Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,349)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-23737 1Savignano 1S Notify Jun 17, 2026 Jul 1, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross Site Request Forgery (CSRF) vulnerability in savignano S/Notify before 4.0.2 for Jira allows attackers to allows attackers to manipulate a user's S/MIME certificate of PGP key via malicious link or email.
CVE-2024-23736 - - Jun 17, 2026 Jul 1, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross Site Request Forgery (CSRF) vulnerability in savignano S/Notify before 4.0.2 for Confluence allows attackers to manipulate a user's S/MIME certificate of PGP key via malicious link or email.
CVE-2024-31902 1Ibm 1Infosphere Information Server Jun 17, 2026 Jun 30, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Forc...Show more IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 289234.Show less
CVE-2024-6405 1Varniinfotech 1Floating Social Buttons Jun 17, 2026 Jun 29, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The Floating Social Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the floating_social_buttons_...Show more The Floating Social Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the floating_social_buttons_option() function. This makes it possible for unauthenticated attackers to update the plugins settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2024-5712 1Stitionai 1Devika Jun 17, 2026 Jun 28, 2024 N/A· v4 8.1 HIGH· v3 N/A· v2 A Cross-Site Request Forgery (CSRF) vulnerability was identified in the stitionai/devika application, affecting the latest version. This vulnerability allows attackers to perform unauthorized actions in the context of a...Show more A Cross-Site Request Forgery (CSRF) vulnerability was identified in the stitionai/devika application, affecting the latest version. This vulnerability allows attackers to perform unauthorized actions in the context of a victim's browser, such as deleting projects or changing application settings, without any CSRF protection implemented. Successful exploitation disrupts the integrity and availability of the application and its data.Show less
CVE-2024-5935 1Pribai 1Privategpt Jun 17, 2026 Jun 27, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 A Cross-Site Request Forgery (CSRF) vulnerability in version 0.5.0 of imartinez/privategpt allows an attacker to delete all uploaded files on the server. This can lead to data loss and service disruption for the applicat...Show more A Cross-Site Request Forgery (CSRF) vulnerability in version 0.5.0 of imartinez/privategpt allows an attacker to delete all uploaded files on the server. This can lead to data loss and service disruption for the application's users.Show less
CVE-2024-39158 1Idccms 1Idccms Jun 17, 2026 Jun 27, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/userSys_deal.php?mudi=infoSet.
CVE-2024-39157 1Idccms 1Idccms Jun 17, 2026 Jun 27, 2024 N/A· v4 3.8 LOW· v3 N/A· v2 idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ipRecord_deal.php?mudi=del&dataType=&dataID=1.
CVE-2024-39156 1Idccms 1Idccms Jun 17, 2026 Jun 27, 2024 N/A· v4 3.8 LOW· v3 N/A· v2 idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/keyWord_deal.php?mudi=add.
CVE-2024-39155 1Idccms 1Idccms Jun 17, 2026 Jun 27, 2024 N/A· v4 6.8 MEDIUM· v3 N/A· v2 idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ipRecord_deal.php?mudi=add.
CVE-2024-39154 1Idccms 1Idccms Jun 17, 2026 Jun 27, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/keyWord_deal.php?mudi=del&dataType=word&dataTypeCN.
CVE-2024-39153 1Idccms 1Idccms Jun 17, 2026 Jun 27, 2024 N/A· v4 4.7 MEDIUM· v3 N/A· v2 idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/info_deal.php?mudi=del&dataType=news&dataTypeCN.
