CWE-352
9,364 CVEs • Abstraction: Compound • Likelihood of Exploit: Medium
Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
CVEs (9,364)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
A cross-site request forgery (CSRF) vulnerability in Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs...Show more |
1Jenkins 1Github Pull Request Builder Jun 17, 2026 Jan 26, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 A cross-site request forgery (CSRF) vulnerability in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtaine...Show more |
A cross-site request forgery (CSRF) vulnerability in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained t...Show more |
A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket OAuth Plugin 0.12 and earlier allows attackers to trick users into logging in to the attacker's account. |
A cross-site request forgery (CSRF) vulnerability in Jenkins Gerrit Trigger Plugin 2.38.0 and earlier allows attackers to rebuild previous builds triggered by Gerrit. |
1Edgenexus 1Application Delivery Controller Jun 17, 2026 Jan 23, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 A Cross-Site Request Forgery (CSRF) in the management portal of JetNexus/EdgeNexus ADC 4.2.8 allows attackers to escalate privileges and execute arbitrary code via unspecified vectors. |
1Imageseo 1Optimize Images Alt Text (alt Tag) & Names For Seo Using Ai Jun 17, 2026 Jan 23, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 The Optimize images ALT Text & names for SEO using AI WordPress plugin before 2.0.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CS...Show more |
Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4. |
Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4. |
The Social Warfare plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.3.1. This is due to missing or incorrect nonce validation on several AJAX actions. This makes it pos...Show more |
Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4. |
The Custom 404 Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.7.1. This is due to missing or incorrect nonce validation on the custom_404_pro_admin_init function....Show more |
1Sewio 1Real Time Location System Studio Jun 17, 2026 Jan 18, 2023 N/A· v4 8.1 HIGH· v3 N/A· v2 Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 is vulnerable to cross-site request forgery in its monitor services. An attacker could take advantage of this vulnerability...Show more |
1Sewio 1Real Time Location System Studio Jun 17, 2026 Jan 18, 2023 N/A· v4 8.1 HIGH· v3 N/A· v2 Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 is vulnerable to cross-site request forgery in its backup services. An attacker could take advantage of this vulnerability t...Show more |
1Panasonic 5Vcc Hd2100p Firmware Vcc Hd3100p FirmwareVcc Hd3300 Firmware+2 moreJun 17, 2026 Jan 17, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Panasonic Sanyo CCTV Network Cameras versions 1.02-05 and 2.03-0x are
vulnerable to CSRFs that can be exploited to allow an attacker to
perform changes with administrator level privileges.
|
1Ate Mahoroba 3Maho Pbx Netdevancer Firmware Maho Pbx Netdevancer Mobilegate FirmwareMaho Pbx Netdevancer Vsg FirmwareJun 17, 2026 Jan 17, 2023 N/A· v4 8.1 HIGH· v3 N/A· v2 Cross-site request forgery (CSRF) vulnerability in MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX NetDevancer VSG Lite/Uni prior to Ver.1.11.00, and MAHO-PBX NetDevancer MobileGate Home/Office pri...Show more |
Cross-Site Request Forgery (CSRF) in MiKa's OSM – OpenStreetMap plugin <= 6.0.1 versions. |
Two legacy REST API endpoints for approval and request access are vulnerable to cross site request forgery. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.
|
Tiki through 25.0 allows CSRF attacks that are related to tiki-importer.php and tiki-import_sheet.php. |
The Mediamatic – Media Library Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.8.1. This is due to missing or incorrect nonce validation on its AJAX actions fu...Show more |