Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,314)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-47634 1Majas Lapu Izstrade 1Cartbounty Jun 17, 2026 Oct 20, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Streamline CartBounty – Save and recover abandoned carts for WooCommerce woo-save-abandoned-carts allows Cross Site Request Forgery.This issue affects CartBounty – Save...Show more Cross-Site Request Forgery (CSRF) vulnerability in Streamline CartBounty – Save and recover abandoned carts for WooCommerce woo-save-abandoned-carts allows Cross Site Request Forgery.This issue affects CartBounty – Save and recover abandoned carts for WooCommerce: from n/a through <= 8.2.Show less
CVE-2024-49629 1Androidbubbles 1Endless Posts Navigation Jun 17, 2026 Oct 20, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Fahad Mahmood Endless Posts Navigation endless-posts-navigation allows Stored XSS.This issue affects Endless Posts Navigation: from n/a through <= 2.2.7.
CVE-2024-49617 1Bhaskardhote 1Back Link Tracker Jun 17, 2026 Oct 20, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in anciwasim Back Link Tracker back-link-tracker allows Blind SQL Injection.This issue affects Back Link Tracker: from n/a through <= 1.0.0.
CVE-2024-49615 1Henriquerodrigues 1Safetyforms Jun 17, 2026 Oct 20, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Henrique Rodrigues SafetyForms safetymails-forms allows Blind SQL Injection.This issue affects SafetyForms: from n/a through <= 1.0.0.
CVE-2024-49605 1Avchat.net 1Avchat Video Chat Jun 17, 2026 Oct 20, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Stefan Nour AVChat Video Chat avchat-3 allows Stored XSS.This issue affects AVChat Video Chat: from n/a through <= 2.2.
CVE-2024-49335 1Edush Maxim 1Googledrive Folder List Jun 17, 2026 Oct 20, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in sh4d0w28 GoogleDrive folder list googledrive-folder-list allows Stored XSS.This issue affects GoogleDrive folder list: from n/a through <= 2.2.2.
CVE-2024-49622 1Apa 1Apa Banner Slider Jun 17, 2026 Oct 20, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in aatmaadhikari Apa Banner Slider apa-banner-slider allows SQL Injection.This issue affects Apa Banner Slider: from n/a through <= 1.0.0.
CVE-2024-49621 1Apa 1Apa Register Newsletter Form Jun 17, 2026 Oct 20, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in aatmaadhikari APA Register Newsletter Form apa-register-newsletter-form allows SQL Injection.This issue affects APA Register Newsletter Form: from n/a through <= 1.0.0.
CVE-2023-6243 1Myeventon 1Eventon Lite Jun 17, 2026 Oct 19, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The EventON PRO - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.8. This is due to missing or incorrect nonce validation...Show more The EventON PRO - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.8. This is due to missing or incorrect nonce validation on the admin_test_email function. This makes it possible for unauthenticated attackers to send test emails to arbitrary email addresses via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2024-10040 1Infinite Scroll 1Infinite Scroll Jun 17, 2026 Oct 18, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Infinite-Scroll plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.2. This is due to missing or incorrect nonce validation on the process_ajax_edit and process_...Show more The Infinite-Scroll plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.2. This is due to missing or incorrect nonce validation on the process_ajax_edit and process_ajax_delete function. This makes it possible for unauthenticated attackers to make changes to plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2024-49313 - - Jun 17, 2026 Oct 17, 2024 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in rudestan VKontakte Wall Post vkontakte-wall-post allows Stored XSS.This issue affects VKontakte Wall Post: from n/a through <= 2.0.
CVE-2024-49304 - - Jun 17, 2026 Oct 17, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in DOTonPAPER Pinpoint Booking System booking-system allows Stored XSS.This issue affects Pinpoint Booking System: from n/a through <= 2.9.9.5.7.
CVE-2024-49237 1Ahmetimamoglu 1Ahmeti Wp Timeline Jun 17, 2026 Oct 17, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in ahmeti Ahmeti Wp Timeline ahmeti-wp-timeline allows Stored XSS.This issue affects Ahmeti Wp Timeline: from n/a through <= 5.1.
CVE-2024-49229 1Arifnezami 1Better Author Bio Jun 17, 2026 Oct 17, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in arifnezami Better Author Bio better-author-bio allows Reflected XSS.This issue affects Better Author Bio: from n/a thr...Show more Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in arifnezami Better Author Bio better-author-bio allows Reflected XSS.This issue affects Better Author Bio: from n/a through <= 2.7.10.11.Show less
CVE-2024-49223 1Shibulijack 1Cj Change Howdy Jun 17, 2026 Oct 17, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in shibulijack CJ Change Howdy cj-change-howdy allows Cross Site Request Forgery.This issue affects CJ Change Howdy: from n/a through <= 3.3.1.
CVE-2024-49221 1Julianweinert 1Cslider Jun 17, 2026 Oct 17, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in julian.weinert cSlider cslider allows Cross Site Request Forgery.This issue affects cSlider: from n/a through <= 2.4.2.
CVE-2024-49220 1Cookie Scanner 1Cookie Scanner Jun 17, 2026 Oct 17, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Nikel Cookie Scanner cookie-scanner allows Cross Site Request Forgery.This issue affects Cookie Scanner: from n/a through <= 1.1.
CVE-2024-48048 - - Jun 17, 2026 Oct 17, 2024 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in GabbyKhrmon Wsify Widget wsify-widget allows Stored XSS.This issue affects Wsify Widget: from n/a through <= 1.0.
CVE-2024-48037 - - Jun 17, 2026 Oct 17, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Contact Form Widget new-contact-form-widget allows Cross Site Request Forgery.This issue affects Contact Form Widget: from n/a through <= 1.4.2.
CVE-2024-48031 - - Jun 17, 2026 Oct 17, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in sumitsurai Featured Posts with Multiple Custom Groups (FPMCG) featured-posts-with-multiple-custom-groups-fpmcg allows Cross Site Request Forgery.This issue affects Featu...Show more Cross-Site Request Forgery (CSRF) vulnerability in sumitsurai Featured Posts with Multiple Custom Groups (FPMCG) featured-posts-with-multiple-custom-groups-fpmcg allows Cross Site Request Forgery.This issue affects Featured Posts with Multiple Custom Groups (FPMCG): from n/a through <= 4.0.Show less

Previous 1...140141142...466 Next