CVE-2024-4758 1Realwebcare 1Muslim Prayer Time Bd Jun 17, 2026 Jun 26, 2024 N/A· v4 7.6 HIGH· v3 N/A· v2 The Muslim Prayer Time BD WordPress plugin through 2.4 does not have CSRF check in place when reseting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack
CVE-2024-4757 1Wp Master 1Logo Manager For Enamad Jun 17, 2026 Jun 25, 2024 N/A· v4 8.1 HIGH· v3 N/A· v2 The Logo Manager For Enamad WordPress plugin through 0.7.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payl...Show more The Logo Manager For Enamad WordPress plugin through 0.7.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attackShow less
CVE-2021-45785 1Trudesk Project 1Trudesk Jun 17, 2026 Jun 24, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 TruDesk Help Desk/Ticketing Solution v1.1.11 is vulnerable to a Cross-Site Request Forgery (CSRF) attack which would allow an attacker to restart the server, causing a DoS attack. The attacker must craft a webpage that w...Show more TruDesk Help Desk/Ticketing Solution v1.1.11 is vulnerable to a Cross-Site Request Forgery (CSRF) attack which would allow an attacker to restart the server, causing a DoS attack. The attacker must craft a webpage that would perform a GET request to the /api/v1/admin/restart endpoint, then the victim (who has sufficient privileges), would visit the page and the server restart would begin. The attacker must know the full URL that TruDesk is on in order to craft the webpage.Show less
CVE-2024-4839 1Lollms 1Lollms Webui Jun 17, 2026 Jun 24, 2024 N/A· v4 3.3 LOW· v3 N/A· v2 A Cross-Site Request Forgery (CSRF) vulnerability exists in the 'Servers Configurations' function of the parisneo/lollms-webui, versions 9.6 to the latest. The affected functions include Elastic search Service (under con...Show more A Cross-Site Request Forgery (CSRF) vulnerability exists in the 'Servers Configurations' function of the parisneo/lollms-webui, versions 9.6 to the latest. The affected functions include Elastic search Service (under construction), XTTS service, Petals service, vLLM service, and Motion Ctrl service, which lack CSRF protection. This vulnerability allows attackers to deceive users into unwittingly installing the XTTS service among other packages by submitting a malicious installation request. Successful exploitation results in attackers tricking users into performing actions without their consent.Show less
CVE-2024-4499 1Lollms 1Lollms Jun 17, 2026 Jun 24, 2024 N/A· v4 6.3 MEDIUM· v3 N/A· v2 A Cross-Site Request Forgery (CSRF) vulnerability exists in the XTTS server of parisneo/lollms version 9.6 due to a lax CORS policy. The vulnerability allows attackers to perform unauthorized actions by tricking a user i...Show more A Cross-Site Request Forgery (CSRF) vulnerability exists in the XTTS server of parisneo/lollms version 9.6 due to a lax CORS policy. The vulnerability allows attackers to perform unauthorized actions by tricking a user into visiting a malicious webpage, which can then trigger arbitrary LoLLMS-XTTS API requests. This issue can lead to the reading and writing of audio files and, when combined with other vulnerabilities, could allow for the reading of arbitrary files on the system and writing files outside the permitted audio file location.Show less
CVE-2024-5596 - - Jun 17, 2026 Jun 22, 2024 N/A· v4 6.3 MEDIUM· v3 N/A· v2 The ARMember Premium plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.7. This is due to incorrectly implemented nonce validation function on multiple functions. This ma...Show more The ARMember Premium plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.7. This is due to incorrectly implemented nonce validation function on multiple functions. This makes it possible for unauthenticated attackers to modify, or delete user meta and plugin options which can lead to limited privilege escalation.Show less
CVE-2024-3593 1Sevenspark 1Ubermenu Jun 17, 2026 Jun 22, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The UberMenu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.3. This is due to missing or incorrect nonce validation on the ubermenu_delete_all_item_settings and...Show more The UberMenu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.3. This is due to missing or incorrect nonce validation on the ubermenu_delete_all_item_settings and ubermenu_reset_settings functions. This makes it possible for unauthenticated attackers to delete and reset the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2024-37230 1Rarathemes 1Book Landing Page Jun 17, 2026 Jun 21, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Book Landing Page.This issue affects Book Landing Page: from n/a through 1.2.3.

Previous 1...158159160...468 Next