Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,313)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-52772 - - Apr 28, 2026 Jun 20, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Adnan Haque (a11n) Virtual Moderator allows Cross-Site Scripting (XSS). This issue affects Virtual Moderator: from n/a through 1.4.
CVE-2025-52711 - - Apr 23, 2026 Jun 20, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in BoldGrid Post and Page Builder by BoldGrid post-and-page-builder allows Cross Site Request Forgery.This issue affects Post and Page Builder by BoldGrid: from n/a through...Show more Cross-Site Request Forgery (CSRF) vulnerability in BoldGrid Post and Page Builder by BoldGrid post-and-page-builder allows Cross Site Request Forgery.This issue affects Post and Page Builder by BoldGrid: from n/a through <= 1.27.8.Show less
CVE-2025-50044 - - Apr 23, 2026 Jun 20, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Rameez Iqbal Real Estate Manager real-estate-manager allows Cross Site Request Forgery.This issue affects Real Estate Manager: from n/a through <= 7.3.
CVE-2025-50036 - - Apr 23, 2026 Jun 20, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Yamna Khawaja Mailing Group Listserv wp-mailing-group allows Cross Site Request Forgery.This issue affects Mailing Group Listserv: from n/a through <= 3.0.5.
CVE-2025-49977 - - Apr 28, 2026 Jun 20, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in WP Inventory WP Inventory Manager wp-inventory-manager allows Cross Site Request Forgery.This issue affects WP Inventory Manager: from n/a through <= 2.3.4.
CVE-2025-49975 - - Apr 23, 2026 Jun 20, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Hossni Mubarak JobWP jobwp allows Cross Site Request Forgery.This issue affects JobWP: from n/a through <= 2.4.0.
CVE-2025-49972 - - Apr 23, 2026 Jun 20, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in David Wood TM Replace Howdy tm-replace-howdy allows Cross Site Request Forgery.This issue affects TM Replace Howdy: from n/a through <= 1.4.2.
CVE-2025-49968 - - Apr 23, 2026 Jun 20, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Oganro XML Travel Portal Widget oganro-reservation-widget allows Cross Site Request Forgery.This issue affects XML Travel Portal Widget: from n/a through <= 2.0.
CVE-2025-49967 - - Apr 23, 2026 Jun 20, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in marcusjansen Live Sports Streamthunder live-sports-streamthunder allows Cross Site Request Forgery.This issue affects Live Sports Streamthunder: from n/a through <= 2.1.
CVE-2025-49966 - - Apr 23, 2026 Jun 20, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Oganro Oganro Travel Portal Search Widget for HotelBeds APITUDE API oganro-travel-portal-search-widget-for-hotelbeds-apitude-api allows Cross Site Request Forgery.This i...Show more Cross-Site Request Forgery (CSRF) vulnerability in Oganro Oganro Travel Portal Search Widget for HotelBeds APITUDE API oganro-travel-portal-search-widget-for-hotelbeds-apitude-api allows Cross Site Request Forgery.This issue affects Oganro Travel Portal Search Widget for HotelBeds APITUDE API: from n/a through <= 1.0.Show less
CVE-2025-49965 - - Apr 23, 2026 Jun 20, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Oganro PixelBeds Channel Manager and Hotel Booking Engine pixelbeds-channel-manager-booking-engine allows Cross Site Request Forgery.This issue affects PixelBeds Channel...Show more Cross-Site Request Forgery (CSRF) vulnerability in Oganro PixelBeds Channel Manager and Hotel Booking Engine pixelbeds-channel-manager-booking-engine allows Cross Site Request Forgery.This issue affects PixelBeds Channel Manager and Hotel Booking Engine: from n/a through <= 1.0.Show less
CVE-2025-49964 - - Apr 23, 2026 Jun 20, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in indgeek ClipLink cliplink allows Cross Site Request Forgery.This issue affects ClipLink: from n/a through <= 1.1.
CVE-2025-6341 1Fabian 1School Fees Payment System Apr 29, 2026 Jun 20, 2025 2.1 LOW· v4 4.3 MEDIUM· v3 5.0 MEDIUM· v2 A vulnerability classified as problematic was found in code-projects School Fees Payment System 1.0. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initia...Show more A vulnerability classified as problematic was found in code-projects School Fees Payment System 1.0. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2025-6284 1Phpgurukul 1Car Rental Portal Apr 29, 2026 Jun 19, 2025 2.1 LOW· v4 4.3 MEDIUM· v3 5.0 MEDIUM· v2 A vulnerability was found in PHPGurukul Car Rental Portal 3.0. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiat...Show more A vulnerability was found in PHPGurukul Car Rental Portal 3.0. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2024-54172 1Ibm 2Sterling B2b Integrator Sterling File Gateway Jul 25, 2025 Jun 18, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorize...Show more IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.Show less
CVE-2025-49865 - - Apr 23, 2026 Jun 17, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Helmut Wandl Advanced Settings advanced-settings allows Cross Site Request Forgery.This issue affects Advanced Settings: from n/a through <= 3.0.1.
CVE-2025-49856 - - Apr 23, 2026 Jun 17, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in CyberChimps Responsive Plus responsive-add-ons allows Cross Site Request Forgery.This issue affects Responsive Plus: from n/a through <= 3.2.2.
CVE-2025-48111 - - Jun 17, 2025 Jun 17, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in YITHEMES YITH PayPal Express Checkout for WooCommerce allows Cross Site Request Forgery. This issue affects YITH PayPal Express Checkout for WooCommerce: from n/a throug...Show more Cross-Site Request Forgery (CSRF) vulnerability in YITHEMES YITH PayPal Express Checkout for WooCommerce allows Cross Site Request Forgery. This issue affects YITH PayPal Express Checkout for WooCommerce: from n/a through 1.49.0.Show less
CVE-2025-6106 172crm 1Wukong Crm Apr 29, 2026 Jun 16, 2025 2.1 LOW· v4 4.3 MEDIUM· v3 5.0 MEDIUM· v2 A vulnerability was found in WuKongOpenSource WukongCRM 9.0 and classified as problematic. This issue affects some unknown processing of the file AdminRoleController.java. The manipulation leads to cross-site request for...Show more A vulnerability was found in WuKongOpenSource WukongCRM 9.0 and classified as problematic. This issue affects some unknown processing of the file AdminRoleController.java. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2025-6105 1Jflyfox 1Jfinal Cms Apr 29, 2026 Jun 16, 2025 2.1 LOW· v4 8.8 HIGH· v3 5.0 MEDIUM· v2 A vulnerability has been found in jflyfox jfinal_cms 5.0.1 and classified as problematic. This vulnerability affects unknown code of the file HOME.java. The manipulation of the argument Logout leads to cross-site request...Show more A vulnerability has been found in jflyfox jfinal_cms 5.0.1 and classified as problematic. This vulnerability affects unknown code of the file HOME.java. The manipulation of the argument Logout leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.Show less

Previous 1...656667...466 Next