Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,314)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-42605 1Pligg 1Pligg Cms Jun 17, 2026 Aug 20, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/edit_page.php?link_id=1
CVE-2024-42604 1Pligg 1Pligg Cms Jun 17, 2026 Aug 20, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_group.php?mode=delete&group_id=3
CVE-2024-42603 1Pligg 1Pligg Cms Jun 17, 2026 Aug 20, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=clearall
CVE-2024-42608 1Pligg 1Pligg Cms Jun 17, 2026 Aug 20, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/submit_page.php.
CVE-2024-42586 1Siamonhasan 1Warehouse Inventory System Jun 17, 2026 Aug 20, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 A Cross-Site Request Forgery (CSRF) in the component categorie.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.
CVE-2024-42585 1Siamonhasan 1Warehouse Inventory System Jun 17, 2026 Aug 20, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 A Cross-Site Request Forgery (CSRF) in the component delete_media.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.
CVE-2024-42584 1Siamonhasan 1Warehouse Inventory System Jun 17, 2026 Aug 20, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 A Cross-Site Request Forgery (CSRF) in the component delete_product.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.
CVE-2024-42583 1Siamonhasan 1Warehouse Inventory System Jun 17, 2026 Aug 20, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 A Cross-Site Request Forgery (CSRF) in the component delete_user.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.
CVE-2024-42582 1Siamonhasan 1Warehouse Inventory System Jun 17, 2026 Aug 20, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 A Cross-Site Request Forgery (CSRF) in the component delete_categorie.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.
CVE-2024-42581 1Siamonhasan 1Warehouse Inventory System Jun 17, 2026 Aug 20, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 A Cross-Site Request Forgery (CSRF) in the component delete_group.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.
CVE-2024-42580 1Siamonhasan 1Warehouse Inventory System Jun 17, 2026 Aug 20, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 A Cross-Site Request Forgery (CSRF) in the component edit_group.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.
CVE-2024-42579 1Siamonhasan 1Warehouse Inventory System Jun 17, 2026 Aug 20, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 A Cross-Site Request Forgery (CSRF) in the component add_group.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.
CVE-2024-42578 1Siamonhasan 1Warehouse Inventory System Jun 17, 2026 Aug 20, 2024 N/A· v4 8.0 HIGH· v3 N/A· v2 A Cross-Site Request Forgery (CSRF) in the component edit_product.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.
CVE-2024-42577 1Siamonhasan 1Warehouse Inventory System Jun 17, 2026 Aug 20, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 A Cross-Site Request Forgery (CSRF) in the component add_product.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.
CVE-2024-42576 1Siamonhasan 1Warehouse Inventory System Jun 17, 2026 Aug 20, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 A Cross-Site Request Forgery (CSRF) in the component edit_categorie.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.
CVE-2024-42557 1Vaibhavverma9999 1Hotel Management System Jun 17, 2026 Aug 20, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 A Cross-Site Request Forgery (CSRF) in the component admin_modify_room.php of Hotel Management System commit 91caab8 allows attackers to escalate privileges.
CVE-2024-42555 1Vaibhavverma9999 1Hotel Management System Jun 17, 2026 Aug 20, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 A Cross-Site Request Forgery (CSRF) in the component admin_room_removed.php of Hotel Management System commit 91caab8 allows attackers to escalate privileges.
CVE-2024-42553 1Vaibhavverma9999 1Hotel Management System Jun 17, 2026 Aug 20, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 A Cross-Site Request Forgery (CSRF) in the component admin_room_added.php of Hotel Management System commit 91caab8 allows attackers to escalate privileges.
CVE-2024-7850 - - Jun 17, 2026 Aug 20, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The BP Profile Search plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.7.5. This is due to missing or incorrect nonce validation on the bps_ajax_field_selector(), b...Show more The BP Profile Search plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.7.5. This is due to missing or incorrect nonce validation on the bps_ajax_field_selector(), bps_ajax_template_options(), and bps_ajax_field_row() functions. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2023-3409 1Bricksbuilder 1Bricks Jun 17, 2026 Aug 17, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Bricks theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.1. This is due to missing or incorrect nonce validation on the 'reset_settings' function. This makes it pos...Show more The Bricks theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.1. This is due to missing or incorrect nonce validation on the 'reset_settings' function. This makes it possible for unauthenticated attackers to reset the theme's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less

Previous 1...148149150...466 Next