Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,313)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-31921 - - Apr 23, 2026 May 16, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in loopus WP Ultimate Tours Builder WP_UltimateToursBuilder allows Cross Site Request Forgery.This issue affects WP Ultimate Tours Builder: from n/a through <= 1.055.
CVE-2025-31915 - - Apr 23, 2026 May 16, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in kamleshyadav Pixel WordPress Form BuilderPlugin & Autoresponder pixel-formbuilder allows Cross Site Request Forgery.This issue affects Pixel WordPress Form BuilderPlugin...Show more Cross-Site Request Forgery (CSRF) vulnerability in kamleshyadav Pixel WordPress Form BuilderPlugin & Autoresponder pixel-formbuilder allows Cross Site Request Forgery.This issue affects Pixel WordPress Form BuilderPlugin & Autoresponder: from n/a through <= 1.0.3.Show less
CVE-2025-31639 - - Apr 28, 2026 May 16, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in themeton Spare allows Cross Site Request Forgery. This issue affects Spare: from n/a through 1.7.
CVE-2025-31068 - - Apr 28, 2026 May 16, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in themeton Seven Stars allows Cross Site Request Forgery. This issue affects Seven Stars: from n/a through 1.4.4.
CVE-2025-2247 1Mantus667 1Wp Pmanager Jun 4, 2025 May 15, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The WP-PManager WordPress plugin through 1.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVE-2025-1288 1Bulktheme 1Wooexim Jun 12, 2025 May 15, 2025 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The WOOEXIM WordPress plugin through 5.0.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make an unauthenticated user vulnerable to reflected XS...Show more The WOOEXIM WordPress plugin through 5.0.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make an unauthenticated user vulnerable to reflected XSS via a CSRF attack.Show less
CVE-2024-9711 1Lukashuser 1Ekc Tournament Manager May 28, 2025 May 15, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The EKC Tournament Manager WordPress plugin before 2.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVE-2024-9709 1Lukashuser 1Ekc Tournament Manager May 28, 2025 May 15, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The EKC Tournament Manager WordPress plugin before 2.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVE-2024-9450 1Syntacticsinc 1Easync Jan 23, 2026 May 15, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 The Free Booking Plugin for Hotels, Restaurants and Car Rentals WordPress plugin before 1.3.15 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in subscriber cha...Show more The Free Booking Plugin for Hotels, Restaurants and Car Rentals WordPress plugin before 1.3.15 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in subscriber change them via a CSRF attackShow less
CVE-2024-9233 1Gsplugins 1Logo Slider Jun 4, 2025 May 15, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Logo Slider WordPress plugin before 3.7.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVE-2024-8398 1Philipwalton 1Simple Nav Archives Jun 12, 2025 May 15, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Simple Nav Archives WordPress plugin through 2.1.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVE-2024-8286 1Webtoffee 1Gdpr Cookie Consent Jun 12, 2025 May 15, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 The webtoffee-gdpr-cookie-consent WordPress plugin before 2.6.1 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting visit logs v...Show more The webtoffee-gdpr-cookie-consent WordPress plugin before 2.6.1 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting visit logs via CSRF attacksShow less
CVE-2024-8245 1Gamipress 1Gamipress Reset User Jun 12, 2025 May 15, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The GamiPress WordPress plugin before 1.0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVE-2024-8094 1Ionutstaicu 1Ntz Atispam May 27, 2025 May 15, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 The Ntz Antispam WordPress plugin through 2.0e does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVE-2024-8090 1Justintadlock 1Javascript Logic May 27, 2025 May 15, 2025 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The JavaScript Logic WordPress plugin through 0.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via...Show more The JavaScript Logic WordPress plugin through 0.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.Show less
CVE-2024-8085 1Solidcode 1Peoplepond Jun 12, 2025 May 15, 2025 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The PeoplePond WordPress plugin through 1.1.9 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CS...Show more The PeoplePond WordPress plugin through 1.1.9 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.Show less
CVE-2024-8082 1Justintadlock 1Widgets Reset Jun 12, 2025 May 15, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Widgets Reset WordPress plugin through 0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVE-2024-8050 1Jfarthing 1Custom Author Base Jun 12, 2025 May 15, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Custom Author Base WordPress plugin through 1.1.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVE-2024-8032 1Ulfbenjaminsson 1Smooth Gallery Replacement Jun 12, 2025 May 15, 2025 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The Smooth Gallery Replacement WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS pay...Show more The Smooth Gallery Replacement WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.Show less
CVE-2024-7984 1Ultimatewpsms 1Joy Of Text Jun 11, 2025 May 15, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Joy Of Text Lite WordPress plugin through 2.3.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Previous 1...727374...466 Next