CWE-352
9,384 CVEs • Abstraction: Compound • Likelihood of Exploit: Medium
Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
CVEs (9,384)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
Cross-Site Request Forgery (CSRF) vulnerability in Serena Villa Auto Excerpt everywhere plugin <= 1.5 versions. |
1Zixn 1Original Texts Yandex Webmaster Jun 17, 2026 Nov 6, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Djo Original texts Yandex WebMaster plugin <= 1.18 versions. |
1Nazmulhossainnihal 1Login Screen Manager Jun 17, 2026 Nov 6, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) leading to a Stored Cross-Site Scripting (XSS) vulnerability in Nazmul Hossain Nihal Login Screen Manager plugin <= 3.5.2 versions. |
1I13websolution 1Video Carousel Slider With Lightbox Jun 17, 2026 Nov 3, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The video carousel slider with lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the responsive_video_gallery_with_lightbox_...Show more |
1Ibm 2Cics Tx Txseries For MultiplatformsJun 17, 2026 Nov 3, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions trans...Show more |
Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16. |
Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16. |
Cross-Site Request Forgery (CSRF) in GitHub repository pkp/customLocale prior to 1.2.0-1. |
Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16. |
Cross Site Request Forgery vulnerability in Click Studios (SA) Pty Ltd Passwordstate v.Build 9785 and before allows a local attacker to execute arbitrary code via a crafted request. |
The EventPrime WordPress plugin before 3.2.0 does not have CSRF checks when creating bookings, which could allow attackers to make logged in users create unwanted bookings via CSRF attacks. |
The EventPrime WordPress plugin before 3.2.0 does not have CSRF checks when creating bookings, which could allow attackers to make logged in users create unwanted bookings via CSRF attacks. |
Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, the `config/save` and `config/set` endpoints of Frigate do not implement any CSRF protection. This makes it possible for a request sourced...Show more |
Cross Site Request Forgery (CSRF) vulnerability in DouHaocms v.3.3 allows a remote attacker to execute arbitrary code via the adminAction.class.php file. |
baserCMS is a website development framework. Prior to version 4.8.0, there is a cross site request forgery vulnerability in the content preview feature of baserCMS. Version 4.8.0 contains a patch for this issue. |
1I13websolution 1Thumbnail Slider With Lightbox Jun 17, 2026 Oct 27, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the addedit functionality. This makes it possibl...Show more |
ZenTao Biz version 4.1.3 and before is vulnerable to Cross Site Request Forgery (CSRF). |
IceCMS v2.0.1 is vulnerable to Cross Site Request Forgery (CSRF). |
1Sielco 15Analog Fm Transmitter Exc1000gt Firmware Analog Fm Transmitter Exc1000gx FirmwareAnalog Fm Transmitter Exc100gt Firmware+12 moreJun 17, 2026 Oct 26, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative...Show more |
Cross-Site Request Forgery (CSRF) vulnerability in Mihai Iova WordPress Knowledge base & Documentation Plugin – WP Knowledgebase plugin <= 1.3.4 versions. |