← Back
CWE-352

9,364 CVEs • Abstraction: Compound • Likelihood of Exploit: Medium

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

JSON object

Loading...

CVEs (9,364)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
1Jenkins
1Jira Pipeline Steps
Jun 17, 2026
Jan 26, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
A cross-site request forgery (CSRF) vulnerability in Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs...Show more
A cross-site request forgery (CSRF) vulnerability in Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.Show less
1Jenkins
1Github Pull Request Builder
Jun 17, 2026
Jan 26, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
A cross-site request forgery (CSRF) vulnerability in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtaine...Show more
A cross-site request forgery (CSRF) vulnerability in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.Show less
1Jenkins
1Orka By Macstadium
Jun 17, 2026
Jan 26, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
A cross-site request forgery (CSRF) vulnerability in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained t...Show more
A cross-site request forgery (CSRF) vulnerability in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.Show less
1Jenkins
1Bitbucket Oauth
Jun 17, 2026
Jan 26, 2023
N/A· v4
5.7 MEDIUM· v3
N/A· v2
A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket OAuth Plugin 0.12 and earlier allows attackers to trick users into logging in to the attacker's account.
1Jenkins
1Gerrit Trigger
Jun 17, 2026
Jan 26, 2023
N/A· v4
6.5 MEDIUM· v3
N/A· v2
A cross-site request forgery (CSRF) vulnerability in Jenkins Gerrit Trigger Plugin 2.38.0 and earlier allows attackers to rebuild previous builds triggered by Gerrit.
1Edgenexus
1Application Delivery Controller
Jun 17, 2026
Jan 23, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
A Cross-Site Request Forgery (CSRF) in the management portal of JetNexus/EdgeNexus ADC 4.2.8 allows attackers to escalate privileges and execute arbitrary code via unspecified vectors.
1Imageseo
1Optimize Images Alt Text (alt Tag) & Names For Seo Using Ai
Jun 17, 2026
Jan 23, 2023
N/A· v4
6.5 MEDIUM· v3
N/A· v2
The Optimize images ALT Text & names for SEO using AI WordPress plugin before 2.0.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CS...Show more
The Optimize images ALT Text & names for SEO using AI WordPress plugin before 2.0.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack.Show less
1Modoboa
1Modoboa
Jun 17, 2026
Jan 23, 2023
N/A· v4
6.5 MEDIUM· v3
N/A· v2
Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4.
1Modoboa
1Modoboa
Jun 17, 2026
Jan 19, 2023
N/A· v4
4.3 MEDIUM· v3
N/A· v2
Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4.
1Warfareplugins
1Social Warfare
Jun 17, 2026
Jan 19, 2023
N/A· v4
5.4 MEDIUM· v3
N/A· v2
The Social Warfare plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.3.1. This is due to missing or incorrect nonce validation on several AJAX actions. This makes it pos...Show more
The Social Warfare plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.3.1. This is due to missing or incorrect nonce validation on several AJAX actions. This makes it possible for unauthenticated attackers to delete post meta information and reset network access tokens, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
1Modoboa
1Modoboa
Jun 17, 2026
Jan 19, 2023
N/A· v4
6.5 MEDIUM· v3
N/A· v2
Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4.
1Kunalnagar
1Custom 404 Pro
Jun 17, 2026
Jan 18, 2023
N/A· v4
4.3 MEDIUM· v3
N/A· v2
The Custom 404 Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.7.1. This is due to missing or incorrect nonce validation on the custom_404_pro_admin_init function....Show more
The Custom 404 Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.7.1. This is due to missing or incorrect nonce validation on the custom_404_pro_admin_init function. This makes it possible for unauthenticated attackers to delete logs, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
1Sewio
1Real Time Location System Studio
Jun 17, 2026
Jan 18, 2023
N/A· v4
8.1 HIGH· v3
N/A· v2
Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 is vulnerable to cross-site request forgery in its monitor services. An attacker could take advantage of this vulnerability...Show more
Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 is vulnerable to cross-site request forgery in its monitor services. An attacker could take advantage of this vulnerability to execute arbitrary maintenance operations and cause a denial-of-service condition. Show less
1Sewio
1Real Time Location System Studio
Jun 17, 2026
Jan 18, 2023
N/A· v4
8.1 HIGH· v3
N/A· v2
Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 is vulnerable to cross-site request forgery in its backup services. An attacker could take advantage of this vulnerability t...Show more
Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 is vulnerable to cross-site request forgery in its backup services. An attacker could take advantage of this vulnerability to execute arbitrary backup operations and cause a denial-of-service condition. Show less
1Panasonic
5Vcc Hd2100p Firmware
Vcc Hd3100p FirmwareVcc Hd3300 Firmware+2 more
Jun 17, 2026
Jan 17, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Panasonic Sanyo CCTV Network Cameras versions 1.02-05 and 2.03-0x are vulnerable to CSRFs that can be exploited to allow an attacker to perform changes with administrator level privileges.
1Ate Mahoroba
3Maho Pbx Netdevancer Firmware
Maho Pbx Netdevancer Mobilegate FirmwareMaho Pbx Netdevancer Vsg Firmware
Jun 17, 2026
Jan 17, 2023
N/A· v4
8.1 HIGH· v3
N/A· v2
Cross-site request forgery (CSRF) vulnerability in MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX NetDevancer VSG Lite/Uni prior to Ver.1.11.00, and MAHO-PBX NetDevancer MobileGate Home/Office pri...Show more
Cross-site request forgery (CSRF) vulnerability in MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX NetDevancer VSG Lite/Uni prior to Ver.1.11.00, and MAHO-PBX NetDevancer MobileGate Home/Office prior to Ver.1.11.00 allows a remote unauthenticated attacker to hijack the user authentication and conduct user's unintended operations by having a user to view a malicious page while logged in.Show less
1Hyumika
1Openstreetmap
Jun 17, 2026
Jan 17, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) in MiKa's OSM – OpenStreetMap plugin <= 6.0.1 versions.
1Apache
1Superset
Jun 17, 2026
Jan 16, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Two legacy REST API endpoints for approval and request access are vulnerable to cross site request forgery. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.
1Tiki
1Tiki
Jun 17, 2026
Jan 14, 2023
N/A· v4
6.5 MEDIUM· v3
N/A· v2
Tiki through 25.0 allows CSRF attacks that are related to tiki-importer.php and tiki-import_sheet.php.
1Frenify
1Mediamatic
Jun 17, 2026
Jan 13, 2023
N/A· v4
4.3 MEDIUM· v3
N/A· v2
The Mediamatic – Media Library Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.8.1. This is due to missing or incorrect nonce validation on its AJAX actions fu...Show more
The Mediamatic – Media Library Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.8.1. This is due to missing or incorrect nonce validation on its AJAX actions function. This makes it possible for unauthenticated attackers to change image categories used by the plugin, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less