← Back
CWE-352

9,384 CVEs • Abstraction: Compound • Likelihood of Exploit: Medium

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

JSON object

Loading...

CVEs (9,384)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
1Josie
1Auto Excerpt Everywhere
Jun 17, 2026
Nov 6, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Serena Villa Auto Excerpt everywhere plugin <= 1.5 versions.
1Zixn
1Original Texts Yandex Webmaster
Jun 17, 2026
Nov 6, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Djo Original texts Yandex WebMaster plugin <= 1.18 versions.
1Nazmulhossainnihal
1Login Screen Manager
Jun 17, 2026
Nov 6, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) leading to a Stored Cross-Site Scripting (XSS) vulnerability in Nazmul Hossain Nihal Login Screen Manager plugin <= 3.5.2 versions.
1I13websolution
1Video Carousel Slider With Lightbox
Jun 17, 2026
Nov 3, 2023
N/A· v4
5.4 MEDIUM· v3
N/A· v2
The video carousel slider with lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the responsive_video_gallery_with_lightbox_...Show more
The video carousel slider with lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the responsive_video_gallery_with_lightbox_video_management_func() function. This makes it possible for unauthenticated attackers to delete videos hosted from the video slider via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
1Ibm
2Cics Tx
Txseries For Multiplatforms
Jun 17, 2026
Nov 3, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions trans...Show more
IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 266057.Show less
1Pkp
1Pkp Web Application Library
Jun 17, 2026
Nov 1, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
1Pkp
1Pkp Web Application Library
Jun 17, 2026
Nov 1, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
1Sfu
1Customlocale
Jun 17, 2026
Nov 1, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) in GitHub repository pkp/customLocale prior to 1.2.0-1.
1Sfu
1Pkp Web Application Library
Jun 17, 2026
Nov 1, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
1Clickstudios
1Passwordstate
Jun 17, 2026
Oct 31, 2023
N/A· v4
3.5 LOW· v3
N/A· v2
Cross Site Request Forgery vulnerability in Click Studios (SA) Pty Ltd Passwordstate v.Build 9785 and before allows a local attacker to execute arbitrary code via a crafted request.
1Metagauss
1Eventprime
Jun 17, 2026
Oct 31, 2023
N/A· v4
4.3 MEDIUM· v3
N/A· v2
The EventPrime WordPress plugin before 3.2.0 does not have CSRF checks when creating bookings, which could allow attackers to make logged in users create unwanted bookings via CSRF attacks.
1Metagauss
1Eventprime
Jun 17, 2026
Oct 31, 2023
N/A· v4
4.3 MEDIUM· v3
N/A· v2
The EventPrime WordPress plugin before 3.2.0 does not have CSRF checks when creating bookings, which could allow attackers to make logged in users create unwanted bookings via CSRF attacks.
1Frigate
1Frigate
Jun 17, 2026
Oct 30, 2023
N/A· v4
6.8 MEDIUM· v3
N/A· v2
Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, the `config/save` and `config/set` endpoints of Frigate do not implement any CSRF protection. This makes it possible for a request sourced...Show more
Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, the `config/save` and `config/set` endpoints of Frigate do not implement any CSRF protection. This makes it possible for a request sourced from another site to update the configuration of the Frigate server (e.g. via "drive-by" attack). Exploiting this vulnerability requires the attacker to both know very specific information about a user's Frigate server and requires an authenticated user to be tricked into clicking a specially crafted link to their Frigate instance. This vulnerability could exploited by an attacker under the following circumstances: Frigate publicly exposed to the internet (even with authentication); attacker knows the address of a user's Frigate instance; attacker crafts a specialized page which links to the user's Frigate instance; attacker finds a way to get an authenticated user to visit their specialized page and click the button/link. This issue can lead to arbitrary configuration updates for the Frigate server, resulting in denial of service and possible data exfiltration. Version 0.13.0 Beta 3 contains a patch.Show less
1Mnbvcxz131421
1Douhaocms
Jun 17, 2026
Oct 30, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross Site Request Forgery (CSRF) vulnerability in DouHaocms v.3.3 allows a remote attacker to execute arbitrary code via the adminAction.class.php file.
1Basercms
1Basercms
Jun 17, 2026
Oct 30, 2023
N/A· v4
9.8 CRITICAL· v3
N/A· v2
baserCMS is a website development framework. Prior to version 4.8.0, there is a cross site request forgery vulnerability in the content preview feature of baserCMS. Version 4.8.0 contains a patch for this issue.
1I13websolution
1Thumbnail Slider With Lightbox
Jun 17, 2026
Oct 27, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the addedit functionality. This makes it possibl...Show more
The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the addedit functionality. This makes it possible for unauthenticated attackers to upload arbitrary files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
1Zentao
1Biz
Jun 17, 2026
Oct 27, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
ZenTao Biz version 4.1.3 and before is vulnerable to Cross Site Request Forgery (CSRF).
1Macwk
1Icecms
Jun 17, 2026
Oct 27, 2023
N/A· v4
6.5 MEDIUM· v3
N/A· v2
IceCMS v2.0.1 is vulnerable to Cross Site Request Forgery (CSRF).
1Sielco
15Analog Fm Transmitter Exc1000gt Firmware
Analog Fm Transmitter Exc1000gx FirmwareAnalog Fm Transmitter Exc100gt Firmware+12 more
Jun 17, 2026
Oct 26, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative...Show more
The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. Show less
1Wpknowledgebase
1Wp Knowledgebase
Jun 17, 2026
Oct 26, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Mihai Iova WordPress Knowledge base & Documentation Plugin – WP Knowledgebase plugin <= 1.3.4 versions.