← Back
CWE-352

9,386 CVEs • Abstraction: Compound • Likelihood of Exploit: Medium

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

JSON object

Loading...

CVEs (9,386)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
1Wpinventory
1Wp Inventory Manager
Jun 17, 2026
Nov 9, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in WP Inventory Manager plugin <= 2.1.0.13 versions.
1Joomsky
1Js Job Manager
Jun 17, 2026
Nov 9, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in JoomSky JS Job Manager plugin <= 2.0.0 versions.
1Etsy Shop Project
1Etsy Shop
Jun 17, 2026
Nov 9, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Frédéric Sheedy Etsy Shop plugin <= 3.0.3 versions.
1Nasa
1Openmct
Jun 17, 2026
Nov 9, 2023
N/A· v4
6.5 MEDIUM· v3
N/A· v2
Cross Site Request Forgery (CSRF) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attackers to view sensitive information via the flexibleLayout plugin.
1Publish To Schedule Project
1Publish To Schedule
Jun 17, 2026
Nov 9, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Alex Benfica Publish to Schedule plugin <= 4.4.2 versions.
1Axios
1Axios
Jun 17, 2026
Nov 8, 2023
N/A· v4
6.5 MEDIUM· v3
N/A· v2
An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensiti...Show more
An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.Show less
1Updraftplus
1Updraftplus
Jun 17, 2026
Nov 7, 2023
N/A· v4
5.4 MEDIUM· v3
N/A· v2
The UpdraftPlus: WordPress Backup & Migration Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.23.10. This is due to a lack of nonce validation and insuffici...Show more
The UpdraftPlus: WordPress Backup & Migration Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.23.10. This is due to a lack of nonce validation and insufficient validation of the instance_id on the 'updraftmethod-googledrive-auth' action used to update Google Drive remote storage location. This makes it possible for unauthenticated attackers to modify the Google Drive location that backups are sent to via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This can make it possible for attackers to receive backups for a site which may contain sensitive information.Show less
1Gara
1Amazonify
Jun 17, 2026
Nov 7, 2023
N/A· v4
4.3 MEDIUM· v3
N/A· v2
The Amazonify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.8.1. This is due to missing or incorrect nonce validation on the amazonifyOptionsPage() function. Thi...Show more
The Amazonify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.8.1. This is due to missing or incorrect nonce validation on the amazonifyOptionsPage() function. This makes it possible for unauthenticated attackers to update the plugins settings, including the Amazon Tracking ID, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
1Xwiki
1Xwiki
Jun 17, 2026
Nov 7, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible to execute a content with the right of any user via a crafted URL. A user must h...Show more
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible to execute a content with the right of any user via a crafted URL. A user must have `programming` privileges in order to exploit this vulnerability. This issue has been patched in XWiki 14.10.7 and 15.2RC1. Users are advised to upgrade. There are no known workarounds for for this vulnerability.Show less
1Crudlab
1Jazz Popups
Jun 17, 2026
Nov 7, 2023
N/A· v4
6.1 MEDIUM· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in CRUDLab Jazz Popups leads to Stored XSS.This issue affects Jazz Popups: from n/a through 1.8.7.
1Wpexperts
1Email Templates Customizer And Designer
Jun 17, 2026
Nov 7, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in wpexpertsio Email Templates Customizer and Designer for WordPress and WooCommerce email-templates allows Cross Site Request Forgery.This issue affects Email Templates Cu...Show more
Cross-Site Request Forgery (CSRF) vulnerability in wpexpertsio Email Templates Customizer and Designer for WordPress and WooCommerce email-templates allows Cross Site Request Forgery.This issue affects Email Templates Customizer and Designer for WordPress and WooCommerce: from n/a through 1.4.2.Show less
1Imagemapper Project
1Imagemapper
Jun 17, 2026
Nov 7, 2023
N/A· v4
4.3 MEDIUM· v3
N/A· v2
The ImageMapper plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.6. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible...Show more
The ImageMapper plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.6. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible for unauthenticated attackers to update the plugin settings via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link.Show less
1Imagemapper Project
1Imagemapper
Jun 17, 2026
Nov 7, 2023
N/A· v4
4.3 MEDIUM· v3
N/A· v2
The ImageMapper plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.6. This is due to missing or incorrect nonce validation on the 'imgmap_save_area_title' function. Thi...Show more
The ImageMapper plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.6. This is due to missing or incorrect nonce validation on the 'imgmap_save_area_title' function. This makes it possible for unauthenticated attackers to update the post title and inject malicious JavaScript via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link.Show less
1Sfu
1Pkp Web Application Library
Jun 17, 2026
Nov 7, 2023
N/A· v4
4.3 MEDIUM· v3
N/A· v2
Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
1Sfu
1Pkp Web Application Library
Jun 17, 2026
Nov 7, 2023
N/A· v4
4.3 MEDIUM· v3
N/A· v2
Cross-Site Request Forgery in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
1Themekraft
1Tk Google Fonts Gdpr Compliant
Jun 17, 2026
Nov 6, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in ThemeKraft TK Google Fonts GDPR Compliant plugin <= 2.2.11 versions.
1Kadencewp
1Kadence Woocommerce Email Designer
Jun 17, 2026
Nov 6, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Kadence WP Kadence WooCommerce Email Designer plugin <= 1.5.11 versions.
1Rolandmurg
1Current Menu Item For Custom Post Types
Jun 17, 2026
Nov 6, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Roland Murg Current Menu Item for Custom Post Types plugin <= 1.5 versions.
1Altersoftware
1Alter
Jun 17, 2026
Nov 6, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Alter plugin <= 1.0 versions.
1Easyrecipe Project
1Easyrecipe
Jun 17, 2026
Nov 6, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in EasyRecipe plugin <= 3.5.3251 versions.