← Back
CWE-352

9,384 CVEs • Abstraction: Compound • Likelihood of Exploit: Medium

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

JSON object

Loading...

CVEs (9,384)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
1Easy Appointments
1Easy Appointments
Jun 17, 2026
Jul 17, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Nikola Loncar Easy Appointments plugin <= 3.11.9 versions.
1Faboba
1Falang
Jun 17, 2026
Jul 17, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Faboba Falang multilanguage for WordPress plugin <= 1.3.39 versions.
1Woocommerce
1Shipping Multiple Addresses
Jun 17, 2026
Jul 17, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Shipping Multiple Addresses plugin <= 3.8.5 versions.
1Woocommerce
1Automatewoo
Jun 17, 2026
Jul 17, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce AutomateWoo plugin <= 5.7.5 versions.
1Woocommerce
1Woocommerce Order Barcodes
Jun 17, 2026
Jul 17, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Order Barcodes plugin <= 1.6.4 versions.
1Etoilewebdesign
1Front End Users
Jun 17, 2026
Jul 17, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Etoile Web Design Front End Users plugin <= 3.2.24 versions.
1Hasthemes
1Woolentor Woocommerce Elementor Addons + Builder
Jun 17, 2026
Jul 17, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in HasThemes ShopLentor plugin <= 2.6.2 versions.
1Wpexperts
1Post Smtp
Jun 17, 2026
Jul 17, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
The POST SMTP Mailer WordPress plugin before 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the manage_postman_smtp capability resend an email to an...Show more
The POST SMTP Mailer WordPress plugin before 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the manage_postman_smtp capability resend an email to an arbitrary address (for example a password reset email could be resent to an attacker controlled email, and allow them to take over an account).Show less
1Woocommerce
1Brands
Jun 17, 2026
Jul 17, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Brands plugin <= 1.6.49 versions.
1Wpexperts
1Mycred
Jun 17, 2026
Jul 17, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in myCred plugin <= 2.5 versions.
1Really Simple Plugins
1Recipe Maker For Your Food Blog From Zip Recipes
Jun 17, 2026
Jul 17, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Really Simple Plugins Recipe Maker For Your Food Blog from Zip Recipes plugin <= 8.0.7 versions.
1Wpexperts
1Wp Pdf Generator
Jun 17, 2026
Jul 17, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in wpexperts.Io WP PDF Generator plugin <= 1.2.2 versions.
1Ultimatemember
1Ultimate Member
Jun 17, 2026
Jul 17, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Ultimate Member plugin <= 2.6.0 versions.
1Inactive User Deleter Project
1Inactive User Deleter
Jun 17, 2026
Jul 17, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Korol Yuriy aka Shra Inactive User Deleter plugin <= 1.59 versions.
1Wp Reroute Email Project
1Wp Reroute Email
Jun 17, 2026
Jul 17, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Sajjad Hossain WP Reroute Email plugin <= 1.4.6 versions.
1Premmerce
1Premmerce
Jun 17, 2026
Jul 17, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Premmerce plugin <= 1.3.17 versions.
1Awplife
1Album Gallery
Jun 17, 2026
Jul 17, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Album Gallery – WordPress Gallery plugin <= 1.4.9 versions.
1Vibethemes
1Vslider
Jun 17, 2026
Jul 17, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Mr.Vibe vSlider Multi Image Slider for WordPress plugin <= 4.1.2 versions.
1Pnp4nagios
1Pnp4nagios
Jun 17, 2026
Jul 15, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
PNP4Nagios through 81ebfc5 lacks CSRF protection in the AJAX controller. This affects 0.6.26.
1Archerirm
1Archer
Jun 17, 2026
Jul 14, 2023
N/A· v4
8.0 HIGH· v3
N/A· v2
Cross Site Request Forgery (CSRF) vulnerability in Archer Platform before v.6.13 and fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to execute arbitrary code via a crafted request.