Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,313)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-31026 - - Apr 23, 2026 Apr 9, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Austin Comment Validation Reloaded comment-validation-reloaded allows Stored XSS.This issue affects Comment Validation Reloaded: from n/a through <= 0.5.
CVE-2025-31023 - - Apr 23, 2026 Apr 9, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Purab Seo Meta Tags seo-meta-tags allows Cross Site Request Forgery.This issue affects Seo Meta Tags: from n/a through <= 1.4.
CVE-2025-31005 - - Apr 23, 2026 Apr 9, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Uzair Easyfonts easyfonts allows Cross Site Request Forgery.This issue affects Easyfonts: from n/a through <= 1.1.2.
CVE-2025-25056 - - Apr 9, 2025 Apr 9, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-site request forgery vulnerability exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If a user views a malicious page while logged in, unintended operations may be performed.
CVE-2024-8243 1Felixker 1Wordpress/plugin Upgrade Time Out Plugin Apr 22, 2025 Apr 9, 2025 N/A· v4 6.3 MEDIUM· v3 N/A· v2 The WordPress/Plugin Upgrade Time Out Plugin WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add...Show more The WordPress/Plugin Upgrade Time Out Plugin WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.Show less
CVE-2024-6860 1Ngothang 1Wp Multitasking Apr 22, 2025 Apr 9, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating its permalink suffix settings, which could allow attackers to make logged admins perform such action via a CSRF attack
CVE-2024-6857 1Ngothang 1Wp Multitasking Apr 22, 2025 Apr 9, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating its Header, Footer and Body Script Settings, which could allow attackers to make logged admins perform such action via a CSRF at...Show more The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating its Header, Footer and Body Script Settings, which could allow attackers to make logged admins perform such action via a CSRF attackShow less
CVE-2025-27189 1Adobe 1Commerce B2b Apr 30, 2025 Apr 8, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could be exploited to cause a denial-of-service condition....Show more Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could be exploited to cause a denial-of-service condition. An attacker could trick a logged-in user into submitting a forged request to the vulnerable application, which may disrupt service availability. Exploitation of this issue requires user interaction, typically in the form of clicking a malicious link or visiting an attacker-controlled website.Show less
CVE-2025-27442 1Zoom 6Meeting Software Development Kit RoomsRooms Controller+3 more May 15, 2026 Apr 8, 2025 N/A· v4 5.2 MEDIUM· v3 N/A· v2 Cross site scripting in some Zoom Workplace Apps may allow an unauthenticated user to conduct a loss of integrity via adjacent network access.
CVE-2025-27441 1Zoom 6Meeting Software Development Kit RoomsRooms Controller+3 more May 15, 2026 Apr 8, 2025 N/A· v4 5.2 MEDIUM· v3 N/A· v2 Cross site scripting in some Zoom Workplace Apps may allow an unauthenticated user to conduct a loss of integrity via adjacent network access.
CVE-2025-3064 - - Apr 8, 2025 Apr 8, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 The WPFront User Role Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.1. This is due to missing or incorrect nonce validation on the whitelist_options() f...Show more The WPFront User Role Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.1. This is due to missing or incorrect nonce validation on the whitelist_options() function. This makes it possible for unauthenticated attackers to update the default role option that can be leveraged for privilege escalation via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This is only exploitable on multisite instances.Show less
CVE-2024-41795 1Siemens 17kt Pac1260 Data Manager Firmware Sep 23, 2025 Apr 8, 2025 6.9 MEDIUM· v4 6.5 MEDIUM· v3 N/A· v2 A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices is vulnerable to Cross-Site Request Forgery (CSRF) attacks. This could allow an unauthenticate...Show more A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices is vulnerable to Cross-Site Request Forgery (CSRF) attacks. This could allow an unauthenticated attacker to change arbitrary device settings by tricking a legitimate device administrator to click on a malicious link.Show less
CVE-2024-11071 - - Apr 7, 2025 Apr 7, 2025 7.7 HIGH· v4 8.8 HIGH· v3 N/A· v2 Permissive Cross-domain Policy with Untrusted Domains vulnerability in local API server of DestinyECM solution(versions described below) which is developed and maintained by Cyberdigm may allow Cross-Site Request Forgery...Show more Permissive Cross-domain Policy with Untrusted Domains vulnerability in local API server of DestinyECM solution(versions described below) which is developed and maintained by Cyberdigm may allow Cross-Site Request Forgery (CSRF) attack, which probabilistically enables JSON Hijacking (aka JavaScript Hijacking) via forgery web page.* Due to product customization, version information may differ from the following version description. For further inquiries, please contact the vendor.Show less
CVE-2025-0810 - - Apr 8, 2026 Apr 5, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 The Read More & Accordion plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.7. This is due to missing or incorrect nonce validation on the addNewButtons() function...Show more The Read More & Accordion plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.7. This is due to missing or incorrect nonce validation on the addNewButtons() function. This makes it possible for unauthenticated attackers to include and execute arbitrary PHP files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2025-3257 1Xujiangfei 1Admintwo Oct 9, 2025 Apr 4, 2025 5.3 MEDIUM· v4 4.3 MEDIUM· v3 5.0 MEDIUM· v2 A vulnerability classified as problematic has been found in xujiangfei admintwo 1.0. This affects an unknown part of the file /user/updateSet. The manipulation leads to cross-site request forgery. It is possible to initi...Show more A vulnerability classified as problematic has been found in xujiangfei admintwo 1.0. This affects an unknown part of the file /user/updateSet. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2025-32280 1Wedevs 1Wp Project Manager Apr 23, 2026 Apr 4, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in weDevs WP Project Manager wedevs-project-manager allows Cross Site Request Forgery.This issue affects WP Project Manager: from n/a through < 2.6.25.
CVE-2025-32278 - - Apr 23, 2026 Apr 4, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in wprio Table Block by RioVizual riovizual allows Cross Site Request Forgery.This issue affects Table Block by RioVizual: from n/a through <= 2.3.1.
CVE-2025-32276 - - Apr 28, 2026 Apr 4, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Quý Lê 91 Administrator Z administrator-z allows Cross Site Request Forgery.This issue affects Administrator Z: from n/a through <= 2026.03.02.
CVE-2025-32274 - - Apr 23, 2026 Apr 4, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in axew3 WP w3all phpBB wp-w3all-phpbb-integration allows Cross Site Request Forgery.This issue affects WP w3all phpBB: from n/a through <= 2.9.8.
CVE-2025-32273 - - Apr 23, 2026 Apr 4, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in freetobook Freetobook Responsive Widget freetobook-responsive-widget allows Cross Site Request Forgery.This issue affects Freetobook Responsive Widget: from n/a through...Show more Cross-Site Request Forgery (CSRF) vulnerability in freetobook Freetobook Responsive Widget freetobook-responsive-widget allows Cross Site Request Forgery.This issue affects Freetobook Responsive Widget: from n/a through <= 1.1.Show less

Previous 1...868788...466 Next