Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,313)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-26748 - - Apr 23, 2026 Apr 15, 2025 N/A· v4 8.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in looswebstudio Arkhe arkhe allows PHP Local File Inclusion.This issue affects Arkhe: from n/a through <= 3.12.0.
CVE-2025-21576 1Oracle 1Commerce Platform Apr 17, 2025 Apr 15, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Dynamo Personalization Server). Supported versions that are affected are 11.3.0, 11.3.1 and 11.3.2. Easily exploitable vulnerability...Show more Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Dynamo Personalization Server). Supported versions that are affected are 11.3.0, 11.3.1 and 11.3.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Commerce Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Commerce Platform, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Commerce Platform accessible data as well as unauthorized read access to a subset of Oracle Commerce Platform accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).Show less
CVE-2025-24358 - - May 1, 2025 Apr 15, 2025 5.4 MEDIUM· v4 N/A· v3 N/A· v2 gorilla/csrf provides Cross Site Request Forgery (CSRF) prevention middleware for Go web applications & services. Prior to 1.7.2, gorilla/csrf does not validate the Origin header against an allowlist. Its executes its va...Show more gorilla/csrf provides Cross Site Request Forgery (CSRF) prevention middleware for Go web applications & services. Prior to 1.7.2, gorilla/csrf does not validate the Origin header against an allowlist. Its executes its validation of the Referer header for cross-origin requests only when it believes the request is being served over TLS. It determines this by inspecting the r.URL.Scheme value. However, this value is never populated for "server" requests per the Go spec, and so this check does not run in practice. This vulnerability allows an attacker who has gained XSS on a subdomain or top level domain to perform authenticated form submissions against gorilla/csrf protected targets that share the same top level domain. This vulnerability is fixed in 1.7.2.Show less
CVE-2025-30965 - - Apr 28, 2026 Apr 15, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in NotFound WPJobBoard allows Cross Site Request Forgery. This issue affects WPJobBoard: from n/a through n/a.
CVE-2025-27009 - - Apr 23, 2026 Apr 14, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows Stored XSS.This issue affects My auctions allegro: from n/a through <= 3.6.33.
CVE-2025-3561 1Ghostxbh 1Uzy Ssm Mall Oct 10, 2025 Apr 14, 2025 5.3 MEDIUM· v4 6.5 MEDIUM· v3 5.0 MEDIUM· v2 A vulnerability was found in ghostxbh uzy-ssm-mall 1.0.0. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack...Show more A vulnerability was found in ghostxbh uzy-ssm-mall 1.0.0. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2025-3557 1Scriptandtools 1Ecommerce Website In Php Jul 17, 2025 Apr 14, 2025 5.3 MEDIUM· v4 4.3 MEDIUM· v3 5.0 MEDIUM· v2 A vulnerability, which was classified as problematic, has been found in ScriptAndTools eCommerce-website-in-PHP 3.0. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forg...Show more A vulnerability, which was classified as problematic, has been found in ScriptAndTools eCommerce-website-in-PHP 3.0. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Multiple endpoints are affected. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2024-13338 1Cm Wp 1Clearfy Jul 8, 2025 Apr 12, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.1. This is due to missing or inco...Show more The Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.1. This is due to missing or incorrect nonce validation on the wclearfy_cache_delete functionality . This makes it possible for unauthenticated attackers to clear the cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2024-13337 1Cm Wp 1Clearfy Jul 8, 2025 Apr 12, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.2. This is due to missing or inco...Show more The Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.2. This is due to missing or incorrect nonce validation on the 'setup-wbcr_clearfy' page. This makes it possible for unauthenticated attackers to update the plugins settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2025-2871 - - Apr 15, 2025 Apr 12, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The WordPress Mega Menu – QuadMenu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.0. This is due to missing or incorrect nonce validation on the ajax_dismiss_no...Show more The WordPress Mega Menu – QuadMenu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.0. This is due to missing or incorrect nonce validation on the ajax_dismiss_notice() function. This makes it possible for unauthenticated attackers to update any user meta to a value of one, including wp_capabilities which could result in a privilege deescalation of an administrator, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2025-32282 - - Apr 23, 2026 Apr 10, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in ShareThis ShareThis Dashboard for Google Analytics googleanalytics.This issue affects ShareThis Dashboard for Google Analytics: from n/a through <= 3.2.3.
CVE-2025-26902 1Brizy 1Brizy Apr 28, 2026 Apr 9, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Brizy Brizy Pro allows Cross Site Request Forgery.This issue affects Brizy Pro: from n/a through 2.6.1.
CVE-2025-3131 1Drupal 1Eca\ Apr 22, 2025 Apr 9, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Drupal ECA: Event - Condition - Action allows Cross Site Request Forgery.This issue affects ECA: Event - Condition - Action: from 0.0.0 before 1.1.12, from 2.0.0 before...Show more Cross-Site Request Forgery (CSRF) vulnerability in Drupal ECA: Event - Condition - Action allows Cross Site Request Forgery.This issue affects ECA: Event - Condition - Action: from 0.0.0 before 1.1.12, from 2.0.0 before 2.0.16, from 2.1.0 before 2.1.7, from 0.0.0 before 1.2.*.Show less
CVE-2025-32679 - - Apr 23, 2026 Apr 9, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in ZealousWeb User Registration Using Contact Form 7 user-registration-using-contact-form-7 allows Cross Site Request Forgery.This issue affects User Registration Using Con...Show more Cross-Site Request Forgery (CSRF) vulnerability in ZealousWeb User Registration Using Contact Form 7 user-registration-using-contact-form-7 allows Cross Site Request Forgery.This issue affects User Registration Using Contact Form 7: from n/a through <= 2.4.Show less
CVE-2025-32678 - - Apr 23, 2026 Apr 9, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Ashish Ajani WP Show Stats wp-show-stats allows Cross Site Request Forgery.This issue affects WP Show Stats: from n/a through <= 1.5.
CVE-2025-32673 - - Apr 23, 2026 Apr 9, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in epeken Epeken All Kurir epeken-all-kurir allows Stored XSS.This issue affects Epeken All Kurir: from n/a through <= 2.0.6.
CVE-2025-32669 - - Apr 23, 2026 Apr 9, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in MERGADO Mergado Pack mergado-marketing-pack allows Stored XSS.This issue affects Mergado Pack: from n/a through <= 4.2.1.
CVE-2025-32667 - - Apr 23, 2026 Apr 9, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in fromdoppler Doppler Forms doppler-form allows Stored XSS.This issue affects Doppler Forms: from n/a through <= 2.5.1.
CVE-2025-32664 - - Apr 23, 2026 Apr 9, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in ashokbasnet Nepali Date Utilities nepali-date-utilities allows Stored XSS.This issue affects Nepali Date Utilities: from n/a through <= 1.0.15.
CVE-2025-32661 - - Apr 23, 2026 Apr 9, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in WP Map Plugins Interactive US Map interactive-us-map allows Stored XSS.This issue affects Interactive US Map: from n/a through <= 2.7.

Previous 1...828384...466 Next