← Back
CWE-352

9,383 CVEs • Abstraction: Compound • Likelihood of Exploit: Medium

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

JSON object

Loading...

CVEs (9,383)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
1Issabel
1Pbx
Jun 17, 2026
Jul 11, 2023
N/A· v4
8.1 HIGH· v3
N/A· v2
Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via the delete user grouplist function.
1Issabel
1Pbx
Jun 17, 2026
Jul 11, 2023
N/A· v4
8.1 HIGH· v3
N/A· v2
Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via a crafted script to the deleteuser function.
1Rockwellautomation
1Enhanced Him
Jun 17, 2026
Jul 11, 2023
N/A· v4
9.6 CRITICAL· v3
N/A· v2
The Rockwell Automation Enhanced HIM software contains an API that the application uses that is not protected sufficiently and uses incorrect Cross-Origin Resource Sharing (CORS) settings and, as a result, is vulnerabl...Show more
The Rockwell Automation Enhanced HIM software contains an API that the application uses that is not protected sufficiently and uses incorrect Cross-Origin Resource Sharing (CORS) settings and, as a result, is vulnerable to a Cross Site Request Forgery (CSRF) attack. To exploit this vulnerability, a malicious user would have to convince a user to click on an untrusted link through a social engineering attack or successfully perform a Cross Site Scripting Attack (XSS). Exploitation of a CSRF could potentially lead to sensitive information disclosure and full remote access to the affected products. Show less
1Vibethemes
1Wordpress Learning Management System
Jun 17, 2026
Jul 11, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in VibeThemes WPLMS theme <= 4.900 versions.
1Wepupil
1Quiz Expert Easy Quiz Maker, Exam And Test Manager
Jun 17, 2026
Jul 11, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in WePupil Quiz Expert plugin <= 1.5.0 versions.
1Template Debugger Project
1Template Debugger
Jun 17, 2026
Jul 11, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Danny Hearnah - ChubbyNinjaa Template Debugger plugin <= 3.1.2 versions.
1Storeapps
1Stock Manager For Woocommerce
Jun 17, 2026
Jul 11, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in StoreApps Stock Manager for WooCommerce plugin <= 2.10.0 versions.
1Securimage Wp Fixed Project
1Securimage Wp Fixed
Jun 17, 2026
Jul 11, 2023
N/A· v4
4.3 MEDIUM· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Drew Phillips Securimage-WP plugin <= 3.6.16 versions.
1Disable Wordpress Update Notifications And Auto Update Email Notifications Project
1Disable Wordpress Update Notifications And Auto Update Email Notifications
Jun 17, 2026
Jul 11, 2023
N/A· v4
6.5 MEDIUM· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Prem Tiwari Disable WordPress Update Notifications and auto-update Email Notifications plugin <= 2.3.3 versions.
1Target Info
1Mycurator Content Curation
Jun 17, 2026
Jul 11, 2023
N/A· v4
6.5 MEDIUM· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Mark Tilly MyCurator Content Curation plugin <= 3.74 versions.
1Pagup
1Better Robots.txt
Jun 17, 2026
Jul 11, 2023
N/A· v4
6.5 MEDIUM· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Pagup WordPress Robots.Txt optimization plugin <= 1.4.5 versions.
1Wow Company
1Button Generator
Jun 17, 2026
Jul 11, 2023
N/A· v4
6.5 MEDIUM· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Button Generator – easily Button Builder plugin <= 2.3.5 versions.
1Tiggerswelt
1Worthy
Jun 17, 2026
Jul 11, 2023
N/A· v4
6.5 MEDIUM· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in tiggersWelt.Net Worthy plugin <= 1.6.5-6497609 versions.
1Galleria Project
1Galleria
Jun 17, 2026
Jul 11, 2023
N/A· v4
6.5 MEDIUM· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Andy Whalen Galleria plugin <= 1.0.3 versions.
1Recent Posts Slider Project
1Recent Posts Slider
Jun 17, 2026
Jul 11, 2023
N/A· v4
6.5 MEDIUM· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Neha Goel Recent Posts Slider plugin <= 1.1 versions.
1Areoi
1All Bootstrap Blocks
Jun 17, 2026
Jul 11, 2023
N/A· v4
6.5 MEDIUM· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in AREOI All Bootstrap Blocks plugin <= 1.3.6 versions.
1Wordpress Nextgen Galleryview Project
1Wordpress Nextgen Galleryview
Jun 17, 2026
Jul 11, 2023
N/A· v4
6.5 MEDIUM· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in John Brien WordPress NextGen GalleryView plugin <= 0.5.5 versions.
1Web Settler
1Layer Slider
Jun 17, 2026
Jul 11, 2023
N/A· v4
6.5 MEDIUM· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Muneeb Layer Slider plugin <= 1.1.9.7 versions.
1Dontdream
1Menubar
Jun 17, 2026
Jul 11, 2023
N/A· v4
6.5 MEDIUM· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Andrea Tarantini Menubar plugin <= 5.8.2 versions.
1Wpmobilepack
1Wordpress Mobile Pack
Jun 17, 2026
Jul 11, 2023
N/A· v4
6.5 MEDIUM· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in WPMobilePack.Com WordPress Mobile Pack – Mobile Plugin for Progressive Web Apps & Hybrid Mobile Apps plugin <= 3.4.1 versions.