← Back
CWE-352

9,384 CVEs • Abstraction: Compound • Likelihood of Exploit: Medium

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

JSON object

Loading...

CVEs (9,384)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
1Joakimling
1Remove Slug From Custom Post Type
Jun 17, 2026
Oct 9, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Joakim Ling Remove slug from custom post type plugin <= 1.0.3 versions.
1Moriyan Jay
1Wp Site Protector
Jun 17, 2026
Oct 9, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Moriyan Jay WP Site Protector plugin <= 2.0 versions.
1Devnath Verma
1Wp Captcha
Jun 17, 2026
Oct 9, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Devnath verma WP Captcha plugin <= 2.0.0 versions.
1Rebing
1Woocommerce Esto
Jun 17, 2026
Oct 9, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Mikk Mihkel Nurges, Rebing OÜ Woocommerce ESTO plugin <= 2.23.1 versions.
1Nxsn
1Wp Hide Pages
Jun 17, 2026
Oct 9, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Huseyin Berberoglu WP Hide Pages plugin <= 1.0 versions.
1Nickduncan
1Contact Form
Jun 17, 2026
Oct 9, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in NickDuncan Contact Form plugin <= 2.0.10 versions.
13ds
1Teamwork Cloud No Magic Release
Jun 17, 2026
Oct 9, 2023
N/A· v4
7.5 HIGH· v3
N/A· v2
A Cross-Site Request Forgery (CSRF) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x could allow with some very specific conditions an attacker to send a specifically craf...Show more
A Cross-Site Request Forgery (CSRF) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x could allow with some very specific conditions an attacker to send a specifically crafted query to the server.Show less
1Mediawiki
1Mediawiki
Jun 17, 2026
Oct 9, 2023
N/A· v4
5.3 MEDIUM· v3
N/A· v2
An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It does not check for the anti-CSRF edit token in Special:SportsTeamsManag...Show more
An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It does not check for the anti-CSRF edit token in Special:SportsTeamsManager and Special:UpdateFavoriteTeams.Show less
1Dylanblokhuis
1Instant Css
Jun 17, 2026
Oct 6, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Dylan Blokhuis Instant CSS plugin <= 1.2.1 versions.
1Fooplugins
1Foogallery
Jun 17, 2026
Oct 6, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in FooPlugins Best WordPress Gallery Plugin – FooGallery plugin <= 2.2.44 versions.
1Checkfront
1Checkfront Online Booking System
Jun 17, 2026
Oct 6, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Checkfront Inc. Checkfront Online Booking System plugin <= 3.6 versions.
1Laposta
1Laposta Signup Basic
Jun 17, 2026
Oct 6, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Laposta - Roel Bousardt Laposta Signup Basic plugin <= 1.4.1 versions.
1Strategy11
1Awp Classifieds
Jun 17, 2026
Oct 6, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in AWP Classifieds Team Ad Directory & Listings by AWP Classifieds plugin <= 4.3 versions.
1Dwbooster
1Cp Blocks
Jun 17, 2026
Oct 6, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in CodePeople CP Blocks plugin <= 1.0.20 versions.
1Bdwm
1Responsive Gallery Grid
Jun 17, 2026
Oct 6, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Jules Colle, BDWM Responsive Gallery Grid plugin <= 2.3.10 versions.
2Heigl
Heiglandreas
2Authldap
Authldap
Jun 17, 2026
Oct 6, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Andreas Heigl authLdap plugin <= 2.5.8 versions.
1Remove/hide Author, Date, Category Like Entry Meta Project
1Remove/hide Author, Date, Category Like Entry Meta
Jun 17, 2026
Oct 6, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Venugopal Remove/hide Author, Date, Category Like Entry-Meta plugin <= 2.1 versions.
1Cluevo
1Learning Management System
Jun 17, 2026
Oct 6, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in CLUEVO CLUEVO LMS, E-Learning Platform plugin <= 1.10.0 versions.
1Fugu
1Maintenance Switch
Jun 17, 2026
Oct 6, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Fugu Maintenance Switch plugin <= 1.5.2 versions.
1Webtechforce
1Simple Org Chart
Jun 17, 2026
Oct 6, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Gangesh Matta Simple Org Chart plugin <= 2.3.4 versions.