CWE-352
9,314 CVEs • Abstraction: Compound • Likelihood of Exploit: Medium
Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
CVEs (9,314)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
Cross-Site Request Forgery (CSRF) vulnerability in jcaruso001 Flaming Forms flaming-forms allows Stored XSS.This issue affects Flaming Forms: from n/a through <= 1.0.1. |
Cross-Site Request Forgery (CSRF) vulnerability in antonio.gocaj Go Animate goanimate allows Stored XSS.This issue affects Go Animate: from n/a through <= 1.0. |
Cross-Site Request Forgery (CSRF) vulnerability in elmervillanueva Bet sport Free bet-sport-free allows Cross Site Request Forgery.This issue affects Bet sport Free: from n/a through <= 1.0.0. |
Cross-Site Request Forgery (CSRF) vulnerability in khubbaib Mandrill WP email-form-under-post allows Stored XSS.This issue affects Mandrill WP: from n/a through <= 1.0.5. |
Cross-Site Request Forgery (CSRF) vulnerability in Sheikh Heera WP Fiddle wp-fiddle allows Stored XSS.This issue affects WP Fiddle: from n/a through <= 1.0. |
Cross-Site Request Forgery (CSRF) vulnerability in midoks WP微信机器人 wp-weixin-robot allows Stored XSS.This issue affects WP微信机器人: from n/a through <= 5.3.5. |
Cross-Site Request Forgery (CSRF) vulnerability in mattwalters WordPress Filter wordpress-filter allows Stored XSS.This issue affects WordPress Filter: from n/a through <= 1.4.1. |
Cross-Site Request Forgery (CSRF) vulnerability in Eduardo addWeather myweather allows Cross Site Request Forgery.This issue affects addWeather: from n/a through <= 2.5.1. |
Cross-Site Request Forgery (CSRF) vulnerability in Phuc Pham Multiple Admin Emails multiple-admin-emails allows Cross Site Request Forgery.This issue affects Multiple Admin Emails: from n/a through <= 1.0. |
Cross-Site Request Forgery (CSRF) vulnerability in pushmonkey Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart push-monkey-desktop-push-notifications allows Cross Site Request Forgery.This issue af...Show more |
Cross-Site Request Forgery (CSRF) vulnerability in Sourov Amin Insertify insertify allows Code Injection.This issue affects Insertify: from n/a through <= 1.1.4. |
Cross-Site Request Forgery (CSRF) vulnerability in rubengarzajr GitSync git-sync allows Code Injection.This issue affects GitSync: from n/a through <= 1.1.0. |
1Vcita 2Online Booking & Scheduling Calendar Online Booking & Scheduling Calendar For Wordpress By VcitaApr 23, 2026 Dec 16, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita meeting-scheduler-by-vcita allows Cross Site Request Forgery.This issue affects Online Booking & Schedu...Show more |
Cross-Site Request Forgery (CSRF) vulnerability in brandtoss WP Mailster wp-mailster allows Cross Site Request Forgery.This issue affects WP Mailster: from n/a through <= 1.8.17.0. |
Cross-Site Request Forgery (CSRF) vulnerability in wpgear Hack-Info hack-info allows Stored XSS.This issue affects Hack-Info: from n/a through <= 3.17. |
Cross-Site Request Forgery (CSRF) vulnerability in Sabri Sogrid sogrid allows Privilege Escalation.This issue affects Sogrid: from n/a through <= 1.5.2. |
Cross-Site Request Forgery (CSRF) vulnerability in WPFactory WP Currency Exchange Rates wp-currency-exchange-rates allows Stored XSS.This issue affects WP Currency Exchange Rates: from n/a through <= 1.2.0. |
Cross-Site Request Forgery (CSRF) vulnerability in Micha I Plant A Tree i-plant-a-tree allows Stored XSS.This issue affects I Plant A Tree: from n/a through <= 1.7.3. |
Cross-Site Request Forgery (CSRF) vulnerability in WPENGINE, INC. Advanced Custom Fields PRO.This issue affects Advanced Custom Fields PRO: from n/a before 6.3.2. |
The topm-client from Chunghwa Telecom has an Arbitrary File Delete vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF pro...Show more |