← Back
CWE-352

9,384 CVEs • Abstraction: Compound • Likelihood of Exploit: Medium

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

JSON object

Loading...

CVEs (9,384)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
1Daxiawp
1Dx Auto Save Images
Jun 17, 2026
Oct 6, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in 大侠wp DX-auto-save-images plugin <= 1.4.0 versions.
1Webtechforce
1Simple Org Chart
Jun 17, 2026
Oct 6, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Gangesh Matta Simple Org Chart plugin <= 2.3.4 versions.
1Dipakgajjar
1Wp Super Minify
Jun 17, 2026
Oct 6, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Dipak C. Gajjar WP Super Minify plugin <= 1.5.1 versions.
1Makestories
1Makestories (for Google Web Stories)
Jun 17, 2026
Oct 6, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in MakeStories Team MakeStories (for Google Web Stories) plugin <= 2.8.0 versions.
1Boldgrid
1Post And Page Builder
Jun 17, 2026
Oct 6, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin <= 1.24.1 versions.
1Sumo
1Social Share Boost
Jun 17, 2026
Oct 6, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Sumo Social Share Boost plugin <= 4.5 versions.
1Royal Elementor Addons
1Royal Elementor Addons
Jun 17, 2026
Oct 6, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in P Royal Royal Elementor Addons and Templates plugin <= 1.3.75 versions.
1Toolstack
1Schedule Posts Calendar
Jun 17, 2026
Oct 6, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Greg Ross Schedule Posts Calendar plugin <= 5.2 versions.
1Smackcoders
1Import All Pages, Post Types, Products, Orders, And Users As Xml & Csv
Nov 21, 2024
Oct 5, 2023
N/A· v4
8.8 HIGH· v3
5.0 MEDIUM· v2
A vulnerability classified as problematic has been found in WP Ultimate CSV Importer Plugin 3.7.2 on WordPress. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initia...Show more
A vulnerability classified as problematic has been found in WP Ultimate CSV Importer Plugin 3.7.2 on WordPress. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 3.7.3 is able to address this issue. The identifier of the patch is 13c30af721d3f989caac72dd0f56cf0dc40fad7e. It is recommended to upgrade the affected component. The identifier VDB-241317 was assigned to this vulnerability.Show less
1Multidots
1Dynamic Pricing And Discount Rules For Woocommerce
Jun 17, 2026
Oct 4, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Dynamic Pricing and Discount Rules for WooCommerce plugin <= 2.4.0 versions.
1Multidots
1Enhanced Ecommerce Google Analytics For Woocommerce
Jun 17, 2026
Oct 4, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Enhanced Ecommerce Google Analytics for WooCommerce plugin <= 3.7.1 versions.
1Yasglobal
1Make Paths Relative
Jun 17, 2026
Oct 4, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in YAS Global Team Make Paths Relative allows Cross Site Request Forgery.This issue affects Make Paths Relative: from n/a through 1.3.0.
1Chetangole
1Wp Copyprotect [protect Your Blog Posts]
Jun 17, 2026
Oct 4, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Chetan Gole WP-CopyProtect [Protect your blog posts] plugin <= 3.1.0 versions.
1Wp Copyprotect Project
1Wp Copyprotect
Jun 17, 2026
Oct 4, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Chetan Gole WP-CopyProtect [Protect your blog posts] plugin <= 3.1.0 versions.
1Cagewebdev
1Optimize Database After Deleting Revisions
Jun 17, 2026
Oct 4, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in CAGE Web Design | Rolf van Gelder Optimize Database after Deleting Revisions plugin <= 5.1 versions.
1Saphali
1Woocommerce
Jun 17, 2026
Oct 4, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Saphali Saphali Woocommerce Lite plugin <= 1.8.13 versions.
1Iwebss
1Update Theme And Plugins From Zip File
Jun 17, 2026
Oct 4, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Jeff Sherk Update Theme and Plugins from Zip File plugin <= 2.0.0 versions.
1Plainviewplugins
1Mycryptocheckout
Jun 17, 2026
Oct 3, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in edward_plainview MyCryptoCheckout plugin <= 2.125 versions.
1Buildfail
1Localize Remote Images
Jun 17, 2026
Oct 3, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Buildfail Localize Remote Images plugin <= 1.0.9 versions.
1Emarketdesign
1Youtube Video Gallery
Jun 17, 2026
Oct 3, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in eMarket Design YouTube Video Gallery by YouTube Showcase plugin <= 3.3.5 versions.