Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,313)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-48285 - - Apr 23, 2026 May 19, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in sbouey Falang multilanguage falang allows Cross Site Request Forgery.This issue affects Falang multilanguage: from n/a through <= 1.3.61.
CVE-2025-48284 - - Apr 23, 2026 May 19, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in shohei.tanaka Japanized For WooCommerce woocommerce-for-japan allows Cross Site Request Forgery.This issue affects Japanized For WooCommerce: from n/a through <= 2.6.40.
CVE-2025-48265 - - Apr 23, 2026 May 19, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Pektsekye Year Make Model Search for WooCommerce ymm-search allows Cross Site Request Forgery.This issue affects Year Make Model Search for WooCommerce: from n/a through...Show more Cross-Site Request Forgery (CSRF) vulnerability in Pektsekye Year Make Model Search for WooCommerce ymm-search allows Cross Site Request Forgery.This issue affects Year Make Model Search for WooCommerce: from n/a through <= 1.0.11.Show less
CVE-2025-48264 - - Apr 23, 2026 May 19, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in artiosmedia Product Code for WooCommerce product-code-for-woocommerce allows Cross Site Request Forgery.This issue affects Product Code for WooCommerce: from n/a through...Show more Cross-Site Request Forgery (CSRF) vulnerability in artiosmedia Product Code for WooCommerce product-code-for-woocommerce allows Cross Site Request Forgery.This issue affects Product Code for WooCommerce: from n/a through <= 1.5.0.Show less
CVE-2025-48259 - - Apr 23, 2026 May 19, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Juan Carlos WP Mapa Politico España wp-mapa-politico-spain allows Cross Site Request Forgery.This issue affects WP Mapa Politico España: from n/a through <= 3.8.0.
CVE-2025-48255 1Videowhisper 1Videowhisper Live Streaming Integration Apr 23, 2026 May 19, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in videowhisper Broadcast Live Video videowhisper-live-streaming-integration allows Cross Site Request Forgery.This issue affects Broadcast Live Video: from n/a through <=...Show more Cross-Site Request Forgery (CSRF) vulnerability in videowhisper Broadcast Live Video videowhisper-live-streaming-integration allows Cross Site Request Forgery.This issue affects Broadcast Live Video: from n/a through <= 6.2.4.Show less
CVE-2025-48243 - - Apr 23, 2026 May 19, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in sminozzi reCAPTCHA for all recaptcha-for-all allows Cross Site Request Forgery.This issue affects reCAPTCHA for all: from n/a through <= 2.26.
CVE-2025-48238 - - Apr 23, 2026 May 19, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in awcode AWcode Toolkit awcode-toolkit allows Stored XSS.This issue affects AWcode Toolkit: from n/a through <= 1.0.18.
CVE-2025-48233 - - Apr 23, 2026 May 19, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in affmngr Affiliates Manager Google reCAPTCHA Integration affiliates-manager-google-recaptcha-integration allows Stored XSS.This issue affects Affiliates Manager Google re...Show more Cross-Site Request Forgery (CSRF) vulnerability in affmngr Affiliates Manager Google reCAPTCHA Integration affiliates-manager-google-recaptcha-integration allows Stored XSS.This issue affects Affiliates Manager Google reCAPTCHA Integration: from n/a through <= 1.0.6.Show less
CVE-2025-4887 1Senior Walter 1Online Student Clearance System Jun 4, 2025 May 18, 2025 5.3 MEDIUM· v4 8.8 HIGH· v3 5.0 MEDIUM· v2 A vulnerability, which was classified as problematic, has been found in SourceCodester Online Student Clearance System 1.0. Affected by this issue is some unknown functionality. The manipulation leads to cross-site reque...Show more A vulnerability, which was classified as problematic, has been found in SourceCodester Online Student Clearance System 1.0. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2025-4194 - - May 19, 2025 May 17, 2025 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The AlT Monitoring plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on the 'ALT_Monitoring_edit' page. Thi...Show more The AlT Monitoring plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on the 'ALT_Monitoring_edit' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2025-4189 - - May 19, 2025 May 17, 2025 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The Audio Comments Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on the 'audio-comments/audior-s...Show more The Audio Comments Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on the 'audio-comments/audior-settings.php' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2022-4363 1Cedcommerce 2Wholesale Market Wholesale Market For Woocommerce Jun 12, 2025 May 16, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 The Wholesale Market WordPress plugin before 2.2.2, Wholesale Market for WooCommerce WordPress plugin before 2.0.1 have a flawed CSRF check when updating their settings, which could allow attackers to make a logged in ad...Show more The Wholesale Market WordPress plugin before 2.2.2, Wholesale Market for WooCommerce WordPress plugin before 2.0.1 have a flawed CSRF check when updating their settings, which could allow attackers to make a logged in admin update them via a CSRF attackShow less
CVE-2025-48146 1Lupsonline 1Seo Flow Apr 23, 2026 May 16, 2025 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Michael Lups SEO Flow by LupsOnline lupsonline-link-netwerk allows Stored XSS.This issue affects SEO Flow by LupsOnline: from n/a through <= 2.2.1.
CVE-2025-48144 1Sidngr 1Import Export For Woocommerce Apr 23, 2026 May 16, 2025 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in sidngr Import Export For WooCommerce import-export-for-woocommerce allows Stored XSS.This issue affects Import Export For WooCommerce: from n/a through <= 1.6.2.
CVE-2025-48115 - - Apr 23, 2026 May 16, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Javier Revilla ValidateCertify validar-certificados-de-cursos allows Cross Site Request Forgery.This issue affects ValidateCertify: from n/a through <= 1.6.4.
CVE-2025-48114 - - Apr 23, 2026 May 16, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Shayan Farhang Pazhooh ShayanWeb Admin FontChanger shayanweb-admin-fontchanger allows Stored XSS.This issue affects ShayanWeb Admin FontChanger: from n/a through <= 1.9....Show more Cross-Site Request Forgery (CSRF) vulnerability in Shayan Farhang Pazhooh ShayanWeb Admin FontChanger shayanweb-admin-fontchanger allows Stored XSS.This issue affects ShayanWeb Admin FontChanger: from n/a through <= 1.9.1.Show less
CVE-2025-32310 - - Apr 23, 2026 May 16, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in ThemeMove QuickCal - Appointment Booking Calendar for WordPress quickcal allows Privilege Escalation.This issue affects QuickCal - Appointment Booking Calendar for WordP...Show more Cross-Site Request Forgery (CSRF) vulnerability in ThemeMove QuickCal - Appointment Booking Calendar for WordPress quickcal allows Privilege Escalation.This issue affects QuickCal - Appointment Booking Calendar for WordPress: from n/a through <= 1.0.15.Show less
CVE-2025-32245 - - Apr 23, 2026 May 16, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Chaser324 Featured Posts Scroll featured-posts-scroll allows Stored XSS.This issue affects Featured Posts Scroll: from n/a through <= 1.25.
CVE-2025-31922 - - Apr 23, 2026 May 16, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in QuanticaLabs CSS3 Accordions for WordPress css3_accordions allows Stored XSS.This issue affects CSS3 Accordions for WordPress: from n/a through <= 3.0.

Previous 1...717273...466 Next