profile widget: from n/a through <= 1.0.
CVE-2025-48320 - - Apr 23, 2026 Aug 28, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in cuckoohello 百度分享按钮 baidushare-wp allows Stored XSS.This issue affects 百度分享按钮: from n/a through <= 1.0.6.
CVE-2025-48318 - - Apr 23, 2026 Aug 28, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in shen2 多说社会化评论框 duoshuo allows Cross Site Request Forgery.This issue affects 多说社会化评论框: from n/a through <= 1.2.

Previous 1...545556...466 Next