← Back
CWE-352

9,375 CVEs • Abstraction: Compound • Likelihood of Exploit: Medium

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

JSON object

Loading...

CVEs (9,375)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
1Wpvar
1Wp Shamsi
Jun 17, 2026
Mar 27, 2023
N/A· v4
6.5 MEDIUM· v3
N/A· v2
The WP Shamsi WordPress plugin through 4.3.3 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber delete attachment.
1Wordpress Ping Optimizer Project
1Wordpress Ping Optimizer
Jun 17, 2026
Mar 27, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Pankaj Jha WordPress Ping Optimizer plugin <= 2.35.1.2.3 versions.
1Moodle
1Moodle
Jun 17, 2026
Mar 23, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
The link to reset all templates of a database activity did not include the necessary token to prevent a CSRF risk.
1Cisco
1Sd Wan
Jun 17, 2026
Mar 23, 2023
N/A· v4
8.1 HIGH· v3
N/A· v2
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vul...Show more
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. These actions could include modifying the system configuration and deleting accounts.Show less
1Opennms
2Horizon
Meridian
Jun 17, 2026
Mar 22, 2023
N/A· v4
6.7 MEDIUM· v3
N/A· v2
A form can be manipulated with cross-site request forgery in multiple versions of OpenNMS Meridian and Horizon. This can potentially allow an attacker to gain access to confidential information and compromise integrity....Show more
A form can be manipulated with cross-site request forgery in multiple versions of OpenNMS Meridian and Horizon. This can potentially allow an attacker to gain access to confidential information and compromise integrity. The solution is to upgrade to Meridian 2023.1.1 or Horizon 31.0.6 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. Show less
1Dash10
1Oauth Server
Jun 17, 2026
Mar 20, 2023
N/A· v4
4.3 MEDIUM· v3
N/A· v2
The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.3.0 has a flawed CSRF and authorisation check when deleting a client, which could allow any authenticated users, such as subscriber to delete arbitrary...Show more
The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.3.0 has a flawed CSRF and authorisation check when deleting a client, which could allow any authenticated users, such as subscriber to delete arbitrary client.Show less
1Admin Log Project
1Admin Log
Jun 17, 2026
Mar 20, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in David Gwyer Admin Log plugin <= 1.50 versions.
1Superior Faq Project
1Superior Faq
Jun 17, 2026
Mar 20, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Rafael Dery Superior FAQ plugin <= 1.0.2 versions.
1Online Exam Software \
1 Eexamhall Project
Jun 17, 2026
Mar 20, 2023
N/A· v4
6.5 MEDIUM· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Aarvanshinfotech Online Exam Software: eExamhall plugin <= 4.0 versions.
1Universal Star Rating Project
1Universal Star Rating
Jun 17, 2026
Mar 17, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Chasil Universal Star Rating plugin <= 2.1.0 version.
1Obox
1Launchpad Coming Soon & Maintenance Mode Plugin
Jun 17, 2026
Mar 17, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Obox Themes Launchpad – Coming Soon & Maintenance Mode plugin <= 1.0.13 versions.
1Rapidload
1Rapidload Power Up For Autoptimize
Jun 17, 2026
Mar 17, 2023
N/A· v4
6.3 MEDIUM· v3
N/A· v2
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on its AJAX actions. T...Show more
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on its AJAX actions. This makes it possible for unauthenticated attackers to invoke those functions, via forged request granted they can trick a site administrator into performing an action such as clicking on a link. Actions include resetting the API key, accessing or deleting log files, and deleting cache among others.Show less
1Social Login Wp Project
1Social Login Wp
Jun 17, 2026
Mar 16, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Social Login WP plugin <= 5.0.0.0 versions.
1Cozmoslabs
1Client Portal
Jun 17, 2026
Mar 15, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs, Madalin Ungureanu, Antohe Cristian Client Portal – Private user pages and login plugin <= 1.1.8 versions.
1Plainware
1Locatoraid
Jun 17, 2026
Mar 15, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Plainware Locatoraid Store Locator plugin <= 3.9.11 versions.
1Rextheme
1Wp Vr
Jun 17, 2026
Mar 15, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Rextheme WP VR – 360 Panorama and Virtual Tour Builder For WordPress plugin <= 8.2.7 versions.
1My Calendar Project
1My Calendar
Jun 17, 2026
Mar 15, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My Calendar plugin <= 3.3.24.1 versions.
1Jizhicms
1Jizhicms
Jun 17, 2026
Mar 15, 2023
N/A· v4
6.5 MEDIUM· v3
N/A· v2
A Cross-Site Request Forgery (CSRF) in /Sys/index.html of Jizhicms v2.4.5 allows attackers to arbitrarily make configuration changes within the application.
1Microsoft
1Dynamics 365
Jun 17, 2026
Mar 14, 2023
N/A· v4
5.4 MEDIUM· v3
N/A· v2
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
2Online Food Ordering System Project
Oretnom23
2Online Food Ordering System
Online Food Ordering System
Jun 17, 2026
Mar 14, 2023
N/A· v4
6.5 MEDIUM· v3
N/A· v2
A Cross-Site Request Forgery (CSRF) in Online Food Ordering System v1.0 allows attackers to change user details and credentials via a crafted POST request.