Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,311)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-54682 - - Apr 23, 2026 Aug 14, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Connector for Gravity Forms and Google Sheets wp-gravity-forms-spreadsheets allows Cross Site Request Forgery.This issue affects Connector for Gravity Forms an...Show more Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Connector for Gravity Forms and Google Sheets wp-gravity-forms-spreadsheets allows Cross Site Request Forgery.This issue affects Connector for Gravity Forms and Google Sheets: from n/a through <= 1.2.4.Show less
CVE-2025-54675 - - Apr 23, 2026 Aug 14, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in YITHEMES YITH WooCommerce Popup yith-woocommerce-popup allows Cross Site Request Forgery.This issue affects YITH WooCommerce Popup: from n/a through <= 1.48.0.
CVE-2025-54674 - - Apr 23, 2026 Aug 14, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in mklacroix Product Configurator for WooCommerce product-configurator-for-woocommerce allows Cross Site Request Forgery.This issue affects Product Configurator for WooComm...Show more Cross-Site Request Forgery (CSRF) vulnerability in mklacroix Product Configurator for WooCommerce product-configurator-for-woocommerce allows Cross Site Request Forgery.This issue affects Product Configurator for WooCommerce: from n/a through <= 1.4.4.Show less
CVE-2025-54673 - - Apr 23, 2026 Aug 14, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Chartify chart-builder allows Cross Site Request Forgery.This issue affects Chartify: from n/a through <= 3.5.3.
CVE-2025-54672 - - Apr 23, 2026 Aug 14, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Jordy Meow Photo Engine wplr-sync allows Cross Site Request Forgery.This issue affects Photo Engine: from n/a through <= 6.4.3.
CVE-2025-54671 - - Apr 23, 2026 Aug 14, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in bobbingwide oik oik allows Cross Site Request Forgery.This issue affects oik: from n/a through <= 4.15.2.
CVE-2025-49044 - - Apr 23, 2026 Aug 14, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in tosend.it Simple Poll simple-poll allows Stored XSS.This issue affects Simple Poll: from n/a through <= 1.1.1.
CVE-2025-8891 1Oceanwp 1Oceanwp Dec 18, 2025 Aug 13, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The OceanWP theme for WordPress is vulnerable to Cross-Site Request Forgery in versions 4.0.9 to 4.1.1. This is due to missing or incorrect nonce validation on the oceanwp_notice_button_click() function. This makes it po...Show more The OceanWP theme for WordPress is vulnerable to Cross-Site Request Forgery in versions 4.0.9 to 4.1.1. This is due to missing or incorrect nonce validation on the oceanwp_notice_button_click() function. This makes it possible for unauthenticated attackers to install the Ocean Extra plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2025-8491 - - Aug 13, 2025 Aug 13, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Easy restaurant menu manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on the nsc_eprm_save_men...Show more The Easy restaurant menu manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on the nsc_eprm_save_menu() function. This makes it possible for unauthenticated attackers to upload a menu file via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2025-49555 1Adobe 3Commerce Commerce B2bMagento Aug 15, 2025 Aug 12, 2025 N/A· v4 8.1 HIGH· v3 N/A· v2 Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in privilege escalation. A high-pr...Show more Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in privilege escalation. A high-privileged attacker could trick a victim into executing unintended actions on a web application where the victim is authenticated, potentially allowing unauthorized access or modification of sensitive data. Exploitation of this issue requires user interaction in that a victim must visit a malicious website or click on a crafted link. Scope is changed.Show less
CVE-2025-7965 - - Jan 9, 2026 Aug 11, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The CBX Restaurant Booking WordPress plugin through 1.2.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVE-2025-8814 1Pybbs Project 1Pybbs Apr 29, 2026 Aug 10, 2025 2.1 LOW· v4 4.3 MEDIUM· v3 5.0 MEDIUM· v2 A vulnerability was found in atjiu pybbs up to 6.0.0 and classified as problematic. This issue affects the function setCookie of the file src/main/java/co/yiiu/pybbs/util/CookieUtil.java. The manipulation leads to cross-...Show more A vulnerability was found in atjiu pybbs up to 6.0.0 and classified as problematic. This issue affects the function setCookie of the file src/main/java/co/yiiu/pybbs/util/CookieUtil.java. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is named 8aa2bb1aef3346e49aec6358edf5e47ce905ae7b. It is recommended to apply a patch to fix this issue.Show less
