CWE-352
9,384 CVEs • Abstraction: Compound • Likelihood of Exploit: Medium
Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
CVEs (9,384)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
Aruba AirWave before 8.0.7 allows bypass of a CSRF protection mechanism. |
The Profile Builder WordPress plugin before 3.9.8 lacks authorisation and CSRF in its page creation function which allows unauthenticated users to create the register, log-in and edit-profile pages from the plugin on the...Show more |
StarTrinity Softswitch version 2023-02-16 - Multiple CSRF (CWE-352)
|
1Selinc 1Sel 5037 Sel Grid Configurator Jun 17, 2026 Aug 31, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A Cross-Site Request Forgery (CSRF) vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to embed instructions that could be executed by an authorized device op...Show more |
1Rednao 1Woocommerce Pdf Invoice Builder Jun 17, 2026 Aug 31, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The WooCommerce PDF Invoice Builder for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the SaveCustomField function in versions up to, and including, 1.2.90. This makes it possible...Show more |
The Waiting: One-click countdowns plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.6.2. This is due to missing or incorrect nonce validation on its AJAX actions. This m...Show more |
1Rednao 1Woocommerce Pdf Invoice Builder Jun 17, 2026 Aug 31, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The WooCommerce PDF Invoice Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.90. This is due to missing or incorrect nonce validation on the Save function. Th...Show more |
1Sureshchand 1Chp Ads Block Detector Jun 17, 2026 Aug 31, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The CHP Ads Block Detector plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.9.4. This is due to missing or incorrect nonce validation on the chp_abd_action function. Th...Show more |
The WP Directory Kit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on the 'admin_page_display' function. Th...Show more |
The Subscribers Text Counter WordPress plugin before 1.7.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, which also lea...Show more |
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force...Show more |
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The create action is vulnerable to a CSRF attack, allowing script and thus remote code execution when targeting a u...Show more |
A cross-site request forgery (CSRF) vulnerability in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another m...Show more |
Cross Site Request Forgery (CSRF) vulnerability in Chamilo v.1.11 thru v.1.11.20 allows a remote authenticated privileged attacker to execute arbitrary code. |
Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.6.3. |
Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.6.3. |
Social media skeleton is an uncompleted/framework social media project implemented using a php, css ,javascript and html. A Cross-site request forgery (CSRF) attack is a type of malicious attack whereby an attacker trick...Show more |
1Pluginus 1Wolf Wordpress Posts Bulk Editor And Products Manager Professional Jun 17, 2026 Aug 18, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional plugin <= 1.0.6 versions. |
1Cisco 23Ip Conference Phone 7832 With Multiplatform Firmware Ip Conference Phone 8831 With Multiplatform FirmwareIp Conference Phone 8832 With Multiplatform Firmware+20 moreJun 17, 2026 Aug 16, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSR...Show more |
A cross-site request forgery (CSRF) vulnerability in Jenkins Favorite View Plugin 5.v77a_37f62782d and earlier allows attackers to add or remove views from another user's favorite views tab bar. |