CWE-352
9,366 CVEs • Abstraction: Compound • Likelihood of Exploit: Medium
Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
CVEs (9,366)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
PrestaShop is an open source e-commerce web application that, prior to version 8.0.1, is vulnerable to cross-site request forgery (CSRF). When authenticating users, PrestaShop preserves session attributes. Because this d...Show more |
Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto Affiliate Links plugin <= 6.3.0.2 versions. |
Cross-Site Request Forgery (CSRF) vulnerability in A2 Hosting A2 Optimized WP plugin <= 3.0.4 versions. |
Cross-Site Request Forgery (CSRF) vulnerability in PixelYourSite PixelYourSite – Your smart PIXEL (TAG) Manager plugin <= 9.3.0 versions. |
Cross-Site Request Forgery (CSRF) vulnerability in RegistrationMagic plugin <= 5.1.9.2 versions. |
Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My Tickets plugin <= 1.9.10 versions. |
1Voidcoders 1Void Contact Form 7 Widget For Elementor Page Builder Jun 17, 2026 Mar 13, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in voidCoders Void Contact Form 7 Widget For Elementor Page Builder plugin <= 2.1.1 versions. |
1Rapidload 2Power Up For Autoptimize Rapidload Power Up For AutoptimizeJun 17, 2026 Mar 10, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the clear_page_cach...Show more |
1Rapidload 2Power Up For Autoptimize Rapidload Power Up For AutoptimizeJun 17, 2026 Mar 10, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the queue_posts fun...Show more |
1Rapidload 2Power Up For Autoptimize Rapidload Power Up For AutoptimizeJun 17, 2026 Mar 10, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the uucss_update_ru...Show more |
1Rapidload 2Power Up For Autoptimize Rapidload Power Up For AutoptimizeJun 17, 2026 Mar 10, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the attach_rule fun...Show more |
1Rapidload 2Power Up For Autoptimize Rapidload Power Up For AutoptimizeJun 17, 2026 Mar 10, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the ucss_connect fu...Show more |
1Rapidload 2Power Up For Autoptimize Rapidload Power Up For AutoptimizeJun 17, 2026 Mar 10, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the ajax_deactivate...Show more |
1Rapidload 2Power Up For Autoptimize Rapidload Power Up For AutoptimizeJun 17, 2026 Mar 10, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the clear_uucss_log...Show more |
NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 is vulnerable to cross-site request forgery attacks on all endpoints due to improperly implemented CSRF protections. |
NextAuth.js is an open source authentication solution for Next.js applications. `next-auth` applications using OAuth provider versions before `v4.20.1` have been found to be subject to an authentication vulnerability. A...Show more |
The WP Statistics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 13.1.1. This is due to missing or incorrect nonce validation on the view() function. This makes it poss...Show more |
The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.3.9. This is due to missing nonce validation on the backup_guard_get_import...Show more |
The Replyable WordPress plugin before 2.2.10 does not validate the class name submitted by the request when instantiating an object in the prompt_dismiss_notice action and also lacks CSRF check in the related action. Thi...Show more |
A CSRF vulnerability allows malicious websites to retrieve logs and technical support archives in Sophos Connect versions older than 2.2.90. |