Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,314)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-12291 - - Apr 8, 2026 Jan 7, 2025 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The ViewMedica 9 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.17. This is due to missing or incorrect nonce validation on a function. This makes it possible f...Show more The ViewMedica 9 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.17. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2024-12288 - - Jan 7, 2025 Jan 7, 2025 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The Simple add pages or posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.0. This is due to missing or incorrect nonce validation. This makes it possible for...Show more The Simple add pages or posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.0. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2024-12170 - - Apr 8, 2026 Jan 7, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The ViewMedica 9 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.15. This is due to missing or incorrect nonce validation on the 'Viewmedica-Admin' page. This ma...Show more The ViewMedica 9 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.15. This is due to missing or incorrect nonce validation on the 'Viewmedica-Admin' page. This makes it possible for unauthenticated attackers to inject arbitrary SQL queries via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2024-12557 - - Apr 8, 2026 Jan 7, 2025 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The Transporters.io plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.1. This is due to missing nonce validation on a function. This makes it possible for unauthen...Show more The Transporters.io plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.1. This is due to missing nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2024-12541 - - Apr 8, 2026 Jan 7, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The Chative Live chat and Chatbot plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the add_chative_widget...Show more The Chative Live chat and Chatbot plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the add_chative_widget_action() function. This makes it possible for unauthenticated attackers to change the channel ID or organization ID via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This could lead to redirecting the live chat widget to an attacker-controlled channel.Show less
CVE-2024-55076 1Grocy Project 1Grocy Sep 5, 2025 Jan 6, 2025 N/A· v4 8.1 HIGH· v3 N/A· v2 Grocy through 4.3.0 has no CSRF protection, as demonstrated by changing the Administrator's password.
CVE-2024-12279 1Wp Social Autoconnect Project 1Wp Social Autoconnect Aug 12, 2025 Jan 4, 2025 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The WP Social AutoConnect plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.2. This is due to missing or incorrect nonce validation on a function. This makes it po...Show more The WP Social AutoConnect plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2024-12545 1Appsmav 1Scratch & Win Jun 5, 2025 Jan 4, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7...Show more The Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.1. This is due to missing nonce validation on the reset_installation() function. This makes it possible for unauthenticated attackers to reset the plugin’s installation via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2024-38732 - - Apr 28, 2026 Jan 2, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in VolThemes Patricia Blog allows Cross Site Request Forgery.This issue affects Patricia Blog: from n/a through 1.2.
CVE-2024-38731 - - Apr 28, 2026 Jan 2, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Marsian i-amaze allows Cross Site Request Forgery.This issue affects i-amaze: from n/a through 1.3.7.
CVE-2024-37931 - - Apr 28, 2026 Jan 2, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Creativthemes Point allows Cross Site Request Forgery.This issue affects Point: from n/a through 1.1.
CVE-2024-37925 - - Apr 28, 2026 Jan 2, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in BUDDYBOSS LLC BuddyBoss Theme allows Cross Site Request Forgery.This issue affects BuddyBoss Theme: from n/a through 2.4.61.
CVE-2024-37452 - - Apr 28, 2026 Jan 2, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in MyThemeShop Schema Lite allows Cross Site Request Forgery.This issue affects Schema Lite: from n/a through 1.2.2.
CVE-2024-37438 - - Apr 28, 2026 Jan 2, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Uncanny Owl Uncanny Toolkit Pro for LearnDash allows Cross Site Request Forgery.This issue affects Uncanny Toolkit Pro for LearnDash: from n/a before 4.1.4.1.
CVE-2024-37241 - - Apr 28, 2026 Jan 2, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Automattic WP Job Manager - Resume Manager allows Cross Site Request Forgery.This issue affects WP Job Manager - Resume Manager: from n/a through 2.1.0.
CVE-2024-37237 - - Apr 23, 2026 Jan 2, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in fs-code FS Poster fs-poster allows Cross Site Request Forgery.This issue affects FS Poster: from n/a through <= 6.5.8.
CVE-2024-39623 1Cridio 1Listingpro Apr 23, 2026 Jan 2, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in CridioStudio ListingPro listingpro allows Authentication Bypass.This issue affects ListingPro: from n/a through <= 2.9.4.
CVE-2024-38778 - - Apr 23, 2026 Jan 2, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Epsiloncool WP Fast Total Search fulltext-search.This issue affects WP Fast Total Search: from n/a through <= 1.69.234.
CVE-2024-38764 - - Apr 28, 2026 Jan 2, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Marsian allows Cross Site Request Forgery.This issue affects i-transform: from n/a through 3.0.9.
CVE-2024-56251 - - Apr 23, 2026 Jan 2, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Event Espresso Event Espresso 4 Decaf event-espresso-decaf allows Cross Site Request Forgery.This issue affects Event Espresso 4 Decaf: from n/a through <= 5.0.28.decaf.

Previous 1...121122123...466 Next