Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,349)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-5155 1Ravster 1Inquiry Cart Jun 17, 2026 Jun 14, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The Inquiry cart WordPress plugin through 3.4.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a...Show more The Inquiry cart WordPress plugin through 3.4.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attackShow less
CVE-2024-4751 1Goprayer 1Prayer Jun 17, 2026 Jun 14, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The WP Prayer II WordPress plugin through 2.4.7 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVE-2024-4480 1Goprayer 1Prayer Jun 17, 2026 Jun 14, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The WP Prayer II WordPress plugin through 2.4.7 does not have CSRF check in place when updating its email settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVE-2024-3993 1Wp Master 1Azan Jun 17, 2026 Jun 14, 2024 N/A· v4 4.6 MEDIUM· v3 N/A· v2 The AZAN Plugin WordPress plugin through 0.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSR...Show more The AZAN Plugin WordPress plugin through 0.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attackShow less
CVE-2024-3972 1Davidjmiller 1Similarity Jun 17, 2026 Jun 14, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Similarity WordPress plugin through 3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF...Show more The Similarity WordPress plugin through 3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attackShow less
CVE-2024-3971 1Davidjmiller 1Similarity Jun 17, 2026 Jun 14, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Similarity WordPress plugin through 3.0 does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack
CVE-2024-3965 1Projectcaruso 1Pray For Me Jun 17, 2026 Jun 14, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The Pray For Me WordPress plugin through 1.0.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVE-2024-0892 - - Jun 17, 2026 Jun 14, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Schema App Structured Data plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing or incorrect nonce validation on the MarkUpdate function...Show more The Schema App Structured Data plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing or incorrect nonce validation on the MarkUpdate function. This makes it possible for unauthenticated attackers to update and delete post metadata via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2023-6492 - - Jun 17, 2026 Jun 14, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Simple Sitemap – Create a Responsive HTML Sitemap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.13. This is due to missing or incorrect nonce validation in...Show more The Simple Sitemap – Create a Responsive HTML Sitemap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.13. This is due to missing or incorrect nonce validation in the 'admin_notices' hook found in class-settings.php. This makes it possible for unauthenticated attackers to reset the plugin options to a default state via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2024-37306 1Cvat 1Computer Vision Annotation Tool Jun 17, 2026 Jun 13, 2024 N/A· v4 7.1 HIGH· v3 N/A· v2 Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Starting in version 2.2.0 and prior to version 2.14.3, if an attacker can trick a logged-in CVAT user into vis...Show more Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Starting in version 2.2.0 and prior to version 2.14.3, if an attacker can trick a logged-in CVAT user into visiting a malicious URL, they can initiate a dataset export or a backup from a project, task or job that the victim user has permission to export into a cloud storage that the victim user has access to. The name of the resulting file can be chosen by the attacker. This implies that the attacker can overwrite arbitrary files in any cloud storage that the victim can access and, if the attacker has read access to the cloud storage used in the attack, they can obtain media files, annotations, settings and other information from any projects, tasks or jobs that the victim has permission to export. Version 2.14.3 contains a fix for the issue. No known workarounds are available.Show less
CVE-2024-38293 1Alcasar 1Alcasar Jun 17, 2026 Jun 13, 2024 N/A· v4 9.6 CRITICAL· v3 N/A· v2 ALCASAR before 3.6.1 allows CSRF and remote code execution in activity.php.
CVE-2023-47845 - - Jun 17, 2026 Jun 12, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Lim Kai Yang Grab & Save.This issue affects Grab & Save: from n/a through 1.0.4.
CVE-2024-35207 1Siemens 1Sinec Traffic Analyzer Jun 17, 2026 Jun 11, 2024 8.5 HIGH· v4 7.8 HIGH· v3 N/A· v2 A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The web interface of the affected devices are vulnerable to Cross-Site Request Forgery(CSRF) attacks. By tricking...Show more A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The web interface of the affected devices are vulnerable to Cross-Site Request Forgery(CSRF) attacks. By tricking an authenticated victim user to click a malicious link, an attacker could perform arbitrary actions on the device on behalf of the victim user.Show less
CVE-2024-31612 1Emlog 1Emlog Jun 17, 2026 Jun 10, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Emlog pro2.3 is vulnerable to Cross Site Request Forgery (CSRF) via twitter.php which can be used with a XSS vulnerability to access administrator information.
CVE-2024-31613 1Bosscms 1Bosscms Jun 17, 2026 Jun 10, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 BOSSCMS v3.10 is vulnerable to Cross Site Request Forgery (CSRF) in name="head_code" or name="foot_code."
CVE-2024-4403 1Lollms 1Lollms Webui Jun 17, 2026 Jun 10, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 A Cross-Site Request Forgery (CSRF) vulnerability exists in the restart_program function of the parisneo/lollms-webui v9.6. This vulnerability allows attackers to trick users into performing unintended actions, such as r...Show more A Cross-Site Request Forgery (CSRF) vulnerability exists in the restart_program function of the parisneo/lollms-webui v9.6. This vulnerability allows attackers to trick users into performing unintended actions, such as resetting the program without their knowledge, by sending specially crafted CSRF forms. This issue affects the installation process, including the installation of Binding zoo and Models zoo, by unexpectedly resetting programs. The vulnerability is due to the lack of CSRF protection in the affected function.Show less
CVE-2024-5786 - - Jun 17, 2026 Jun 10, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery vulnerability in Comtrend router WLD71-T1_v2.0.201820, affecting the GRG-4280us version. This vulnerability allows an attacker to force an end user to execute unwanted actions in a web applicat...Show more Cross-Site Request Forgery vulnerability in Comtrend router WLD71-T1_v2.0.201820, affecting the GRG-4280us version. This vulnerability allows an attacker to force an end user to execute unwanted actions in a web application to which he is authenticated.Show less
CVE-2024-4328 1Parisneo 1Lollms Web Ui Jun 17, 2026 Jun 10, 2024 N/A· v4 8.1 HIGH· v3 N/A· v2 A Cross-Site Request Forgery (CSRF) vulnerability exists in the clear_personality_files_list function of the parisneo/lollms-webui v9.6. The vulnerability arises from the use of a GET request to clear personality files l...Show more A Cross-Site Request Forgery (CSRF) vulnerability exists in the clear_personality_files_list function of the parisneo/lollms-webui v9.6. The vulnerability arises from the use of a GET request to clear personality files list, which lacks proper CSRF protection. This flaw allows attackers to trick users into performing actions without their consent, such as deleting important files on the system. The issue is present in the application's handling of requests, making it susceptible to CSRF attacks that could lead to unauthorized actions being performed on behalf of the user.Show less
CVE-2024-35657 - - Jun 17, 2026 Jun 8, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Plechev Andrey WP-Recall.This issue affects WP-Recall: from n/a through 16.26.6.
CVE-2024-35689 1Analytify 1Analytify Google Analytics Dashboard Jun 17, 2026 Jun 8, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Analytify.This issue affects Analytify: from n/a through 5.2.3.

Previous 1...160161162...468 Next