CWE-352
9,384 CVEs • Abstraction: Compound • Likelihood of Exploit: Medium
Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
CVEs (9,384)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Pluginus 1Bear Woocommerce Bulk Editor And Products Manager Professional Jun 17, 2026 Oct 20, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to missing capability checks on the woobe_bulkoperations_delete function. This makes it possible for au...Show more |
1Pluginus 1Bear Woocommerce Bulk Editor And Products Manager Professional Jun 17, 2026 Oct 20, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_delete function. This makes i...Show more |
The ImageMagick Engine plugin for WordPress is vulnerable to remote code execution via the 'cli_path' parameter in versions up to, and including 1.7.5. This makes it possible for unauthenticated users to run arbitrary co...Show more |
The Custom CSS, JS & PHP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.7. This is due to missing or incorrect nonce validation on the save() function. This makes i...Show more |
The Woody code snippets plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.9. This is due to missing or incorrect nonce validation on the runActions() function. This ma...Show more |
1Themeisle 1Rss Aggregator By Feedzy Jun 17, 2026 Oct 20, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The RSS Aggregator by Feedzy plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4.2. This is due to missing or incorrect nonce validation on the save_feedzy_post_type_met...Show more |
The Customizr theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.3.0. This is due to missing or incorrect nonce validation on the czr_fn_post_fields_save() function. This...Show more |
1Strangerstudios 1Paid Memberships Pro Jun 17, 2026 Oct 20, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Paid Memberships Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.2. This is due to missing or incorrect nonce validation on the pmpro_page_save() function....Show more |
The Hueman theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6.3. This is due to missing or incorrect nonce validation on the save_meta_box() function. This makes it poss...Show more |
The Coupon Creator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1. This is due to missing or incorrect nonce validation on the save_meta() function. This makes it p...Show more |
1Seedprod 1Website Builder By Seedprod Jun 17, 2026 Oct 20, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Website Builder by SeedProd plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.15.13.1. This is due to missing or incorrect nonce validation on functionality in the b...Show more |
1Pluginus 1Bear Woocommerce Bulk Editor And Products Manager Professional Jun 17, 2026 Oct 20, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_visibility function. This mak...Show more |
1Pluginus 1Bear Woocommerce Bulk Editor And Products Manager Professional Jun 17, 2026 Oct 20, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_swap function. This makes it...Show more |
1Pluginus 1Bear Woocommerce Bulk Editor And Products Manager Professional Jun 17, 2026 Oct 20, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_apply_default_combination fun...Show more |
1Pluginus 1Bear Woocommerce Bulk Editor And Products Manager Professional Jun 17, 2026 Oct 20, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the create_profile function. This makes it possible fo...Show more |
1Pluginus 1Bear Woocommerce Bulk Editor And Products Manager Professional Jun 17, 2026 Oct 20, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_save_options function. This makes it possibl...Show more |
1Home Assistant 1Home Assistant Companion Jun 17, 2026 Oct 19, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 The Home Assistant Companion for iOS and macOS app up to version 2023.4 are vulnerable to Client-Side Request Forgery. Attackers may send malicious links/QRs to victims that, when visited, will make the victim to call ar...Show more |
1Commscope 1Ruckus Cloudpath Enrollment System Jun 17, 2026 Oct 19, 2023 N/A· v4 9.6 CRITICAL· v3 N/A· v2 A vulnerability in the web-based interface of the RUCKUS Cloudpath product on version 5.12 build 5538 or before to could allow a remote, unauthenticated attacker to execute persistent XSS and CSRF attacks against a user...Show more |
The affected product is vulnerable to a cross-site request forgery vulnerability, which may allow an attacker to perform actions with the permissions of a victim user.
|
1Trustedindex 1Widgets For Google Reviews Jun 17, 2026 Oct 18, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Widgets for Google Reviews plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 10.9. This is due to missing or incorrect nonce validation within setup_no_reg_header.php....Show more |