Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,311)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-7684 - - Aug 18, 2025 Aug 16, 2025 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The Last.fm Recent Album Artwork plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation on the 'lastfm_albums_ar...Show more The Last.fm Recent Album Artwork plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation on the 'lastfm_albums_artwork.php' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2025-7683 - - Aug 18, 2025 Aug 16, 2025 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The LatestCheckins plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1. This is due to missing or incorrect nonce validation on the 'LatestCheckins' page. This makes i...Show more The LatestCheckins plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1. This is due to missing or incorrect nonce validation on the 'LatestCheckins' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2025-7668 - - Aug 18, 2025 Aug 16, 2025 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The Linux Promotional Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the 'inux-promotional-plugi...Show more The Linux Promotional Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the 'inux-promotional-plugin.php' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2025-49895 - - Apr 28, 2026 Aug 16, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in iThemes ServerBuddy by PluginBuddy.Com allows Object Injection.This issue affects ServerBuddy by PluginBuddy.Com: from n/a through 1.0.5.
CVE-2025-7688 - - Aug 15, 2025 Aug 15, 2025 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The Add User Meta plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the 'add-user-meta' page. This makes...Show more The Add User Meta plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the 'add-user-meta' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2025-8992 1Mtons 1Mblog Apr 29, 2026 Aug 15, 2025 2.1 LOW· v4 6.5 MEDIUM· v3 5.0 MEDIUM· v2 A vulnerability has been found in mtons mblog up to 3.5.0. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has...Show more A vulnerability has been found in mtons mblog up to 3.5.0. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2025-54732 - - Apr 23, 2026 Aug 14, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Shahjada WPDM – Premium Packages wpdm-premium-packages allows Cross Site Request Forgery.This issue affects WPDM – Premium Packages: from n/a through <= 6.0.2.
CVE-2025-54728 - - Apr 23, 2026 Aug 14, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSolutions CM On Demand Search And Replace cm-on-demand-search-and-replace allows Cross Site Request Forgery.This issue affects CM On Demand Search And Repla...Show more Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSolutions CM On Demand Search And Replace cm-on-demand-search-and-replace allows Cross Site Request Forgery.This issue affects CM On Demand Search And Replace: from n/a through <= 1.5.2.Show less
CVE-2025-53587 - - Apr 23, 2026 Aug 14, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in ApusTheme Findgo findgo allows Cross Site Request Forgery.This issue affects Findgo: from n/a through <= 1.3.57.
CVE-2025-53347 - - Apr 23, 2026 Aug 14, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Laborator Kalium kalium allows Cross Site Request Forgery.This issue affects Kalium: from n/a through <= 3.18.3.
CVE-2025-53249 - - Apr 23, 2026 Aug 14, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in hakeemnala Build App Online build-app-online allows Cross Site Request Forgery.This issue affects Build App Online: from n/a through <= 1.0.23.
CVE-2025-53219 - - Apr 23, 2026 Aug 14, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in pl4g4 WP-Database-Optimizer-Tools wp-database-optimizer-tools allows Cross Site Request Forgery.This issue affects WP-Database-Optimizer-Tools: from n/a through <= 0.2.
CVE-2025-52797 - - Apr 23, 2026 Aug 14, 2025 N/A· v4 8.2 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in josepsitjar StoryMap wp-storymap allows SQL Injection.This issue affects StoryMap: from n/a through <= 2.1.
CVE-2025-52769 - - Apr 23, 2026 Aug 14, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in flexostudio flexo-social-gallery flexo-social-gallery allows Cross Site Request Forgery.This issue affects flexo-social-gallery: from n/a through <= 1.0006.
CVE-2025-52767 - - Apr 23, 2026 Aug 14, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in lisensee NetInsight Analytics Implementation Plugin netinsight-analytics-implementation-plugin allows Cross Site Request Forgery.This issue affects NetInsight Analytics...Show more Cross-Site Request Forgery (CSRF) vulnerability in lisensee NetInsight Analytics Implementation Plugin netinsight-analytics-implementation-plugin allows Cross Site Request Forgery.This issue affects NetInsight Analytics Implementation Plugin: from n/a through <= 1.0.3.Show less
CVE-2025-52765 - - Apr 23, 2026 Aug 14, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in lisensee NetInsight Analytics Implementation Plugin netinsight-analytics-implementation-plugin allows Stored XSS.This issue affects NetInsight Analytics Implementation P...Show more Cross-Site Request Forgery (CSRF) vulnerability in lisensee NetInsight Analytics Implementation Plugin netinsight-analytics-implementation-plugin allows Stored XSS.This issue affects NetInsight Analytics Implementation Plugin: from n/a through <= 1.0.3.Show less
CVE-2024-53946 - - Aug 15, 2025 Aug 14, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 The KuWFi 4G LTE AC900 router 1.0.13 is vulnerable to Cross-Site Request Forgery (CSRF) on its web management interface. This vulnerability allows an attacker to trick an authenticated admin user into performing unauthor...Show more The KuWFi 4G LTE AC900 router 1.0.13 is vulnerable to Cross-Site Request Forgery (CSRF) on its web management interface. This vulnerability allows an attacker to trick an authenticated admin user into performing unauthorized actions, such as exploiting a command injection vulnerability in /goform/formMultiApnSetting. Successful exploitation can also lead to unauthorized configuration changes.Show less
CVE-2025-54703 - - Apr 23, 2026 Aug 14, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in princeahmed Integrate Google Drive integrate-google-drive allows Cross Site Request Forgery.This issue affects Integrate Google Drive: from n/a through <= 1.5.2.
CVE-2025-54702 - - Apr 23, 2026 Aug 14, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in motov.net Ebook Store ebook-store allows Cross Site Request Forgery.This issue affects Ebook Store: from n/a through <= 5.8013.
CVE-2025-54694 - - Apr 23, 2026 Aug 14, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in bPlugins Button Block button-block allows Cross Site Request Forgery.This issue affects Button Block: from n/a through <= 1.2.0.

Previous 1...575859...466 Next