Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,314)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-54423 - - Apr 23, 2026 Dec 16, 2024 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Jesse Overright Social Media Sharing social-media-sharing allows Stored XSS.This issue affects Social Media Sharing: from n/a through <= 1.1.
CVE-2024-54421 - - Apr 23, 2026 Dec 16, 2024 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Sanjay_Negi Floating Video Player floating-player allows Stored XSS.This issue affects Floating Video Player: from n/a through <= 1.0.
CVE-2024-54420 - - Apr 23, 2026 Dec 16, 2024 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Aleksandr Novikov Metrika metrika allows Cross Site Request Forgery.This issue affects Metrika: from n/a through <= 1.2.
CVE-2024-54419 - - Apr 23, 2026 Dec 16, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in chenyenming Ui Slider Filter By Price ui-slider-filter-by-price allows Cross Site Request Forgery.This issue affects Ui Slider Filter By Price: from n/a through <= 1.1.
CVE-2024-54418 - - Apr 23, 2026 Dec 16, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Diversified Technology Corp. DTC Documents dtc-documents allows Cross Site Request Forgery.This issue affects DTC Documents: from n/a through <= 1.1.05.
CVE-2024-54416 - - Apr 23, 2026 Dec 16, 2024 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Navdeep Wp Login with Ajax wp-login-with-ajax allows Stored XSS.This issue affects Wp Login with Ajax: from n/a through <= 0.6.
CVE-2024-54415 - - Apr 23, 2026 Dec 16, 2024 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in cconoly WP-HideThat wp-hide-that allows Stored XSS.This issue affects WP-HideThat: from n/a through <= 1.2.
CVE-2024-54414 - - Apr 23, 2026 Dec 16, 2024 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in geoWP Geoportail Shortcode geoportail-shortcode allows Stored XSS.This issue affects Geoportail Shortcode: from n/a through <= 2.4.4.
CVE-2024-54413 - - Apr 23, 2026 Dec 16, 2024 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in brandt-net Display Future Posts display-future-posts allows Stored XSS.This issue affects Display Future Posts: from n/a through <= 0.2.3.
CVE-2024-54412 - - Apr 23, 2026 Dec 16, 2024 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in etemplates ECT Product Carousel ect-product-carousel allows Stored XSS.This issue affects ECT Product Carousel: from n/a through <= 1.9.
CVE-2024-54411 - - Apr 23, 2026 Dec 16, 2024 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in hosting.io WP Controller wp-management-controller allows Stored XSS.This issue affects WP Controller: from n/a through <= 3.2.0.
CVE-2024-54410 - - Apr 23, 2026 Dec 16, 2024 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in eagerterrier SOPA Blackout sopa-blackout allows Stored XSS.This issue affects SOPA Blackout: from n/a through <= 1.4.
CVE-2024-54409 - - Apr 23, 2026 Dec 16, 2024 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in fzmaster XPD Reduce Image Filesize xpd-reduce-image-filesize allows Stored XSS.This issue affects XPD Reduce Image Filesize: from n/a through <= 1.0.
CVE-2024-54408 - - Apr 23, 2026 Dec 16, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in codehandling Youtube Video Grid youmax-channel-embeds-for-youtube-businesses allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Y...Show more Cross-Site Request Forgery (CSRF) vulnerability in codehandling Youtube Video Grid youmax-channel-embeds-for-youtube-businesses allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Youtube Video Grid: from n/a through <= 1.9.Show less
CVE-2024-54407 - - Apr 23, 2026 Dec 16, 2024 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in a328496647 CK and SyntaxHighlighter ck-and-syntaxhighlighter allows Stored XSS.This issue affects CK and SyntaxHighlighter: from n/a through <= 3.4.2.
CVE-2024-54405 - - Apr 23, 2026 Dec 16, 2024 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in etemplates ECT Social Share ect-social-share allows Stored XSS.This issue affects ECT Social Share: from n/a through <= 1.3.
CVE-2024-54404 - - Apr 23, 2026 Dec 16, 2024 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Nazmul Ahsan MDC Comment Toolbar mdc-comment-toolbar allows Stored XSS.This issue affects MDC Comment Toolbar: from n/a through <= 1.1.
CVE-2024-54401 - - Apr 23, 2026 Dec 16, 2024 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Ciprian Turcu Advanced Fancybox advanced-fancybox allows Stored XSS.This issue affects Advanced Fancybox: from n/a through <= 1.1.1.
CVE-2024-54400 - - Apr 23, 2026 Dec 16, 2024 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in meloniq AppMaps appmaps allows Stored XSS.This issue affects AppMaps: from n/a through <= 1.1.
CVE-2024-54399 - - Apr 23, 2026 Dec 16, 2024 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in CRUDLab CRUDLab Google Plus Button crudlab-google-plus allows Stored XSS.This issue affects CRUDLab Google Plus Button: from n/a through <= 1.0.2.

Previous 1...127128129...466 Next