Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,334)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-5280 1Tipsandtricks Hq 1Wp Affiliate Platform Jun 17, 2026 Jul 13, 2024 N/A· v4 4.7 MEDIUM· v3 N/A· v2 The wp-affiliate-platform WordPress plugin before 6.5.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make non-logged in users execute an XSS pay...Show more The wp-affiliate-platform WordPress plugin before 6.5.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make non-logged in users execute an XSS payload via a CSRF attackShow less
CVE-2024-5167 1Cminds 1Cm E Mail Blacklist Jun 17, 2026 Jul 13, 2024 N/A· v4 8.1 HIGH· v3 N/A· v2 The CM Email Registration Blacklist and Whitelist WordPress plugin before 1.4.9 does not have CSRF check when adding or deleting an item from the blacklist or whitelist, which could allow attackers to make a logged in ad...Show more The CM Email Registration Blacklist and Whitelist WordPress plugin before 1.4.9 does not have CSRF check when adding or deleting an item from the blacklist or whitelist, which could allow attackers to make a logged in admin add or delete settings from the blacklist or whitelist menu via a CSRF attackShow less
CVE-2024-5077 1Tipsandtricks Hq 1Wp Emember Jun 17, 2026 Jul 13, 2024 N/A· v4 6.8 MEDIUM· v3 N/A· v2 The wp-eMember WordPress plugin before 10.6.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CS...Show more The wp-eMember WordPress plugin before 10.6.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attackShow less
CVE-2024-5076 1Tipsandtricks Hq 1Wp Emember Jun 17, 2026 Jul 13, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 The wp-eMember WordPress plugin before 10.6.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
CVE-2024-5034 1Toolstack 1Sully Jun 17, 2026 Jul 13, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 The SULly WordPress plugin before 4.3.1 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
CVE-2024-5033 1Toolstack 1Sully Jun 17, 2026 Jul 13, 2024 N/A· v4 5.9 MEDIUM· v3 N/A· v2 The SULly WordPress plugin before 4.3.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF att...Show more The SULly WordPress plugin before 4.3.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attackShow less
CVE-2024-5028 1Cminds 1Cm Search And Replace Jun 17, 2026 Jul 13, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 The CM WordPress Search And Replace Plugin WordPress plugin before 1.3.9 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
CVE-2024-3632 1Codepeople 1Smart Image Gallery Jun 17, 2026 Jul 13, 2024 N/A· v4 6.8 MEDIUM· v3 N/A· v2 The Smart Image Gallery WordPress plugin before 1.0.19 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVE-2024-37941 - - Jun 17, 2026 Jul 12, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Internal Link Juicer Internal Link Juicer: SEO Auto Linker for WordPress.This issue affects Internal Link Juicer: SEO Auto Linker for WordPress: from n/a through 2.24.3.
CVE-2024-37940 - - Jun 17, 2026 Jul 12, 2024 N/A· v4 7.4 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Seraphinite Solutions Seraphinite Accelerator (Full, premium).This issue affects Seraphinite Accelerator (Full, premium): from n/a through 2.21.13.
CVE-2024-37939 - - Jun 17, 2026 Jul 12, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in VolThemes Patricia Lite.This issue affects Patricia Lite: from n/a through 1.2.3.
CVE-2024-37938 - - Jun 17, 2026 Jul 12, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in MyThemeShop SociallyViral.This issue affects SociallyViral: from n/a through 1.0.10.
CVE-2024-37213 - - Jun 17, 2026 Jul 12, 2024 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in guru-aliexpress AliNext ali2woo-lite allows Cross Site Request Forgery.This issue affects AliNext: from n/a through <= 3.4.6.
CVE-2024-35773 - - Jun 17, 2026 Jul 12, 2024 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in WPJohnny, zerOneIT Comment Reply Email allows Cross-Site Scripting (XSS).This issue affects Comment Reply Email: from n/a through 1.3.
CVE-2024-6024 1Adamsolymosi 1Contentlock Jun 17, 2026 Jul 12, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 The ContentLock WordPress plugin through 1.0.3 does not have CSRF check in place when deleting groups or emails, which could allow attackers to make a logged in admin remove them via a CSRF attack
CVE-2024-6023 1Adamsolymosi 1Contentlock Jun 17, 2026 Jul 12, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 The ContentLock WordPress plugin through 1.0.3 does not have CSRF check in place when adding emails, which could allow attackers to make a logged in admin perform such action via a CSRF attack
CVE-2024-6022 1Adamsolymosi 1Contentlock Jun 17, 2026 Jul 12, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 The ContentLock WordPress plugin through 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVE-2024-1375 - - Jun 17, 2026 Jul 12, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Event post plugin for WordPress is vulnerable to unauthorized bulk metadata update due to a missing nonce check on the save_bulkdatas function in all versions up to, and including, 5.9.10. This makes it possible for...Show more The Event post plugin for WordPress is vulnerable to unauthorized bulk metadata update due to a missing nonce check on the save_bulkdatas function in all versions up to, and including, 5.9.10. This makes it possible for unauthenticated attackers to update post_meta_data via a forged request, granted they can trick a logged-in user into performing an action such as clicking on a link.Show less
CVE-2024-1845 1E4jconnect 1Vikrentcar Jun 17, 2026 Jul 11, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 The VikRentCar Car Rental Management System WordPress plugin before 1.3.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
CVE-2024-6649 1Oretnom23 1Employee And Visitor Gate Pass Logging System Jun 17, 2026 Jul 10, 2024 6.9 MEDIUM· v4 6.5 MEDIUM· v3 5.0 MEDIUM· v2 A vulnerability has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0 and classified as problematic. Affected by this vulnerability is the function save_users of the file Users.php. The manip...Show more A vulnerability has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0 and classified as problematic. Affected by this vulnerability is the function save_users of the file Users.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-271057 was assigned to this vulnerability.Show less

Previous 1...154155156...467 Next