← Back
CWE-352

9,349 CVEs • Abstraction: Compound • Likelihood of Exploit: Medium

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

JSON object

Loading...

CVEs (9,349)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-35560
1Idccms
1Idccms
Jun 17, 2026
May 22, 2024
N/A· v4
4.3 MEDIUM· v3
N/A· v2
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ca_deal.php?mudi=del&dataType=&dataTypeCN.
CVE-2024-35559
1Idccms
1Idccms
Jun 17, 2026
May 22, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoMove_deal.php?mudi=rev&nohrefStr=close.
CVE-2024-35558
1Idccms
1Idccms
Jun 17, 2026
May 22, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ca_deal.php?mudi=rev&nohrefStr=close.
CVE-2024-35557
1Idccms
1Idccms
Jun 17, 2026
May 22, 2024
N/A· v4
5.5 MEDIUM· v3
N/A· v2
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/vpsApi_deal.php?mudi=rev&nohrefStr=close.
CVE-2024-35556
1Idccms
1Idccms
Jun 17, 2026
May 22, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/vpsSys_deal.php?mudi=infoSet.
CVE-2024-35555
1Idccms
1Idccms
Jun 17, 2026
May 22, 2024
N/A· v4
6.3 MEDIUM· v3
N/A· v2
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/share_switch.php?mudi=switch&dataType=newsWeb&fieldName=state&fieldName2=state&tabName=infoWeb&dataID=40.
CVE-2024-35554
1Idccms
1Idccms
Jun 17, 2026
May 22, 2024
N/A· v4
5.4 MEDIUM· v3
N/A· v2
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoWeb_deal.php?mudi=del&dataType=newsWeb&dataTypeCN.
CVE-2024-35553
1Idccms
1Idccms
Jun 17, 2026
May 22, 2024
N/A· v4
8.3 HIGH· v3
N/A· v2
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoMove_deal.php?mudi=add&nohrefStr=close.
CVE-2024-35552
1Idccms
1Idccms
Jun 17, 2026
May 22, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoMove_deal.php?mudi=del&dataType=logo&dataTypeCN.
CVE-2024-35551
1Idccms
1Idccms
Jun 17, 2026
May 22, 2024
N/A· v4
4.3 MEDIUM· v3
N/A· v2
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoWeb_deal.php?mudi=add.
CVE-2024-35550
1Idccms
1Idccms
Jun 17, 2026
May 22, 2024
N/A· v4
6.3 MEDIUM· v3
N/A· v2
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoWeb_deal.php?mudi=rev.
CVE-2024-35475
1Openkm
1Openkm
Jun 17, 2026
May 22, 2024
N/A· v4
6.4 MEDIUM· v3
N/A· v2
A Cross-Site Request Forgery (CSRF) vulnerability was discovered in OpenKM Community Edition on or before version 6.3.12. The vulnerability exists in /admin/DatabaseQuery, which allows an attacker to manipulate a victim...Show more
A Cross-Site Request Forgery (CSRF) vulnerability was discovered in OpenKM Community Edition on or before version 6.3.12. The vulnerability exists in /admin/DatabaseQuery, which allows an attacker to manipulate a victim with administrative privileges to execute arbitrary SQL commands.Show less
CVE-2024-1446
1Nextscripts
1Social Networks Auto Poster
Jun 17, 2026
May 22, 2024
N/A· v4
4.3 MEDIUM· v3
N/A· v2
The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.4.3. This is due to missing or incorrect nonce validation on the nxssn...Show more
The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.4.3. This is due to missing or incorrect nonce validation on the nxssnap-reposter page. This makes it possible for unauthenticated attackers to delete arbitrary posts or pages via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2024-36076
1Syslifters
1Sysreptor
Jun 17, 2026
May 19, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site WebSocket Hijacking in SysReptor from version 2024.28 to version 2024.30 causes attackers to escalate privileges and obtain sensitive information when a logged-in SysReptor user visits a malicious same-site su...Show more
Cross-Site WebSocket Hijacking in SysReptor from version 2024.28 to version 2024.30 causes attackers to escalate privileges and obtain sensitive information when a logged-in SysReptor user visits a malicious same-site subdomain in the same browser session.Show less
CVE-2024-5097
1Argie
1Simple Inventory System
Jun 17, 2026
May 19, 2024
6.9 MEDIUM· v4
4.3 MEDIUM· v3
5.0 MEDIUM· v2
A vulnerability, which was classified as problematic, was found in SourceCodester Simple Inventory System 1.0. Affected is an unknown function of the file /tableedit.php#page=editprice. The manipulation of the argument i...Show more
A vulnerability, which was classified as problematic, was found in SourceCodester Simple Inventory System 1.0. Affected is an unknown function of the file /tableedit.php#page=editprice. The manipulation of the argument itemnumber leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-265080.Show less
CVE-2024-23554
1Hcltech
1Bigfix Platform
Jun 17, 2026
May 18, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) on Session Token vulnerability that could potentially lead to Remote Code Execution (RCE).
CVE-2024-34809
1Extendthemes
1Empowerwp
Jun 17, 2026
May 17, 2024
N/A· v4
4.3 MEDIUM· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Extend Themes EmpowerWP.This issue affects EmpowerWP: from n/a through 1.0.21.
CVE-2024-34807
1Codebard
1Fast Custom Social Share
Jun 17, 2026
May 17, 2024
N/A· v4
4.3 MEDIUM· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in CodeBard Fast Custom Social Share by CodeBard fast-custom-social-share-by-codebard.This issue affects Fast Custom Social Share by CodeBard: from n/a through <= 1.1.2.
CVE-2024-34806
-
-
Jun 17, 2026
May 17, 2024
N/A· v4
4.3 MEDIUM· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Creative Motion Clearfy Cache.This issue affects Clearfy Cache: from n/a through 2.2.1.
CVE-2024-34756
-
-
Jun 17, 2026
May 17, 2024
N/A· v4
4.3 MEDIUM· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Contact Form 7 HubSpot.This issue affects Integration for Contact Form 7 HubSpot: from n/a through 1.3.1.