Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,314)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-43337 1Getbrave 1Brave Jun 17, 2026 Aug 26, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Brave Brave Popup Builder.This issue affects Brave Popup Builder: from n/a through 0.7.0.
CVE-2024-43336 1Wpusermanager 1Wp User Manager Jun 17, 2026 Aug 26, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in WP User Manager WP User Manager wp-user-manager.This issue affects WP User Manager: from n/a through <= 2.9.10.
CVE-2024-43325 1Naiches 1Dark Mode For Wp Dashboard Jun 17, 2026 Aug 26, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Naiche Dark Mode for WP Dashboard.This issue affects Dark Mode for WP Dashboard: from n/a through 1.2.3.
CVE-2024-43316 1Checkoutplugins 1Stripe Payments For Woocommerce Jun 17, 2026 Aug 26, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Checkout Plugins Stripe Payments For WooCommerce by Checkout.This issue affects Stripe Payments For WooCommerce by Checkout: from n/a through 1.9.1.
CVE-2024-43301 1Fontsplugin 1Fonts Jun 17, 2026 Aug 26, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Fonts Plugin Fonts allows Stored XSS.This issue affects Fonts: from n/a through 3.7.7.
CVE-2024-43299 1Softaculous 1Speedycache Jun 17, 2026 Aug 26, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Softaculous SpeedyCache speedycache.This issue affects SpeedyCache: from n/a through <= 1.1.8.
CVE-2024-43295 1Wpdataaccess 1Wp Data Access Jun 17, 2026 Aug 26, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Passionate Programmers B.V. WP Data Access.This issue affects WP Data Access: from n/a through 5.5.7.
CVE-2024-43287 1Sendinblue 1Newsletter, Smtp, Email Marketing And Subscribe Jun 17, 2026 Aug 26, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Brevo Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue.This issue affects Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue: from n/...Show more Cross-Site Request Forgery (CSRF) vulnerability in Brevo Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue.This issue affects Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue: from n/a through 3.1.82.Show less
CVE-2024-43269 1Wpbackitup 1Backup And Restore Wordpress Jun 17, 2026 Aug 26, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in WPBackItUp Backup and Restore WordPress.This issue affects Backup and Restore WordPress: from n/a through 1.50.
CVE-2024-43265 1Analytify 1Analytify Google Analytics Dashboard Jun 17, 2026 Aug 26, 2024 N/A· v4 3.5 LOW· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Analytify.This issue affects Analytify: from n/a through 5.3.1.
CVE-2024-43255 1Stormhillmedia 1Mybook Table Bookstore Jun 17, 2026 Aug 26, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zookatron MyBookTable Bookstore mybooktable.This issue affects MyBookTable Bookstore: from n/a through <= 3.3.9.
CVE-2024-43117 1Wpmudev 1Hummingbird Jun 17, 2026 Aug 26, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in WPMU DEV - Your All-in-One WordPress Platform Hummingbird hummingbird-performance.This issue affects Hummingbird: from n/a through <= 3.9.1.
CVE-2024-43116 110up 1Simple Local Avatars Jun 17, 2026 Aug 26, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in 10up Simple Local Avatars.This issue affects Simple Local Avatars: from n/a through 2.7.10.
CVE-2024-39657 1Sender 1Sender Jun 17, 2026 Aug 26, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Sender Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce.This issue affects Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce...Show more Cross-Site Request Forgery (CSRF) vulnerability in Sender Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce.This issue affects Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce: from n/a through 2.6.18.Show less
CVE-2024-39645 1Themeum 1Tutor Lms Jun 17, 2026 Aug 26, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.7.2.
CVE-2024-39641 1Thimpress 1Learnpress Jun 17, 2026 Aug 26, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in ThimPress LearnPress.This issue affects LearnPress: from n/a through 4.2.6.8.2.
CVE-2024-39628 1Ninjaforms 1Ninja Forms Jun 17, 2026 Aug 26, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Saturday Drive Ninja Forms allows Cross Site Request Forgery.This issue affects Ninja Forms: from n/a through 3.8.6.
CVE-2024-42792 1Lopalopa 1Music Management System Jun 17, 2026 Aug 26, 2024 N/A· v4 3.5 LOW· v3 N/A· v2 A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Music Management System v1.0 via /music/ajax.php?action=delete_playlist page.
CVE-2024-8120 1Imagerecycle 1Imagerecycle Pdf & Image Compression Jun 17, 2026 Aug 24, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.14. This is due to missing or incorrect nonce validation on several func...Show more The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.14. This is due to missing or incorrect nonce validation on several functions in the class/class-image-otimizer.php file. This makes it possible for unauthenticated attackers to update plugin settings along with performing other actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2024-7568 1Pixeljar 1Favicon Generator Jun 17, 2026 Aug 24, 2024 N/A· v4 8.1 HIGH· v3 N/A· v2 The Favicon Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the output_sub_admin_page_0 function....Show more The Favicon Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the output_sub_admin_page_0 function. This makes it possible for unauthenticated attackers to delete arbitrary files on the server via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. The plugin author deleted the functionality of the plugin to patch this issue and close the plugin, we recommend seeking an alternative to this plugin. CVE-2024-7864 appears to be a duplicate of this issue.Show less

Previous 1...146147148...466 Next