Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,349)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-28677 1Dedecms 1Dedecms Jun 17, 2026 Mar 13, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/article_keywords_main.php.
CVE-2024-28673 1Dedecms 1Dedecms Jun 17, 2026 Mar 13, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/mychannel_edit.php.
CVE-2024-28672 1Dedecms 1Dedecms Jun 17, 2026 Mar 13, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/media_edit.php.
CVE-2024-28670 1Dedecms 1Dedecms Jun 17, 2026 Mar 13, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/freelist_main.php.
CVE-2024-28669 1Dedecms 1Dedecms Jun 17, 2026 Mar 13, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/freelist_edit.php.
CVE-2024-1642 1Mainwp 1Mainwp Dashboard Jun 17, 2026 Mar 13, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.0.1. This is due to missing or incorr...Show more The MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.0.1. This is due to missing or incorrect nonce validation on the 'posting_bulk' function. This makes it possible for unauthenticated attackers to delete arbitrary posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2024-1489 1Cozyvision 1Sms Alert Order Notifications Jun 17, 2026 Mar 13, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.9. This is due to missing or incorrect nonce validation on the pr...Show more The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.9. This is due to missing or incorrect nonce validation on the processBulkAction function. This makes it possible for unauthenticated attackers to delete pages and posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2024-0830 1Najeebmedia 1Comments Extra Fields Jun 17, 2026 Mar 13, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Comments Extra Fields For Post,Pages and CPT plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0. This is due to missing or incorrect nonce validation on several...Show more The Comments Extra Fields For Post,Pages and CPT plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0. This is due to missing or incorrect nonce validation on several ajax actions. This makes it possible for unauthenticated attackers to invoke those actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. As a result, they may modify comment form fields and update plugin settings.Show less
CVE-2024-0827 1Hammadh 1Play.ht Jun 17, 2026 Mar 13, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.4. This is due to missing or incorrect no...Show more The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.4. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to invoke those functions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2024-0592 1Never5 1Related Posts Jun 17, 2026 Mar 13, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The Related Posts for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation on the handle_create_link...Show more The Related Posts for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation on the handle_create_link() function. This makes it possible for unauthenticated attackers to add related posts to other posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This ultimately makes it possible for attackers to view draft and password protected posts.Show less
CVE-2024-28684 1Dedecms 1Dedecms Jun 17, 2026 Mar 13, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/module_main.php
CVE-2024-28675 1Dedecms 1Dedecms Jun 17, 2026 Mar 13, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/diy_edit.php
CVE-2024-28667 1Dedecms 1Dedecms Jun 17, 2026 Mar 13, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/templets_one_edit.php
CVE-2024-28666 1Dedecms 1Dedecms Jun 17, 2026 Mar 13, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/media_add.php
CVE-2024-28665 1Dedecms 1Dedecms Jun 17, 2026 Mar 13, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/article_add.php
CVE-2024-28432 1Dedecms 1Dedecms Jun 17, 2026 Mar 13, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/article_edit.php.
CVE-2024-28431 1Dedecms 1Dedecms Jun 17, 2026 Mar 13, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/catalog_del.php.
CVE-2024-28430 1Dedecms 1Dedecms Jun 17, 2026 Mar 13, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/catalog_edit.php.
CVE-2024-28429 1Dedecms 1Dedecms Jun 17, 2026 Mar 13, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/archives_do.php
CVE-2024-2416 - - Jun 17, 2026 Mar 13, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery vulnerability in Movistar's 4G router affecting version ES_WLD71-T1_v2.0.201820. This vulnerability allows an attacker to force an end user to execute unwanted actions in a web application in w...Show more Cross-Site Request Forgery vulnerability in Movistar's 4G router affecting version ES_WLD71-T1_v2.0.201820. This vulnerability allows an attacker to force an end user to execute unwanted actions in a web application in which they are currently authenticated.Show less

Previous 1...184185186...468 Next