Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,359)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-49379 1Jfinalcms Project 1Jfinalcms Jun 17, 2026 Dec 5, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /admin/friend_link/save.
CVE-2023-49378 1Jfinalcms Project 1Jfinalcms Jun 17, 2026 Dec 5, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/form/save.
CVE-2023-49377 1Jfinalcms Project 1Jfinalcms Jun 17, 2026 Dec 5, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/update.
CVE-2023-49376 1Jfinalcms Project 1Jfinalcms Jun 17, 2026 Dec 5, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/delete.
CVE-2023-49375 1Jfinalcms Project 1Jfinalcms Jun 17, 2026 Dec 5, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/friend_link/update.
CVE-2023-49374 1Jfinalcms Project 1Jfinalcms Jun 17, 2026 Dec 5, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/slide/update.
CVE-2023-49373 1Jfinalcms Project 1Jfinalcms Jun 17, 2026 Dec 5, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/slide/delete.
CVE-2023-49372 1Jfinalcms Project 1Jfinalcms Jun 17, 2026 Dec 5, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/slide/save.
CVE-2023-24048 1Connectize 1Ac21000 G6 Firmware Jun 17, 2026 Dec 4, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross Site Request Forgery (CSRF) vulnerability in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain control of the device via crafted GET request to /man_password.htm.
CVE-2023-5990 1Funnelforms 1Funnelforms Free Jun 17, 2026 Dec 4, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor WordPress plugin before 3.4.2 does not have CSRF checks on some of its form actions such as deletion and duplication, which could allow att...Show more The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor WordPress plugin before 3.4.2 does not have CSRF checks on some of its form actions such as deletion and duplication, which could allow attackers to make logged in admin perform such actions via CSRF attacksShow less
CVE-2023-5979 1Implecode 1Ecommerce Product Catalog Jun 17, 2026 Dec 4, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 The eCommerce Product Catalog Plugin for WordPress plugin before 3.3.26 does not have CSRF checks in some of its admin pages, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks,...Show more The eCommerce Product Catalog Plugin for WordPress plugin before 3.3.26 does not have CSRF checks in some of its admin pages, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as delete all productsShow less
CVE-2023-5884 1Back2nature 1Word Balloon Jun 17, 2026 Dec 4, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 The Word Balloon WordPress plugin before 4.20.3 does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to trick a logged in user to delete arbitrary avatars by clicking a link.
CVE-2023-6474 1Phpgurukul 1Nipah Virus Testing Management System Jun 17, 2026 Dec 3, 2023 N/A· v4 6.5 MEDIUM· v3 5.0 MEDIUM· v2 A vulnerability has been found in PHPGurukul Nipah Virus Testing Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file manage-phlebotomist.php. The manipulation of the a...Show more A vulnerability has been found in PHPGurukul Nipah Virus Testing Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file manage-phlebotomist.php. The manipulation of the argument pid leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-246640.Show less
CVE-2023-38268 1Ibm 1Infosphere Information Server Jun 17, 2026 Dec 1, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force...Show more IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 260585.Show less
CVE-2023-47870 1Gvectors 1Wpforo Forum Jun 17, 2026 Nov 30, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF), Missing Authorization vulnerability in gVectors Team wpForo Forum wpforo allows Cross Site Request Forgery, Accessing Functionality Not Properly Constrained by ACLs leading to forced al...Show more Cross-Site Request Forgery (CSRF), Missing Authorization vulnerability in gVectors Team wpForo Forum wpforo allows Cross Site Request Forgery, Accessing Functionality Not Properly Constrained by ACLs leading to forced all users log out.This issue affects wpForo Forum: from n/a through 2.2.6.Show less
CVE-2023-48278 1Nitinrathod 1Wp Forms Puzzle Captcha Jun 17, 2026 Nov 30, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Nitin Rathod WP Forms Puzzle Captcha allows Stored XSS.This issue affects WP Forms Puzzle Captcha: from n/a through 4.1.
CVE-2023-47875 1Perfmatters 1Perfmatters Jun 17, 2026 Nov 30, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Perfmatters allows Cross Site Request Forgery.This issue affects Perfmatters: from n/a through 2.1.6.
CVE-2023-5803 1Businessdirectoryplugin 1Business Directory Jun 17, 2026 Nov 30, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Business Directory Team Business Directory Plugin – Easy Listing Directories for WordPress allows Cross-Site Request Forgery.This issue affects Business Directory Plugin...Show more Cross-Site Request Forgery (CSRF) vulnerability in Business Directory Team Business Directory Plugin – Easy Listing Directories for WordPress allows Cross-Site Request Forgery.This issue affects Business Directory Plugin – Easy Listing Directories for WordPress: from n/a through 6.3.10.Show less
CVE-2023-48754 1Wapnepal 1Delete Post Revisions Jun 17, 2026 Nov 30, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Wap Nepal Delete Post Revisions In WordPress allows Cross Site Request Forgery.This issue affects Delete Post Revisions In WordPress: from n/a through 4.6.
CVE-2023-48328 1Imagely 1Nextgen Gallery Jun 17, 2026 Nov 30, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Imagely WordPress Gallery Plugin – NextGEN Gallery allows Cross Site Request Forgery.This issue affects WordPress Gallery Plugin – NextGEN Gallery: from n/a through 3.37...Show more Cross-Site Request Forgery (CSRF) vulnerability in Imagely WordPress Gallery Plugin – NextGEN Gallery allows Cross Site Request Forgery.This issue affects WordPress Gallery Plugin – NextGEN Gallery: from n/a through 3.37.Show less

Previous 1...203204205...468 Next