Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,349)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-34755 - - Jun 17, 2026 May 17, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Contact Form 7 and Salesforce.This issue affects Integration for Contact Form 7 and Salesforce: from n/a through 1.3.9.
CVE-2024-27955 - - Jun 17, 2026 May 17, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in WP Automatic Automatic allows Privilege Escalation.This issue affects Automatic: from n/a through 3.92.0.
CVE-2023-44478 - - Jun 17, 2026 May 17, 2024 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in WP Hive Events Rich Snippets for Google allows Exploitation of Trusted Credentials.This issue affects Events Rich Snippets for Google: from n/a through 1.8.
CVE-2024-4204 - - Jun 17, 2026 May 16, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Bulk Posts Editing For WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.3. This is due to missing or incorrect nonce validation on the plugin's AJAX...Show more The Bulk Posts Editing For WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.3. This is due to missing or incorrect nonce validation on the plugin's AJAX actions.. This makes it possible for unauthenticated attackers to create and duplicate posts, retrieve post content, and modify post taxonomy among other things via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2024-35039 1Idccms 1Idccms Jun 17, 2026 May 16, 2024 N/A· v4 3.8 LOW· v3 N/A· v2 idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/tplSys_deal.php?mudi=area.
CVE-2024-34958 1Idccms 1Idccms Jun 17, 2026 May 16, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/banner_deal.php?mudi=add
CVE-2024-34957 1Idccms 1Idccms Jun 17, 2026 May 16, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/sysImages_deal.php?mudi=infoSet.
CVE-2024-3643 1Mndpsingh287 1Newsletter Popup Jun 17, 2026 May 16, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 The Newsletter Popup WordPress plugin through 1.2 does not have CSRF check when deleting list, which could allow attackers to make logged in admins perform such action via a CSRF attack
CVE-2024-3642 1Mndpsingh287 1Newsletter Popup Jun 17, 2026 May 16, 2024 N/A· v4 6.9 MEDIUM· v3 N/A· v2 The Newsletter Popup WordPress plugin through 1.2 does not have CSRF check when deleting subscriber, which could allow attackers to make logged in admins perform such action via a CSRF attack
CVE-2024-4929 1Oretnom23 1Simple Online Bidding System Jun 17, 2026 May 16, 2024 6.9 MEDIUM· v4 4.3 MEDIUM· v3 5.0 MEDIUM· v2 A vulnerability classified as problematic has been found in SourceCodester Simple Online Bidding System 1.0. This affects an unknown part of the file /simple-online-bidding-system/admin/ajax.php?action=save_user. The man...Show more A vulnerability classified as problematic has been found in SourceCodester Simple Online Bidding System 1.0. This affects an unknown part of the file /simple-online-bidding-system/admin/ajax.php?action=save_user. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-264465 was assigned to this vulnerability.Show less
CVE-2024-3824 1Mranderson 1Base64 Encoderdecoder Jun 17, 2026 May 15, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack
CVE-2024-3823 1Mranderson 1Base64 Encoderdecoder Jun 17, 2026 May 15, 2024 N/A· v4 2.4 LOW· v3 N/A· v2 The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stor...Show more The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attackShow less
CVE-2024-3631 1Dachande663 1Hl Twitter Jun 17, 2026 May 15, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The HL Twitter WordPress plugin through 2014.1.18 does not have CSRF check when unlinking twitter accounts, which could allow attackers to make logged in admins perform such actions via a CSRF attack
CVE-2024-3629 1Dachande663 1Hl Twitter Jun 17, 2026 May 15, 2024 N/A· v4 2.4 LOW· v3 N/A· v2 The HL Twitter WordPress plugin through 2014.1.18 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVE-2024-3407 1Goprayer 1Wp Prayer Jun 17, 2026 May 15, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 The WP Prayer WordPress plugin through 2.0.9 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
CVE-2024-3406 1Goprayer 1Wp Prayer Jun 17, 2026 May 15, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 The WP Prayer WordPress plugin through 2.0.9 does not have CSRF check in place when updating its email settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVE-2024-3405 1Goprayer 1Wp Prayer Jun 17, 2026 May 15, 2024 N/A· v4 7.6 HIGH· v3 N/A· v2 The WP Prayer WordPress plugin through 2.0.9 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVE-2024-35109 1Idccms 1Idccms Jun 17, 2026 May 15, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /homePro_deal.php?mudi=add&nohrefStr=close.
CVE-2024-35108 1Idccms 1Idccms Jun 17, 2026 May 15, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/homePro_deal.php?mudi=del&dataType=&dataTypeCN.
CVE-2024-35012 1Idccms 1Idccms Jun 17, 2026 May 14, 2024 N/A· v4 6.3 MEDIUM· v3 N/A· v2 idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoType_deal.php?mudi=add&nohrefStr=close.

Previous 1...164165166...468 Next