Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,358)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-52060 1Gestsup 1Gestsup Jun 17, 2026 Feb 13, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 A Cross-Site Request Forgery (CSRF) in Gestsup v3.2.46 allows attackers to arbitrarily edit user profile information via a crafted request.
CVE-2023-6501 1Cochinoman 1Splashscreen Jun 17, 2026 Feb 12, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Splashscreen WordPress plugin through 0.20 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVE-2023-6499 1Calenfretts 1Lastunes Jun 17, 2026 Feb 12, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The lasTunes WordPress plugin through 3.6.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF...Show more The lasTunes WordPress plugin through 3.6.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attackShow less
CVE-2024-24935 1Wpsimpletools 1Basic Log Viewer Jun 17, 2026 Feb 12, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in WpSimpleTools Basic Log Viewer.This issue affects Basic Log Viewer: from n/a through 1.0.4.
CVE-2024-24929 1Ftwr 1Wp Contact Form Jun 17, 2026 Feb 12, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Ryan Duff, Peter Westwood WP Contact Form.This issue affects WP Contact Form: from n/a through 1.6.
CVE-2024-24887 1Contest Gallery 1Contest Gallery Jun 17, 2026 Feb 12, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Contest Gallery Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress.This issue affects Photos and Files Contest Ga...Show more Cross-Site Request Forgery (CSRF) vulnerability in Contest Gallery Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress.This issue affects Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress: from n/a through 21.2.8.4.Show less
CVE-2024-24884 1Ari Soft 1Contact Form 7 Connector Jun 17, 2026 Feb 12, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in ARI Soft Contact Form 7 Connector.This issue affects Contact Form 7 Connector: from n/a through 1.2.2.
CVE-2024-24875 1Ylefebvre 1Link Library Jun 17, 2026 Feb 12, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Yannick Lefebvre Link Library.This issue affects Link Library: from n/a through 7.5.13.
CVE-2024-25419 1Flusity 1Flusity Jun 17, 2026 Feb 11, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/update_menu.php.
CVE-2024-25418 1Flusity 1Flusity Jun 17, 2026 Feb 11, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_menu.php.
CVE-2024-25417 1Flusity 1Flusity Jun 17, 2026 Feb 11, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/add_translation.php.
CVE-2023-50349 1Hcltech 1Sametime Jun 17, 2026 Feb 9, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Sametime is impacted by a Cross Site Request Forgery (CSRF) vulnerability. Some REST APIs in the Sametime Proxy application can allow an attacker to perform malicious actions on the application.
CVE-2024-23319 1Mattermost 1Mattermost Server Jun 17, 2026 Feb 9, 2024 N/A· v4 3.5 LOW· v3 N/A· v2 Mattermost Jira Plugin fails to protect against logout CSRF allowing an attacker to post a specially crafted message that would disconnect a user's Jira connection in Mattermost only by viewing the message.
CVE-2024-24819 1Icinga 1Icingaweb2 Module Incubator Jun 17, 2026 Feb 9, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 icingaweb2-module-incubator is a working project of bleeding edge Icinga Web 2 libraries. In affected versions the class `gipfl\Web\Form` is the base for various concrete form implementations [1] and provides protection...Show more icingaweb2-module-incubator is a working project of bleeding edge Icinga Web 2 libraries. In affected versions the class `gipfl\Web\Form` is the base for various concrete form implementations [1] and provides protection against cross site request forgery (CSRF) by default. This is done by automatically adding an element with a CSRF token to any form, unless explicitly disabled, but even if enabled, the CSRF token (sent during a client's submission of a form relying on it) is not validated. This enables attackers to perform changes on behalf of a user which, unknowingly, interacts with a prepared link or website. The version 0.22.0 is available to remedy this issue. Users are advised to upgrade. There are no known workarounds for this vulnerability.Show less
CVE-2024-24820 1Icinga 1Icinga Jun 17, 2026 Feb 9, 2024 N/A· v4 8.3 HIGH· v3 N/A· v2 Icinga Director is a tool designed to make Icinga 2 configuration handling easy. Not any of Icinga Director's configuration forms used to manipulate the monitoring environment are protected against cross site request for...Show more Icinga Director is a tool designed to make Icinga 2 configuration handling easy. Not any of Icinga Director's configuration forms used to manipulate the monitoring environment are protected against cross site request forgery (CSRF). It enables attackers to perform changes in the monitoring environment managed by Icinga Director without the awareness of the victim. Users of the map module in version 1.x, should immediately upgrade to v2.0. The mentioned XSS vulnerabilities in Icinga Web are already fixed as well and upgrades to the most recent release of the 2.9, 2.10 or 2.11 branch must be performed if not done yet. Any later major release is also suitable. Icinga Director will receive minor updates to the 1.8, 1.9, 1.10 and 1.11 branches to remedy this issue. Upgrade immediately to a patched release. If that is not feasible, disable the director module for the time being.Show less
CVE-2023-47020 1Ncratleos 1Terminal Handler Jun 17, 2026 Feb 8, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Multiple Cross-Site Request Forgery (CSRF) chaining in NCR Terminal Handler v.1.5.1 allows privileges to be escalated by an attacker through a crafted request involving user account creation and adding the user to an adm...Show more Multiple Cross-Site Request Forgery (CSRF) chaining in NCR Terminal Handler v.1.5.1 allows privileges to be escalated by an attacker through a crafted request involving user account creation and adding the user to an administrator group. This is exploited by an undisclosed function in the WSDL that lacks security controls and can accept custom content types.Show less
CVE-2024-0511 1Royal Elementor Addons 1Royal Elementor Addons Jun 17, 2026 Feb 8, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the wpr_upda...Show more The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the wpr_update_form_action_meta function. This makes it possible for unauthenticated attackers to post metadata via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2024-24706 1Forumone 1Wp Cfm Jun 17, 2026 Feb 7, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Forum One WP-CFM wp-cfm.This issue affects WP-CFM: from n/a through 1.7.8.
CVE-2024-20255 1Cisco 1Expressway Jun 17, 2026 Feb 7, 2024 N/A· v4 7.1 HIGH· v3 N/A· v2 A vulnerability in the SOAP API of Cisco Expressway Series and Cisco TelePresence Video Communication Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an aff...Show more A vulnerability in the SOAP API of Cisco Expressway Series and Cisco TelePresence Video Communication Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user of the REST API to follow a crafted link. A successful exploit could allow the attacker to cause the affected system to reload.Show less
CVE-2024-20254 1Cisco 1Expressway Jun 17, 2026 Feb 7, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perfor...Show more Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device. Note: "Cisco Expressway Series" refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices. For more information about these vulnerabilities, see the Details ["#details"] section of this advisory.Show less

Previous 1...191192193...468 Next