CVE-2025-8739 1Zhenfeng13 1My Blog Apr 29, 2026 Aug 8, 2025 2.1 LOW· v4 4.3 MEDIUM· v3 5.0 MEDIUM· v2 A vulnerability was found in zhenfeng13 My-Blog up to 1.0.0 and classified as problematic. This issue affects some unknown processing of the file /admin/tags/save. The manipulation of the argument tagName leads to cross-...Show more A vulnerability was found in zhenfeng13 My-Blog up to 1.0.0 and classified as problematic. This issue affects some unknown processing of the file /admin/tags/save. The manipulation of the argument tagName leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2020-9322 - - Aug 8, 2025 Aug 8, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 The /users endpoint in Statamic Core before 2.11.8 allows XSS to add an administrator user. This can be exploited via CSRF. Stored XSS can occur via a JavaScript payload in a username during account registration. Reflect...Show more The /users endpoint in Statamic Core before 2.11.8 allows XSS to add an administrator user. This can be exploited via CSRF. Stored XSS can occur via a JavaScript payload in a username during account registration. Reflected XSS can occur via the /users PATH_INFO.Show less
CVE-2025-7202 - - Aug 6, 2025 Aug 6, 2025 5.1 MEDIUM· v4 N/A· v3 N/A· v2 A Cross-Site Request Forgery (CSRF) in Elgato's Key Lights and related light products allows an attacker to host a malicious webpage that remotely controlles the victim's lights.
CVE-2025-5988 - - Aug 5, 2025 Aug 4, 2025 N/A· v4 5.3 MEDIUM· v3 N/A· v2 A flaw was found in the Ansible aap-gateway. Cross-site request forgery (CSRF) origin checking is not done on requests from the gateway to external components, such as the controller, hub, and eda.
CVE-2025-8505 - - Apr 29, 2026 Aug 3, 2025 2.1 LOW· v4 4.3 MEDIUM· v3 5.0 MEDIUM· v2 A vulnerability has been found in 495300897 wx-shop up to de1b66331368695779cfc6e4d11a64caddf8716e and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forg...Show more A vulnerability has been found in 495300897 wx-shop up to de1b66331368695779cfc6e4d11a64caddf8716e and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.Show less
CVE-2025-54782 1Nestjs 1Devtools Integration Oct 9, 2025 Aug 2, 2025 9.4 CRITICAL· v4 8.8 HIGH· v3 N/A· v2 Nest is a framework for building scalable Node.js server-side applications. In versions 0.2.0 and below, a critical Remote Code Execution (RCE) vulnerability was discovered in the @nestjs/devtools-integration package. Wh...Show more Nest is a framework for building scalable Node.js server-side applications. In versions 0.2.0 and below, a critical Remote Code Execution (RCE) vulnerability was discovered in the @nestjs/devtools-integration package. When enabled, the package exposes a local development HTTP server with an API endpoint that uses an unsafe JavaScript sandbox (safe-eval-like implementation). Due to improper sandboxing and missing cross-origin protections, any malicious website visited by a developer can execute arbitrary code on their local machine. The package adds HTTP endpoints to a locally running NestJS development server. One of these endpoints, /inspector/graph/interact, accepts JSON input containing a code field and executes the provided code in a Node.js vm.runInNewContext sandbox. This is fixed in version 0.2.1.Show less
CVE-2025-50847 1Cs Cart 1Cs Cart Aug 6, 2025 Jul 31, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Cross Site Request Forgery (CSRF) vulnerability in CS Cart 4.18.3, allows attackers to add products to a user's comparison list via a crafted HTTP request.
CVE-2025-8335 1Code Projects 1Simple Car Rental System Apr 29, 2026 Jul 30, 2025 2.1 LOW· v4 4.3 MEDIUM· v3 5.0 MEDIUM· v2 A vulnerability classified as problematic has been found in code-projects Simple Car Rental System 1.0. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the a...Show more A vulnerability classified as problematic has been found in code-projects Simple Car Rental System 1.0. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.Show less

Previous 1...585960...466 Next