← Back
CWE-352

9,349 CVEs • Abstraction: Compound • Likelihood of Exploit: Medium

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

JSON object

Loading...

CVEs (9,349)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2023-51487
1Ari Soft
1Ari Stream Quiz
Jun 17, 2026
Mar 16, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in ARI Soft ARI Stream Quiz.This issue affects ARI Stream Quiz: from n/a through 1.2.32.
CVE-2023-51486
1Rednao
1Woocommerce Pdf Invoice Builder
Jun 17, 2026
Mar 16, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in RedNao WooCommerce PDF Invoice Builder.This issue affects WooCommerce PDF Invoice Builder: from n/a through 1.2.101.
CVE-2023-51474
-
-
Jun 17, 2026
Mar 16, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Pixelemu TerraClassifieds.This issue affects TerraClassifieds: from n/a through 2.0.3.
CVE-2023-51521
-
-
Jun 17, 2026
Mar 16, 2024
N/A· v4
5.4 MEDIUM· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz And Survey Master.This issue affects Quiz And Survey Master: from n/a through 8.1.18.
CVE-2023-51512
1Woobewoo
1Product Table
Jun 17, 2026
Mar 16, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross Site Request Forgery (CSRF) vulnerability in WBW Product Table by WBW.This issue affects Product Table by WBW: from n/a through 1.8.6.
CVE-2023-51510
1Atlasgondal
1Export All Urls
Jun 17, 2026
Mar 16, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Atlas Gondal Export Media URLs.This issue affects Export Media URLs: from n/a through 1.0.
CVE-2023-51491
1Depicter
1Depicter
Jun 17, 2026
Mar 16, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Averta Depicter Slider.This issue affects Depicter Slider: from n/a through 2.0.6.
CVE-2023-51489
1Automattic
1Crowdsignal Dashboard
Jun 17, 2026
Mar 16, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Automattic, Inc. Crowdsignal Dashboard – Polls, Surveys & more.This issue affects Crowdsignal Dashboard – Polls, Surveys & more: from n/a through 3.0.11.
CVE-2023-51407
1Rocketelements
1Split Test For Elementor
Jun 17, 2026
Mar 16, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Rocket Elements Split Test For Elementor.This issue affects Split Test For Elementor: from n/a through 1.6.9.
CVE-2023-51522
1Cozmoslabs
1Paid Membership Subscriptions
Jun 17, 2026
Mar 15, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Paid Member Subscriptions.This issue affects Paid Member Subscriptions: from n/a through 2.10.4.
CVE-2023-51369
1Sysbasics
1Customize My Account
Jun 17, 2026
Mar 15, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in SysBasics Customize My Account for WooCommerce.This issue affects Customize My Account for WooCommerce: from n/a through 1.8.3.
CVE-2023-50886
1Wpwax
1Legal Pages
Jun 17, 2026
Mar 15, 2024
N/A· v4
8.0 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF), Incorrect Authorization vulnerability in wpWax Legal Pages.This issue affects Legal Pages: from n/a through 1.3.7.
CVE-2023-51525
1Wpsimplebookingcalendar
1Wp Simple Booking Calendar
Jun 17, 2026
Mar 15, 2024
N/A· v4
5.3 MEDIUM· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Veribo, Roland Murg WP Simple Booking Calendar.This issue affects WP Simple Booking Calendar: from n/a through 2.0.8.4.
CVE-2023-50861
1Pluginus
1Husky Products Filter Professional For Woocommerce
Jun 17, 2026
Mar 15, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in realmag777 HUSKY – Products Filter for WooCommerce (formerly WOOF).This issue affects HUSKY – Products Filter for WooCommerce (formerly WOOF): from n/a through 1.3.4.3.
CVE-2024-2483
-
-
Jun 17, 2026
Mar 15, 2024
N/A· v4
4.3 MEDIUM· v3
5.0 MEDIUM· v2
A vulnerability, which was classified as problematic, has been found in Surya2Developer Hostel Management Service 1.0. This issue affects some unknown processing of the file /change-password.php of the component Password...Show more
A vulnerability, which was classified as problematic, has been found in Surya2Developer Hostel Management Service 1.0. This issue affects some unknown processing of the file /change-password.php of the component Password Change Handler. The manipulation of the argument oldpassword leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256889 was assigned to this vulnerability.Show less
CVE-2024-27265
1Ibm
1Integration Bus
Jun 17, 2026
Mar 14, 2024
N/A· v4
6.5 MEDIUM· v3
N/A· v2
IBM Integration Bus for z/OS 10.1 through 10.1.0.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts....Show more
IBM Integration Bus for z/OS 10.1 through 10.1.0.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 284564.Show less
CVE-2024-28195
1Yooooomi
1Your Spotify
Jun 17, 2026
Mar 13, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
your_spotify is an open source, self hosted Spotify tracking dashboard. YourSpotify versions < 1.9.0 do not protect the API and login flow against Cross-Site Request Forgery (CSRF). Attackers can use this to execute CSRF...Show more
your_spotify is an open source, self hosted Spotify tracking dashboard. YourSpotify versions < 1.9.0 do not protect the API and login flow against Cross-Site Request Forgery (CSRF). Attackers can use this to execute CSRF attacks on victims, allowing them to retrieve, modify or delete data on the affected YourSpotify instance. Using repeated CSRF attacks, it is also possible to create a new user on the victim instance and promote the new user to instance administrator if a legitimate administrator visits a website prepared by an attacker. Note: Real-world exploitability of this vulnerability depends on the browser version and browser settings in use by the victim. This issue has been addressed in version 1.9.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.Show less
CVE-2024-28682
1Dedecms
1Dedecms
Jun 17, 2026
Mar 13, 2024
N/A· v4
6.3 MEDIUM· v3
N/A· v2
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/sys_cache_up.php.
CVE-2024-28681
1Dedecms
1Dedecms
Jun 17, 2026
Mar 13, 2024
N/A· v4
6.1 MEDIUM· v3
N/A· v2
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/plus_edit.php.
CVE-2024-28678
1Dedecms
1Dedecms
Jun 17, 2026
Mar 13, 2024
N/A· v4
6.3 MEDIUM· v3
N/A· v2
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/article_description_main.php