← Back
CWE-352

9,383 CVEs • Abstraction: Compound • Likelihood of Exploit: Medium

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

JSON object

Loading...

CVEs (9,383)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
1Jenkins
1Lightweight Directory Access Protocol
Jun 17, 2026
May 16, 2023
N/A· v4
4.3 MEDIUM· v3
N/A· v2
A cross-site request forgery (CSRF) vulnerability in Jenkins LDAP Plugin allows attackers to connect to an attacker-specified LDAP server using attacker-specified credentials.
1Infigosoftware
1Clock In Portal Staff & Attendance Management
Jun 17, 2026
May 15, 2023
N/A· v4
4.3 MEDIUM· v3
N/A· v2
The Clock In Portal- Staff & Attendance Management WordPress plugin through 2.1 does not have CSRF check when deleting Holidays, which could allow attackers to make logged in admins delete arbitrary holidays via a CSRF a...Show more
The Clock In Portal- Staff & Attendance Management WordPress plugin through 2.1 does not have CSRF check when deleting Holidays, which could allow attackers to make logged in admins delete arbitrary holidays via a CSRF attackShow less
1Uni
1Unifi Os
Jun 17, 2026
May 11, 2023
N/A· v4
6.5 MEDIUM· v3
N/A· v2
A Cross-site WebSocket Hijacking (CSWSH) vulnerability found in UniFi OS 2.5 and earlier allows a malicious actor to access certain confidential information by persuading a UniFi OS user to visit a malicious webpage.Affe...Show more
A Cross-site WebSocket Hijacking (CSWSH) vulnerability found in UniFi OS 2.5 and earlier allows a malicious actor to access certain confidential information by persuading a UniFi OS user to visit a malicious webpage.Affected Products:Cloud Key Gen2Cloud Key Gen2 PlusUNVRUNVR ProfessionalUDMUDM ProfessionalUDM SEUDRMitigation:Update affected products to UniFi OS 3.0.13 or later.Show less
1Rockwellautomation
1Factorytalk Vantagepoint
Jun 17, 2026
May 11, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
A cross site request forgery vulnerability exists in Rockwell Automation's FactoryTalk Vantagepoint. This vulnerability can be exploited in two ways. If an attacker sends a malicious link to a computer that is on the sa...Show more
A cross site request forgery vulnerability exists in Rockwell Automation's FactoryTalk Vantagepoint. This vulnerability can be exploited in two ways. If an attacker sends a malicious link to a computer that is on the same domain as the FactoryTalk Vantagepoint server and a user clicks the link, the attacker could impersonate the legitimate user and send requests to the affected product.  Additionally, if an attacker sends an untrusted link to a computer that is not on the same domain as the server and a user opens the FactoryTalk Vantagepoint website, enters credentials for the FactoryTalk Vantagepoint server, and clicks on the malicious link a cross site request forgery attack would be successful as well. Show less
1Wpmart
1Interactive Svg Image Map Builder
Jun 17, 2026
May 10, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Nickys Image Map Pro for WordPress - Interactive SVG Image Map Builder plugin < 5.6.9 versions.
1Lqd
1Liquid Speech Balloon
Jun 17, 2026
May 10, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-site request forgery (CSRF) vulnerability in LIQUID SPEECH BALLOON versions prior to 1.2 allows a remote unauthenticated attacker to hijack the authentication of a user and to perform unintended operations by havin...Show more
Cross-site request forgery (CSRF) vulnerability in LIQUID SPEECH BALLOON versions prior to 1.2 allows a remote unauthenticated attacker to hijack the authentication of a user and to perform unintended operations by having a user view a malicious page.Show less
1Esri
1Portal For Arcgis
Jun 17, 2026
May 9, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
There is a cross-site-request forgery vulnerability in Esri Portal for ArcGIS Versions 11.0 and below that may allow an attacker to trick an authorized user into executing unwanted actions.
1Verydows
1Verydows
Jun 17, 2026
May 9, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross Site Request Forgery (CSRF) vulnerability found in Verytops Verydows all versions that allows an attacker to execute arbitrary code via a crafted script.
1Enable/disable Auto Login When Register Project
1Enable/disable Auto Login When Register
Jun 17, 2026
May 8, 2023
N/A· v4
6.5 MEDIUM· v3
N/A· v2
The Enable/Disable Auto Login when Register WordPress plugin through 1.1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
1Flycms Project
1Flycms
Jun 17, 2026
May 8, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross Site Request Forgery (CSRF) vulnerability in FlyCms 1.0 allows attackers to add arbitrary administrator accounts via system/admin/admin_save.
1Beescms
1Beescms
Jun 17, 2026
May 8, 2023
N/A· v4
6.5 MEDIUM· v3
N/A· v2
Cross Site Request Forgery (CSRF) vulnerability in beescms v4 allows attackers to delete the administrator account via crafted request to /admin/admin_admin.php.
1Clanscripts Project
1Clanscripts
Jun 17, 2026
May 8, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross Site Request Forgery (CSRF) vulnerability in Bluethrust Clan Scripts v4 allows attackers to escilate privledges to an arbitrary account via a crafted request to /members/console.php?cID=5.
1Bumsys Project
1Bumsys
Jun 17, 2026
May 5, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) in GitHub repository unilogies/bumsys prior to 2.1.1.
1Gitlab
1Gitlab
Jun 17, 2026
May 3, 2023
N/A· v4
6.5 MEDIUM· v3
N/A· v2
An issue has been discovered in GitLab EE affecting all versions starting from 14.2 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Lack of verification on...Show more
An issue has been discovered in GitLab EE affecting all versions starting from 14.2 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Lack of verification on RelayState parameter allowed a maliciously crafted URL to obtain access tokens granted for 3rd party Group SAML SSO logins. This feature isn't enabled by default.Show less
1Peepso
1Peepso
Jun 17, 2026
May 3, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by PeepSo plugin <= 6.0.2.0 versions.
1Podsfoundation
1Pods
Jun 17, 2026
May 3, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Pods Framework Team Pods – Custom Content Types and Fields plugin <= 2.9.10.2 versions.
1Tipsandtricks Hq
1Category Specific Rss Feed Subscription
Jun 17, 2026
May 3, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Tips and Tricks HQ, Ruhul Amin Category Specific RSS feed Subscription plugin <= v2.1 versions.
1Getrebuild
1Rebuild
Jun 17, 2026
May 2, 2023
N/A· v4
4.3 MEDIUM· v3
5.0 MEDIUM· v2
A vulnerability has been found in Rebuild 3.2 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploi...Show more
A vulnerability has been found in Rebuild 3.2 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to change the configuration settings. VDB-227866 is the identifier assigned to this vulnerability.Show less
1Chshcms
1Mccms
Jun 17, 2026
Apr 28, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
mccms v2.6.3 is vulnerable to Cross Site Request Forgery (CSRF).
2Builder
Qwik
2Qwik
Qwik
Jun 17, 2026
Apr 26, 2023
N/A· v4
6.5 MEDIUM· v3
N/A· v2
Cross-Site Request Forgery (CSRF) in GitHub repository builderio/qwik prior to 0.104.0.