CWE-352
9,364 CVEs • Abstraction: Compound • Likelihood of Exploit: Medium
Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
CVEs (9,364)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Dolibarr Project Timesheet Project 1Dolibarr Project Timesheet Jun 17, 2026 Dec 27, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A vulnerability was found in dolibarr_project_timesheet up to 4.5.5. It has been declared as problematic. This vulnerability affects unknown code of the component Form Handler. The manipulation leads to cross-site reques...Show more |
1Moodle Block Sitenews Project 1Moodle Block Sitenews Jun 17, 2026 Dec 27, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A vulnerability was found in moodle-block_sitenews 1.0. It has been classified as problematic. This affects the function get_content of the file block_sitenews.php. The manipulation leads to cross-site request forgery. I...Show more |
The console in Togglz before 2.9.4 allows CSRF. |
A Cross-Site Request Forgery (CSRF) vulnerability in the Add Administrator function of the default version of nbnbk allows attackers to arbitrarily add Administrator accounts. |
A vulnerability was found in destiny.gg chat. It has been rated as problematic. This issue affects the function websocket.Upgrader of the file main.go. The manipulation leads to cross-site request forgery. The attack may...Show more |
Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.5.4. |
1Pyambic Pentameter Project 1Pyambic Pentameter Jun 17, 2026 Dec 21, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 A vulnerability, which was classified as problematic, was found in katlings pyambic-pentameter. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack r...Show more |
1Auto Upload Images Project 1Auto Upload Images Jun 17, 2026 Dec 21, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 A vulnerability was found in Auto Upload Images up to 3.3.0 and classified as problematic. Affected by this issue is some unknown functionality of the file src/setting-page.php of the component Settings Handler. The mani...Show more |
A vulnerability, which was classified as problematic, was found in phpRedisAdmin up to 1.17.3. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack rem...Show more |
A vulnerability was found in Pengu. It has been declared as problematic. Affected by this vulnerability is the function runApp of the file src/index.js. The manipulation leads to cross-site request forgery. The attack ca...Show more |
A vulnerability was found in sah-comp bienlein and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The na...Show more |
1Popup Manager Project 1Popup Manager Jun 17, 2026 Dec 19, 2022 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Popup Manager WordPress plugin through 1.6.6 does not have authorisation and CSRF check when creating/updating popups, and is missing sanitisation as well as escaping, which could allow unauthenticated attackers to c...Show more |
1Popup Manager Project 1Popup Manager Jun 17, 2026 Dec 19, 2022 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Popup Manager WordPress plugin through 1.6.6 does not have authorisation and CSRF checks when deleting popups, which could allow unauthenticated users to delete them |
The Registration Forms WordPress plugin before 3.8.1.3 does not have authorisation and CSRF when deleting users via an init action handler, allowing unauthenticated attackers to delete arbitrary users (along with their p...Show more |
1Wp English Wp Admin Project 1Wp English Wp Admin Jun 17, 2026 Dec 18, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 A vulnerability classified as problematic was found in wp-english-wp-admin Plugin up to 1.5.1. Affected by this vulnerability is the function register_endpoints of the file english-wp-admin.php. The manipulation leads to...Show more |
A vulnerability classified as problematic has been found in University of Central Florida Materia up to 9.0.0. This affects the function before of the file fuel/app/classes/controller/api.php of the component API Control...Show more |
The Corner Ad plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.56. This is due to missing or incorrect nonce validation on its corner_ad_settings_page function. This...Show more |
1Helmet Store Showroom Project 1Helmet Store Showroom Jun 17, 2026 Dec 14, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Helmet Store Showroom 1.0 is vulnerable to Cross Site Request Forgery (CSRF). An unauthenticated user can add an admin account due to missing CSRF protection. |
1Gym Management System Project 1Gym Management System Jun 17, 2026 Dec 13, 2022 N/A· v4 4.5 MEDIUM· v3 N/A· v2 Gym Management System v0.0.1 is vulnerable to Cross Site Request Forgery (CSRF). |
AeroCMS v0.0.1 is vulnerable to Cross Site Request Forgery (CSRF). |