Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,314)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-13356 1Dsgvo For Wp 1Dsgvo All In One For Wp May 23, 2025 Feb 4, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 The DSGVO All in one for WP plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6. This is due to missing or incorrect nonce validation in the user_remove_form.php fil...Show more The DSGVO All in one for WP plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6. This is due to missing or incorrect nonce validation in the user_remove_form.php file. This makes it possible for unauthenticated attackers to delete admin user accounts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2024-13115 1Phptechie 1Wp Projects Portfolio With Client Testimonials May 7, 2025 Feb 4, 2025 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The WP Projects Portfolio with Client Testimonials WordPress plugin through 3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admi...Show more The WP Projects Portfolio with Client Testimonials WordPress plugin through 3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.Show less
CVE-2025-24982 - - Feb 4, 2025 Feb 4, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-site request forgery vulnerability exists in Activity Log WinterLock versions prior to 1.2.5. If a user views a malicious page while logged in, the log data may be deleted.
CVE-2024-56903 - - Mar 4, 2025 Feb 3, 2025 N/A· v4 8.1 HIGH· v3 N/A· v2 Geovision GV-ASWeb with the version 6.1.1.0 or less allows attackers to modify POST request method with the GET against critical functionalities, such as account management. This vulnerability is used in chain with CVE-2...Show more Geovision GV-ASWeb with the version 6.1.1.0 or less allows attackers to modify POST request method with the GET against critical functionalities, such as account management. This vulnerability is used in chain with CVE-2024-56901 for a successful CSRF attack.Show less
CVE-2024-56901 - - Mar 4, 2025 Feb 3, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 A Cross-Site Request Forgery (CSRF) vulnerability in Geovision GV-ASWeb application with the version 6.1.1.0 or less that allows attackers to arbitrarily create Administrator accounts via a crafted GET request method. Th...Show more A Cross-Site Request Forgery (CSRF) vulnerability in Geovision GV-ASWeb application with the version 6.1.1.0 or less that allows attackers to arbitrarily create Administrator accounts via a crafted GET request method. This vulnerability is used in chain with CVE-2024-56903 for a successful CSRF attack.Show less
CVE-2025-22704 - - Apr 23, 2026 Feb 3, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Abinav Thakuri WordPress Signature wordpress-signature allows Reflected XSS.This issue affects WordPress Signature: fr...Show more Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Abinav Thakuri WordPress Signature wordpress-signature allows Reflected XSS.This issue affects WordPress Signature: from n/a through <= 0.1.Show less
CVE-2025-22703 - - Apr 23, 2026 Feb 3, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in manuelvicedo Forge – Front-End Page Builder forge allows Stored XSS.This issue affects Forge – Front-End Page Builder: from n/a through <= 1.4.6.
CVE-2025-22690 - - Apr 23, 2026 Feb 3, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in DigiTimber DigiTimber cPanel Integration digitimber-cpanel-integration allows Stored XSS.This issue affects DigiTimber cPanel Integration: from n/a through <= 1.4.6.
CVE-2025-22688 - - Apr 23, 2026 Feb 3, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Ederson Peka Unlimited Page Sidebars unlimited-page-sidebars allows Stored XSS.This issue affects Unlimited Page Sidebars: from n/a through <= 0.2.6.
CVE-2025-22685 - - Apr 23, 2026 Feb 3, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in CheGevara29 Tags to Keywords tags-to-meta-keywords allows Stored XSS.This issue affects Tags to Keywords: from n/a through <= 1.0.1.
CVE-2024-13096 1Mch0lic 1Wp Finance May 12, 2025 Feb 1, 2025 N/A· v4 4.6 MEDIUM· v3 N/A· v2 The WP Finance WordPress plugin through 1.3.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CS...Show more The WP Finance WordPress plugin through 1.3.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.Show less
CVE-2023-38739 1Ibm 1Sterling B2b Integrator Mar 5, 2025 Jan 31, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a u...Show more IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.Show less
CVE-2025-24749 - - Apr 28, 2026 Jan 31, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Overt Software Solutions LTD EZPZ SAML SP Single Sign On (SSO) allows Cross Site Request Forgery. This issue affects EZPZ SAML SP Single Sign On (SSO): from n/a through...Show more Cross-Site Request Forgery (CSRF) vulnerability in Overt Software Solutions LTD EZPZ SAML SP Single Sign On (SSO) allows Cross Site Request Forgery. This issue affects EZPZ SAML SP Single Sign On (SSO): from n/a through 1.2.5.Show less
CVE-2025-24549 - - Apr 23, 2026 Jan 31, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Mahbubur Rahman Post Meta post-meta allows Reflected XSS.This issue affects Post Meta: from n/a through <= 1.0.9.
CVE-2025-23990 - - Apr 23, 2026 Jan 31, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in jablonczay Scroll Styler scroll-styler.This issue affects Scroll Styler: from n/a through <= 1.1.
CVE-2025-23989 - - Apr 23, 2026 Jan 31, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Alessandro Piconi Internal Link Builder internal-link-builder allows Cross Site Request Forgery.This issue affects Internal Link Builder: from n/a through <= 1.0.
CVE-2025-23985 - - Apr 23, 2026 Jan 31, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in brainvireinfo Dynamic URL SEO dynamic-url-seo allows Cross Site Request Forgery.This issue affects Dynamic URL SEO: from n/a through <= 1.0.
CVE-2025-23980 - - Apr 23, 2026 Jan 31, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in James Andrews Full Circle full-circle allows Stored XSS.This issue affects Full Circle: from n/a through <= 0.5.7.8.
CVE-2025-23978 - - Apr 23, 2026 Jan 31, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Ninos FlashCounter flashcounter allows Stored XSS.This issue affects FlashCounter: from n/a through <= 1.1.8.
CVE-2025-23977 - - Apr 23, 2026 Jan 31, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Bhaskar Dhote Post Carousel Slider post-carousel-slider allows Stored XSS.This issue affects Post Carousel Slider: from n/a through <= 2.0.1.

Previous 1...108109110...466 Next