Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,349)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-52555 1Mongo Express Project 1Mongo Express Jun 17, 2026 Mar 1, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 In mongo-express 1.0.2, /admin allows CSRF, as demonstrated by deletion of a Collection.
CVE-2023-28949 1Ibm 2Engineering Requirements Management Doors Engineering Requirements Management Doors Web Access Jun 17, 2026 Mar 1, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 IBM Engineering Requirements Management DOORS 9.7.2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trust...Show more IBM Engineering Requirements Management DOORS 9.7.2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 251216.Show less
CVE-2024-21752 1Wp Dreams 1Ajax Search Jun 17, 2026 Feb 29, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Ernest Marcinko Ajax Search Lite allows Reflected XSS.This issue affects Ajax Search Lite: from n/a through 4.11.4.
CVE-2024-1976 1Marketingoptimizer 1Marketing Optimizer Jun 17, 2026 Feb 29, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Marketing Optimizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20200925. This is due to missing or incorrect nonce validation via the admin/main-settings-pa...Show more The Marketing Optimizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20200925. This is due to missing or incorrect nonce validation via the admin/main-settings-page.php file. This makes it possible for unauthenticated attackers to update the plugin's settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2023-51696 1Cleantalk 1Anti Spam Jun 17, 2026 Feb 29, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in СleanTalk - Anti-Spam Protection Spam protection, Anti-Spam, FireWall by CleanTalk.This issue affects Spam protection, Anti-Spam, FireWall by CleanTalk: from n/a through...Show more Cross-Site Request Forgery (CSRF) vulnerability in СleanTalk - Anti-Spam Protection Spam protection, Anti-Spam, FireWall by CleanTalk.This issue affects Spam protection, Anti-Spam, FireWall by CleanTalk: from n/a through 6.20.Show less
CVE-2023-51531 1Thrivethemes 1Thrive Automator Jun 17, 2026 Feb 29, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Thrive Themes Thrive Automator.This issue affects Thrive Automator: from n/a through 1.17.
CVE-2023-51530 1Gsplugins 1Logo Slider Jun 17, 2026 Feb 29, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in GS Plugins Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation.This issue affects Logo Slider – Logo Showcase, Logo Carousel, Logo Gall...Show more Cross-Site Request Forgery (CSRF) vulnerability in GS Plugins Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation.This issue affects Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation: from n/a through 3.5.1.Show less
CVE-2023-51529 1Hasthemes 1Ht Mega Jun 17, 2026 Feb 29, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Mega – Absolute Addons For Elementor.This issue affects HT Mega – Absolute Addons For Elementor: from n/a through 2.3.3.
CVE-2023-51528 1Aipower 1Aipower Jun 17, 2026 Feb 29, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Senol Sahin AI Power: Complete AI Pack – Powered by GPT-4.This issue affects AI Power: Complete AI Pack – Powered by GPT-4: from n/a through 1.8.12.
CVE-2024-25932 1Youngtechleads 1Change Table Prefix Jun 17, 2026 Feb 29, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Manish Kumar Agarwal Change Table Prefix change-table-prefix allows Cross Site Request Forgery.This issue affects Change Table Prefix: from n/a through <= 2.0.
CVE-2024-25931 1Heureka 1Heureka Jun 17, 2026 Feb 29, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Heureka Group Heureka.This issue affects Heureka: from n/a through 1.0.8.
CVE-2024-25930 1Nuggethon 1Custom Order Status Manager For Woocommerce Jun 17, 2026 Feb 29, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Nuggethon Custom Order Statuses for WooCommerce.This issue affects Custom Order Statuses for WooCommerce: from n/a through 1.5.2.
CVE-2024-24708 1W3speedster 1W3speedster Jun 17, 2026 Feb 29, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in W3speedster W3SPEEDSTER.This issue affects W3SPEEDSTER: from n/a through 7.19.
CVE-2024-24701 1Tiny 1Setka Workflow Jun 17, 2026 Feb 29, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Native Grid LLC A no-code page builder for beautiful performance-based content.This issue affects A no-code page builder for beautiful performance-based content: from n/...Show more Cross-Site Request Forgery (CSRF) vulnerability in Native Grid LLC A no-code page builder for beautiful performance-based content.This issue affects A no-code page builder for beautiful performance-based content: from n/a through 2.1.20.Show less
CVE-2024-23519 1Mandsconsulting 1Email Before Download Jun 17, 2026 Feb 29, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in M&S Consulting Email Before Download.This issue affects Email Before Download: from n/a through 6.9.7.
CVE-2024-22939 1Sunkaifei 1Flycms Jun 17, 2026 Feb 29, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross Site Request Forgery vulnerability in FlyCms v.1.0 allows a remote attacker to execute arbitrary code via the system/article/category_edit component.
CVE-2024-1339 1Imagerecycle 1Imagerecycle Pdf & Image Compression Jun 17, 2026 Feb 29, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the reinitia...Show more The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the reinitialize function. This makes it possible for unauthenticated attackers to remove all plugin data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2024-1338 1Imagerecycle 1Imagerecycle Pdf & Image Compression Jun 17, 2026 Feb 29, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the stopOpti...Show more The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the stopOptimizeAll function. This makes it possible for unauthenticated attackers to modify image optimization settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2024-1336 1Imagerecycle 1Imagerecycle Pdf & Image Compression Jun 17, 2026 Feb 29, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the optimize...Show more The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the optimizeAllOn function. This makes it possible for unauthenticated attackers to modify image optimization settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2024-1335 1Imagerecycle 1Imagerecycle Pdf & Image Compression Jun 17, 2026 Feb 29, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the disableO...Show more The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the disableOptimization function. This makes it possible for unauthenticated attackers to disable the image optimization setting via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less

Previous 1...186187188...468 Next