Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,349)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-37227 1Tribulant 1Newsletters Jun 17, 2026 Jun 21, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a through 4.9.7.
CVE-2024-37212 1Ali2woo 2Ali2woo Aliexpress Dropshipping With Alinext Jun 17, 2026 Jun 21, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Ali2Woo Ali2Woo Lite.This issue affects Ali2Woo Lite: from n/a through 3.3.5.
CVE-2024-37198 1Blazethemes 1Digital Newspaper Jun 17, 2026 Jun 21, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in blazethemes Digital Newspaper.This issue affects Digital Newspaper: from n/a through 1.1.5.
CVE-2024-37118 1Uncannyowl 1Uncanny Automator Jun 17, 2026 Jun 21, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross Site Request Forgery (CSRF) vulnerability in Uncanny Owl Uncanny Automator Pro.This issue affects Uncanny Automator Pro: from n/a through 5.3.
CVE-2024-35772 1Presscustomizr 1Hueman Jun 17, 2026 Jun 21, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in presscustomizr Hueman.This issue affects Hueman: from n/a through 3.7.24.
CVE-2024-35771 1Presscustomizr 1Customizr Jun 17, 2026 Jun 21, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in presscustomizr Customizr.This issue affects Customizr: from n/a through 4.4.21.
CVE-2024-35770 1Davekiss 1Vimeography Jun 17, 2026 Jun 21, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Dave Kiss Vimeography: Vimeo Video Gallery WordPress Plugin.This issue affects Vimeography: Vimeo Video Gallery WordPress Plugin: from n/a through 2.4.1.
CVE-2024-4969 1Devnath Verma 1Widget Bundle Jun 17, 2026 Jun 21, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Widget Bundle WordPress plugin through 2.0.0 does not have CSRF checks when logging Widgets, which could allow attackers to make logged in admin enable/disable widgets via a CSRF attack
CVE-2024-4475 1Onetarek 1Wp Logs Book Jun 17, 2026 Jun 21, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The WP Logs Book WordPress plugin through 1.0.1 does not have CSRF check when clearing logs, which could allow attackers to make a logged in admin clear the logs them via a CSRF attack
CVE-2024-4474 1Onetarek 1Wp Logs Book Jun 17, 2026 Jun 21, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The WP Logs Book WordPress plugin through 1.0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVE-2024-4382 1Wielebenwir 1Commonsbooking Jun 17, 2026 Jun 21, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 The CB (legacy) WordPress plugin through 0.9.4.18 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting codes, timeframes, and boo...Show more The CB (legacy) WordPress plugin through 0.9.4.18 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting codes, timeframes, and bookings via CSRF attacksShow less
CVE-2023-25697 1Gamipress 1Gamipress Jun 17, 2026 Jun 19, 2024 N/A· v4 6.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in GamiPress.This issue affects GamiPress: from n/a through 2.5.6.
CVE-2024-5676 - - Jun 17, 2026 Jun 19, 2024 N/A· v4 6.8 MEDIUM· v3 N/A· v2 The Paradox IP150 Internet Module in version 1.40.00 is vulnerable to Cross-Site Request Forgery (CSRF) attacks due to a lack of countermeasures and the use of the HTTP method `GET` to introduce changes in the system.
CVE-2023-50900 1Averta 1Master Slider Jun 17, 2026 Jun 19, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Averta Master Slider.This issue affects Master Slider: from n/a through 3.9.10.
CVE-2024-1407 1Strangerstudios 1Paid Memberships Pro Jun 17, 2026 Jun 19, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.10. This is due to missi...Show more The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.10. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible for unauthenticated attackers to subscribe to, modify, or cancel membership for a user via a forged request granted they can trick a user into performing an action such as clicking on a link.Show less
CVE-2024-5343 - - Jun 17, 2026 Jun 19, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.19. This is due to missing or incorrect nonce validation o...Show more The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.19. This is due to missing or incorrect nonce validation on the 'rbs_ajax_create_article' and 'rbs_ajax_reset_views' functions. This makes it possible for unauthenticated attackers to create new posts and reset gallery view counts via a forged request granted they can trick a Contributor+ level user into performing an action such as clicking on a link.Show less
CVE-2024-4541 - - Jun 17, 2026 Jun 19, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Custom Product List Table plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.0. This is due to missing or incorrect nonce validation when modifying products. Th...Show more The Custom Product List Table plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.0. This is due to missing or incorrect nonce validation when modifying products. This makes it possible for unauthenticated attackers to add, delete, bulk edit, approve or cancel products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2024-38276 2Fedoraproject Moodle 2Fedora Moodle Jun 17, 2026 Jun 18, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Incorrect CSRF token checks resulted in multiple CSRF risks.
CVE-2024-38457 1Xenforo 1Xenforo Jun 17, 2026 Jun 16, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Xenforo before 2.2.16 allows CSRF.
CVE-2024-5551 1Wp Staging 1Wp Staging Jun 17, 2026 Jun 14, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 The WP STAGING Pro WordPress Backup Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.6.0. This is due to missing or incorrect nonce validation on the 'sub' p...Show more The WP STAGING Pro WordPress Backup Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.6.0. This is due to missing or incorrect nonce validation on the 'sub' parameter called from the WP STAGING WordPress Backup Plugin - Backup Duplicator & Migration plugin. This makes it possible for unauthenticated attackers to include any local files that end in '-settings.php' via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less

Previous 1...159160161...468 Next