Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,314)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-7687 1Azindex Project 1Azindex Jun 17, 2026 Sep 9, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The AZIndex WordPress plugin through 0.8.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF...Show more The AZIndex WordPress plugin through 0.8.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.Show less
CVE-2024-6925 1Themetechmount 1Truebooker Jun 17, 2026 Sep 8, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The TrueBooker WordPress plugin before 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.
CVE-2024-6856 1Ngothang 1Wp Multitasking Jun 17, 2026 Sep 8, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVE-2024-6855 1Ngothang 1Wp Multitasking Jun 17, 2026 Sep 8, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating exit popups, which could allow attackers to make logged admins perform such action via a CSRF attack
CVE-2024-6853 1Ngothang 1Wp Multitasking Jun 17, 2026 Sep 8, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating welcome popups, which could allow attackers to make logged admins perform such action via a CSRF attack
CVE-2024-6852 1Ngothang 1Wp Multitasking Jun 17, 2026 Sep 8, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVE-2024-45172 1C Mor 1C Mor Video Surveillance Jun 17, 2026 Sep 4, 2024 N/A· v4 6.8 MEDIUM· v3 N/A· v2 An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to missing protection mechanisms, the C-MOR web interface is vulnerable to cross-site request forgery (CSRF) attacks. The C-MOR web...Show more An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to missing protection mechanisms, the C-MOR web interface is vulnerable to cross-site request forgery (CSRF) attacks. The C-MOR web interface offers no protection against cross-site request forgery (CSRF) attacks.Show less
CVE-2024-8414 1Munyweki 1Insurance Management System Jun 17, 2026 Sep 4, 2024 6.9 MEDIUM· v4 4.3 MEDIUM· v3 5.0 MEDIUM· v2 A vulnerability has been found in SourceCodester Insurance Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request for...Show more A vulnerability has been found in SourceCodester Insurance Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2024-7690 1Digireturn 1Dn Popup Jun 17, 2026 Sep 2, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The DN Popup WordPress plugin through 1.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVE-2024-45527 1Vanderbilt 1Redcap Jun 17, 2026 Sep 2, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 REDCap 14.7.0 allows HTML injection via the project title of a New Project action. This can lead to resultant logout CSRF via index.php?logout=1, and can also be used to insert a link to an external phishing website.
CVE-2024-45270 1Majeedraza 1Carousel Slider Jun 17, 2026 Sep 2, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 WordPress plugin "Carousel Slider" provided by Sayful Islam contains a cross-site request forgery vulnerability on Hero image selection feature. While logged in to the WordPress site with Carousel Slider plugin enabled,...Show more WordPress plugin "Carousel Slider" provided by Sayful Islam contains a cross-site request forgery vulnerability on Hero image selection feature. While logged in to the WordPress site with Carousel Slider plugin enabled, accessing a crafted page may cause a user to alter the contents of the WordPress site.Show less
CVE-2024-45269 1Majeedraza 1Carousel Slider Jun 17, 2026 Sep 2, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 WordPress plugin "Carousel Slider" provided by Sayful Islam contains a cross-site request forgery vulnerability on Carousel image selection feature. While logged in to the WordPress site with Carousel Slider plugin enabl...Show more WordPress plugin "Carousel Slider" provided by Sayful Islam contains a cross-site request forgery vulnerability on Carousel image selection feature. While logged in to the WordPress site with Carousel Slider plugin enabled, accessing a crafted page may cause a user to alter the contents of the WordPress site.Show less
CVE-2024-8319 1Themeific 1Tourfic Jun 17, 2026 Aug 30, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Tourfic plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.11.20. This is due to missing or incorrect nonce validation on the tf_order_status_email_resend_functio...Show more The Tourfic plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.11.20. This is due to missing or incorrect nonce validation on the tf_order_status_email_resend_function, tf_visitor_details_edit_function, tf_checkinout_details_edit_function, tf_order_status_edit_function, tf_order_bulk_action_edit_function, tf_remove_room_order_ids, and tf_delete_old_review_fields functions. This makes it possible for unauthenticated attackers to resend order status emails, update visitor/order details, edit check-in/out details, edit order status, perform bulk order status updates, remove room order IDs, and delete old review fields, respectively, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2024-43947 1Dineshkarki 1Wp Armour Jun 17, 2026 Aug 29, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Dinesh Karki WP Armour Extended.This issue affects WP Armour Extended: from n/a through 1.26.
CVE-2024-42793 1Lopalopa 1Music Management System Jun 17, 2026 Aug 28, 2024 N/A· v4 8.0 HIGH· v3 N/A· v2 A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Music Management System v1.0 via a crafted request to the /music/ajax.php?action=save_user page.
CVE-2024-8200 1Smashballoon 1Reviews Feed Jun 17, 2026 Aug 27, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.2. This...Show more The Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the 'update_api_key' function. This makes it possible for unauthenticated attackers to update an API key via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2024-45264 1Skyss 1Arfa Cms Jun 17, 2026 Aug 27, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 A cross-site request forgery (CSRF) vulnerability in the admin panel in SkySystem Arfa-CMS before 5.1.3124 allows remote attackers to add a new administrator, leading to escalation of privileges.
CVE-2024-43356 1Bobbingwide 1Oik Jun 17, 2026 Aug 26, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in bobbingwide.This issue affects oik: from n/a through 4.12.0.
CVE-2024-43340 1Advancedformintegration 1Advanced Form Integration Jun 17, 2026 Aug 26, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Nasirahmed Advanced Form Integration.This issue affects Advanced Form Integration: from n/a through 1.89.4.
CVE-2024-43339 1Webinarpress 1Webinarpress Jun 17, 2026 Aug 26, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in WebinarPress allows Cross-Site Scripting (XSS).This issue affects WebinarPress: from n/a through 1.33.20.

Previous 1...145146147...466 Next