CWE-352
9,364 CVEs • Abstraction: Compound • Likelihood of Exploit: Medium
Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
CVEs (9,364)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
Rumpus - FTP server version 9.0.7.1 Cross-site request forgery (CSRF) – vulnerability may allow unauthorized action on behalf of authenticated users. |
Rumpus - FTP server Cross-site request forgery (CSRF) – Privilege escalation vulnerability that may allow privilege escalation. |
1Royal Elementor Addons 1Royal Elementor Addons Jun 17, 2026 Jan 10, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 The Royal Elementor Addons plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.59. This is due to missing nonce validation in the 'wpr_create_mega_menu_template' AJAX fu...Show more |
1Royal Elementor Addons 1Royal Elementor Addons Jun 17, 2026 Jan 9, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorisation and CSRF checks when creating a template, and does not ensure that the post created is a template. This could allow any authenticated...Show more |
1Royal Elementor Addons 1Royal Elementor Addons Jun 17, 2026 Jan 9, 2023 N/A· v4 3.1 LOW· v3 N/A· v2 The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorization and CSRF checks when deleting a template and does not ensure that the post to be deleted is a template. This could allow any authentic...Show more |
Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. It is possible to make a user send any POST request with an arbitrary body given they clic...Show more |
1Swifty Page Manager Project 1Swifty Page Manager Jun 17, 2026 Jan 5, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 The Swifty Page Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.1. This is due to missing or incorrect nonce validation on several AJAX actions handling page...Show more |
1Crocoblock 1Jetwidgets For Elementor Jun 17, 2026 Jan 5, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 The JetWidgets for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.12. This is due to missing nonce validation on the save() function. This makes it possib...Show more |
A vulnerability classified as problematic has been found in OpenACS bug-tracker. Affected is an unknown function of the file lib/nav-bar.adp of the component Search. The manipulation leads to cross-site request forgery....Show more |
CKEditor Integration UI adds support for editing wiki pages using CKEditor. Prior to versions 1.64.3,t he `CKEditor.HTMLConverter` document lacked a protection against Cross-Site Request Forgery (CSRF), allowing to execu...Show more |
IBM Business Automation Workflow 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, and 22.0.1 is vulnerable to cross-site request forgery which could allow an attacker to ex...Show more |
The iubenda WordPress plugin before 3.3.3 does does not have authorisation and CSRF in an AJAX action, and does not ensure that the options to be updated belong to the plugin as long as they are arrays. As a result, any...Show more |
A vulnerability was found in valtech IDP Test Client and classified as problematic. Affected by this issue is some unknown functionality of the file python-flask/main.py. The manipulation leads to cross-site request forg...Show more |
Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 2.0.0-beta1. |
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1. |
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1. |
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1. |
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1. |
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1. |
CSRF tokens are generated using math/rand, which is not a cryptographically secure random number generator, allowing an attacker to predict values and bypass CSRF protections with relatively few requests. |