← Back
CWE-352

9,364 CVEs • Abstraction: Compound • Likelihood of Exploit: Medium

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

JSON object

Loading...

CVEs (9,364)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
1Wickedplugins
1Wicked Folders
Jun 17, 2026
Feb 8, 2023
N/A· v4
4.3 MEDIUM· v3
N/A· v2
The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_unassign_folders function. T...Show more
The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_unassign_folders function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin..Show less
1Wallabag
1Wallabag
Jun 17, 2026
Feb 7, 2023
N/A· v4
6.5 MEDIUM· v3
N/A· v2
Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.5.4.
1Wickedplugins
1Wicked Folders
Jun 17, 2026
Feb 7, 2023
N/A· v4
4.3 MEDIUM· v3
N/A· v2
The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_save_folder_order function....Show more
The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_save_folder_order function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin.Show less
1Wickedplugins
1Wicked Folders
Jun 17, 2026
Feb 7, 2023
N/A· v4
4.3 MEDIUM· v3
N/A· v2
The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_delete_folder function. This...Show more
The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_delete_folder function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin.Show less
1Wickedplugins
1Wicked Folders
Jun 17, 2026
Feb 7, 2023
N/A· v4
4.3 MEDIUM· v3
N/A· v2
The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_move_object function. This m...Show more
The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_move_object function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin.Show less
1Wickedplugins
1Wicked Folders
Jun 17, 2026
Feb 7, 2023
N/A· v4
4.3 MEDIUM· v3
N/A· v2
The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_save_folder function. This m...Show more
The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_save_folder function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin.Show less
10mk Shortener Project
10mk Shortener
Jun 17, 2026
Feb 6, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
The 0mk Shortener plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on the zeromk_options_page function. This mak...Show more
The 0mk Shortener plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on the zeromk_options_page function. This makes it possible for unauthenticated attackers to inject malicious web scripts via the 'zeromk_user' and 'zeromk_apikluc' parameters through a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
1Wzone Project
1Wzone
Jun 17, 2026
Feb 6, 2023
N/A· v4
6.5 MEDIUM· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in AA-Team WZone – Lite Version plugin 3.1 Lite versions.
1Xuxueli
1Xxl Job
Jun 17, 2026
Feb 4, 2023
N/A· v4
6.5 MEDIUM· v3
5.0 MEDIUM· v2
A vulnerability, which was classified as problematic, has been found in XXL-JOB 2.3.1. Affected by this issue is some unknown functionality of the file /user/updatePwd of the component New Password Handler. The manipulat...Show more
A vulnerability, which was classified as problematic, has been found in XXL-JOB 2.3.1. Affected by this issue is some unknown functionality of the file /user/updatePwd of the component New Password Handler. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220196.Show less
1Modern Honey Network Project
1Modern Honey Network
Jun 17, 2026
Feb 3, 2023
N/A· v4
6.5 MEDIUM· v3
N/A· v2
Incorrect Access Control vulnerability in Modern Honey Network commit 0abf0db9cd893c6d5c727d036e1f817c02de4c7b allows remote attackers to view sensitive information via crafted PUT request to Web API.
1Thedaylightstudio
1Fuel Cms
Jun 17, 2026
Feb 3, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /permissions/delete/2---.
1Thedaylightstudio
1Fuel Cms
Jun 17, 2026
Feb 3, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /users/delete/2.
1Txjia
1Imcat
Jun 17, 2026
Feb 3, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross Site Request Forgery (CSRF) vulnerability in imcat 5.4 allows remote attackers to gain escalated privileges via flaws one time token generation on the add administrator page.
1Txjia
1Imcat
Jun 17, 2026
Feb 3, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross Site Request Forgery vulnerability in imcat 5.4 allows remote attackers to escalate privilege via lack of token verification.
1Creativeitem
1Academy Lms
Jun 17, 2026
Feb 3, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows attackers to arbitrarily add Administrator users.
1Creativeitem
1Academy Lms
Jun 17, 2026
Feb 3, 2023
N/A· v4
4.8 MEDIUM· v3
N/A· v2
A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows an attacker to arbitrarily create a page.
1Creativeitem
1Academy Lms
Jun 17, 2026
Feb 3, 2023
N/A· v4
4.3 MEDIUM· v3
N/A· v2
A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows a discount coupon to be arbitrarily created if an attacker with administrative privileges interacts on the CSRF page.
1Wiselyhub
1Js Help Desk
Jun 17, 2026
Feb 2, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in JS Help Desk plugin <= 2.7.1 versions.
1Wptrio
1Conditional Shipping For Woocommerce
Jun 17, 2026
Feb 2, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Lauri Karisola / WP Trio Conditional Shipping for WooCommerce plugin <= 2.3.1 versions.
1Wpvibes
1Wp Mail Log
Jun 17, 2026
Feb 2, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) in WPVibes WP Mail Log plugin <= 1.0.1 versions.