Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,314)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-11641 1Vikwp 1Vikbooking Hotel Booking Engine & Pms Feb 4, 2025 Jan 26, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 The VikBooking Hotel Booking Engine & PMS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.2. This is due to missing or incorrect nonce validation on the 'save' f...Show more The VikBooking Hotel Booking Engine & PMS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.2. This is due to missing or incorrect nonce validation on the 'save' function. This makes it possible for unauthenticated attackers to change plugin access privileges via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Successful exploitation allows attackers with subscriber-level privileges and above to upload arbitrary files on the affected site's server which may make remote code execution possible.Show less
CVE-2024-13709 - - Apr 8, 2026 Jan 25, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Linear plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.1. This is due to missing or incorrect nonce validation on the 'linear-debug'. This makes it possible...Show more The Linear plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.1. This is due to missing or incorrect nonce validation on the 'linear-debug'. This makes it possible for unauthenticated attackers to reset the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2025-24756 - - Apr 23, 2026 Jan 24, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in mgplugin Roi Calculator roi-calculator allows Stored XSS.This issue affects Roi Calculator: from n/a through <= 1.0.
CVE-2025-24739 - - Apr 23, 2026 Jan 24, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Shahjahan Jewel FluentSMTP fluent-smtp allows Cross Site Request Forgery.This issue affects FluentSMTP: from n/a through <= 2.2.80.
CVE-2025-24738 - - Apr 23, 2026 Jan 24, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Jerry Rietveld Call Now Button call-now-button allows Cross Site Request Forgery.This issue affects Call Now Button: from n/a through <= 1.4.13.
CVE-2025-24724 - - Apr 23, 2026 Jan 24, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Side Menu Lite side-menu-lite allows Cross Site Request Forgery.This issue affects Side Menu Lite: from n/a through <= 5.3.1.
CVE-2025-24720 - - Apr 23, 2026 Jan 24, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Sticky Buttons sticky-buttons allows Cross Site Request Forgery.This issue affects Sticky Buttons: from n/a through <= 4.1.1.
CVE-2025-24717 1Wow Company 1Modal Window Apr 23, 2026 Jan 24, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Modal Window modal-window allows Cross Site Request Forgery.This issue affects Modal Window: from n/a through <= 6.1.4.
CVE-2025-24716 - - Apr 23, 2026 Jan 24, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Herd Effects mwp-herd-effect allows Cross Site Request Forgery.This issue affects Herd Effects: from n/a through <= 6.2.1.
CVE-2025-24715 1Wow Company 1Counter Box Apr 23, 2026 Jan 24, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Counter Box counter-box allows Cross Site Request Forgery.This issue affects Counter Box: from n/a through <= 2.0.5.
CVE-2025-24714 - - Apr 23, 2026 Jan 24, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Bubble Menu – circle floating menu bubble-menu allows Cross Site Request Forgery.This issue affects Bubble Menu – circle floating menu: from n/a through <= 4...Show more Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Bubble Menu – circle floating menu bubble-menu allows Cross Site Request Forgery.This issue affects Bubble Menu – circle floating menu: from n/a through <= 4.0.2.Show less
CVE-2025-24713 - - Apr 23, 2026 Jan 24, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Button Generator – easily Button Builder button-generation allows Cross Site Request Forgery.This issue affects Button Generator – easily Button Builder: fro...Show more Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Button Generator – easily Button Builder button-generation allows Cross Site Request Forgery.This issue affects Button Generator – easily Button Builder: from n/a through <= 3.1.1.Show less
CVE-2025-24712 - - Apr 23, 2026 Jan 24, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme Radius Blocks radius-blocks allows Cross Site Request Forgery.This issue affects Radius Blocks: from n/a through <= 2.1.2.
CVE-2025-24711 - - Apr 23, 2026 Jan 24, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Popup Box popup-box allows Cross Site Request Forgery.This issue affects Popup Box: from n/a through <= 3.2.4.
CVE-2025-24698 1G5plus 1Essential Real Estate Apr 23, 2026 Jan 24, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in g5theme Essential Real Estate essential-real-estate allows Cross Site Request Forgery.This issue affects Essential Real Estate: from n/a through <= 5.1.8.
CVE-2025-24696 - - Apr 23, 2026 Jan 24, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Shafaet Alam Attire Blocks attire-blocks allows Cross Site Request Forgery.This issue affects Attire Blocks: from n/a through <= 1.9.6.
CVE-2025-24647 - - Apr 23, 2026 Jan 24, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in datafeedr WooCommerce Cloak Affiliate Links woocommerce-cloak-affiliate-links allows Cross Site Request Forgery.This issue affects WooCommerce Cloak Affiliate Links: fro...Show more Cross-Site Request Forgery (CSRF) vulnerability in datafeedr WooCommerce Cloak Affiliate Links woocommerce-cloak-affiliate-links allows Cross Site Request Forgery.This issue affects WooCommerce Cloak Affiliate Links: from n/a through <= 1.0.35.Show less
CVE-2025-24636 - - Apr 23, 2026 Jan 24, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Rick Laymance MachForm Shortcode machform-shortcode allows Stored XSS.This issue affects MachForm Shortcode: from n/a through <= 1.4.1.
CVE-2025-24623 - - Apr 23, 2026 Jan 24, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Really Simple Plugins Really Simple SSL really-simple-ssl allows Cross Site Request Forgery.This issue affects Really Simple SSL: from n/a through <= 9.1.4.
CVE-2025-24622 - - Apr 23, 2026 Jan 24, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in PickPlugins Job Board Manager job-board-manager allows Cross Site Request Forgery.This issue affects Job Board Manager: from n/a through <= 2.1.59.

Previous 1...110111112...466 Next