Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,356)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-1907 1Frenify 1Categorify Jun 17, 2026 Feb 27, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxDeleteCategory func...Show more The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxDeleteCategory function. This makes it possible for unauthenticated attackers to delete categories via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2024-1906 1Frenify 1Categorify Jun 17, 2026 Feb 27, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxAddCategory functio...Show more The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxAddCategory function. This makes it possible for unauthenticated attackers to add categories via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2023-7203 1Rednao 1Smart Forms Jun 17, 2026 Feb 27, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The Smart Forms WordPress plugin before 2.6.87 does not have authorisation in various AJAX actions, which could allow users with a role as low as subscriber to call them and perform unauthorised actions such as deleting...Show more The Smart Forms WordPress plugin before 2.6.87 does not have authorisation in various AJAX actions, which could allow users with a role as low as subscriber to call them and perform unauthorised actions such as deleting entries. The plugin also lacks CSRF checks in some places which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as deleting entries.Show less
CVE-2023-7202 1Verygoodplugins 1Fatal Error Notify Jun 17, 2026 Feb 27, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The Fatal Error Notify WordPress plugin before 1.5.3 does not have authorisation and CSRF checks in its test_error AJAX action, allowing any authenticated users, such as subscriber to call it and spam the admin email add...Show more The Fatal Error Notify WordPress plugin before 1.5.3 does not have authorisation and CSRF checks in its test_error AJAX action, allowing any authenticated users, such as subscriber to call it and spam the admin email address with error messages. The issue is also exploitable via CSRFShow less
CVE-2023-36237 1Webkul 1Bagisto Jun 17, 2026 Feb 26, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross Site Request Forgery vulnerability in Bagisto before v.1.5.1 allows an attacker to execute arbitrary code via a crafted HTML script.
CVE-2024-1889 1Sma 2Clcon 10 Firmware Clcon S 10 Firmware Jun 17, 2026 Feb 26, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery vulnerability in SMA Cluster Controller, affecting version 01.05.01.R. This vulnerability could allow an attacker to send a malicious link to an authenticated user to perform actions with these...Show more Cross-Site Request Forgery vulnerability in SMA Cluster Controller, affecting version 01.05.01.R. This vulnerability could allow an attacker to send a malicious link to an authenticated user to perform actions with these user permissions on the affected device.Show less
CVE-2023-32344 2Ibm Netapp 2Cognos Analytics Oncommand Insight Jun 17, 2026 Feb 26, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to form action hijacking where it is possible to modify the form action to reference an arbitrary path. IBM X-Force ID: 255898.
CVE-2024-1362 1Extendthemes 1Colibri Page Builder Jun 17, 2026 Feb 23, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Colibri Page Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.253. This is due to missing or incorrect nonce validation on the cp_shortcode_refresh()...Show more The Colibri Page Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.253. This is due to missing or incorrect nonce validation on the cp_shortcode_refresh() function. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2024-1361 1Extendthemes 1Colibri Page Builder Jun 17, 2026 Feb 23, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Colibri Page Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.253. This is due to missing or incorrect nonce validation on the apiCall() function. Thi...Show more The Colibri Page Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.253. This is due to missing or incorrect nonce validation on the apiCall() function. This makes it possible for unauthenticated attackers to call a limited set of functions that can be used to import images, delete posts, or save theme data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2024-1360 1Colibriwp 1Colibri Jun 17, 2026 Feb 23, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Colibri WP theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.94. This is due to missing or incorrect nonce validation on the colibriwp_install_plugin() function...Show more The Colibri WP theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.94. This is due to missing or incorrect nonce validation on the colibriwp_install_plugin() function. This makes it possible for unauthenticated attackers to install recommended plugins via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2024-1777 1Zestard 1Admin Side Data Storage For Contact Form 7 Jun 17, 2026 Feb 23, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on the set...Show more The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on the settings update function. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2024-26445 1Flusity 1Flusity Jun 17, 2026 Feb 22, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_place.php
CVE-2024-26352 1Flusity 1Flusity Jun 17, 2026 Feb 22, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/add_places.php
CVE-2024-26351 1Flusity 1Flusity Jun 17, 2026 Feb 22, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/update_place.php
CVE-2024-26350 1Flusity 1Flusity Jun 17, 2026 Feb 22, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/update_contact_form_settings.php
CVE-2024-26349 1Flusity 1Flusity Jun 17, 2026 Feb 22, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_translation.php
CVE-2024-23094 1Flusity 1Flusity Jun 17, 2026 Feb 22, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /cover/addons/info_media_gallery/action/edit_addon_post.php
CVE-2024-24837 - - Jun 17, 2026 Feb 21, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Frédéric GILLES FG PrestaShop to WooCommerce, Frédéric GILLES FG Drupal to WordPress, Frédéric GILLES FG Joomla to WordPress.This issue affects FG PrestaShop to WooComme...Show more Cross-Site Request Forgery (CSRF) vulnerability in Frédéric GILLES FG PrestaShop to WooCommerce, Frédéric GILLES FG Drupal to WordPress, Frédéric GILLES FG Joomla to WordPress.This issue affects FG PrestaShop to WooCommerce: from n/a through 4.44.3; FG Drupal to WordPress: from n/a through 3.67.0; FG Joomla to WordPress: from n/a through 4.15.0.Show less
CVE-2024-24802 1Jtrt Responsive Tables Project 1Jtrt Responsive Tables Jun 17, 2026 Feb 21, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in John Tendik JTRT Responsive Tables.This issue affects JTRT Responsive Tables: from n/a through 4.1.9.
CVE-2024-24798 1Soninow 1Debug Jun 17, 2026 Feb 21, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in SoniNow Team Debug.This issue affects Debug: from n/a through 1.10.

Previous 1...189190191...468 Next