Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,364)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-43470 1Fsi 4Fs020w Firmware Fs030w FirmwareFs040u Firmware+1 more Jun 17, 2026 Dec 5, 2022 N/A· v4 7.3 HIGH· v3 N/A· v2 Cross-site request forgery (CSRF) vulnerability in +F FS040U software versions v2.3.4 and earlier, +F FS020W software versions v4.0.0 and earlier, +F FS030W software versions v3.3.5 and earlier, and +F FS040W software ve...Show more Cross-site request forgery (CSRF) vulnerability in +F FS040U software versions v2.3.4 and earlier, +F FS020W software versions v4.0.0 and earlier, +F FS030W software versions v3.3.5 and earlier, and +F FS040W software versions v1.4.1 and earlier allows an adjacent attacker to hijack the authentication of an administrator and user's unintended operations such as to reboot the product and/or reset the configuration to the initial set-up may be performed.Show less
CVE-2022-35730 1Oceanwp 1Sticky Header Jun 17, 2026 Dec 4, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Oceanwp sticky header plugin <= 1.0.8 on WordPress.
CVE-2022-4220 1Kibokolabs 1Chained Quiz Jun 17, 2026 Dec 2, 2022 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the list_questions() function. This makes it possibl...Show more The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the list_questions() function. This makes it possible for unauthenticated attackers to delete questions from quizzes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2022-4219 1Kibokolabs 1Chained Quiz Jun 17, 2026 Dec 2, 2022 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the manage() function. This makes it possible for un...Show more The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the manage() function. This makes it possible for unauthenticated attackers to delete submitted quiz responses via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2022-4218 1Kibokolabs 1Chained Quiz Jun 17, 2026 Dec 2, 2022 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the list_quizzes() function. This makes it possible...Show more The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the list_quizzes() function. This makes it possible for unauthenticated attackers to delete quizzes and copy quizzes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2022-45668 1Tenda 1I22 Firmware Jun 17, 2026 Dec 2, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Tenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot.
CVE-2022-45667 1Tenda 1I22 Firmware Jun 17, 2026 Dec 2, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Tenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet.
CVE-2022-45674 1Tenda 1Ac6 Firmware Jun 17, 2026 Dec 2, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot.
CVE-2022-45673 1Tenda 1Ac6 Firmware Jun 17, 2026 Dec 2, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet.
CVE-2022-41297 1Ibm 3Db2 On Cloud Pak For Data Db2 Warehouse On Cloud Pak For DataDb2u Jun 17, 2026 Dec 1, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 237212...Show more IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 237212.Show less
CVE-2022-40489 1Thinkcmf 1Thinkcmf Jun 17, 2026 Dec 1, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 ThinkCMF version 6.0.7 is affected by a Cross Site Request Forgery (CSRF) vulnerability that allows a Super Administrator user to be injected into administrative users.
CVE-2022-26366 1Adrotate Banner Manager Project 1Adrotate Banner Manager Jun 17, 2026 Nov 30, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) in AdRotate Banner Manager Plugin <= 5.9 on WordPress.
CVE-2022-41413 1Perfsonar 1Perfsonar Jun 17, 2026 Nov 30, 2022 N/A· v4 4.3 MEDIUM· v3 N/A· v2 perfSONAR v4.x <= v4.4.5 was discovered to contain a Cross-Site Request Forgery (CSRF) which is triggered when an attacker injects crafted input into the Search function.
CVE-2022-3898 1Tipsandtricks Hq 1Wp Affiliate Platform Jun 17, 2026 Nov 29, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 The WP Affiliate Platform plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.3.9. This is due to missing or incorrect nonce validation on various functions including the...Show more The WP Affiliate Platform plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.3.9. This is due to missing or incorrect nonce validation on various functions including the affiliates_menu method. This makes it possible for unauthenticated attackers to delete affiliate records, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2022-3747 1Muffingroup 1Becustom Jun 17, 2026 Nov 29, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 The Becustom plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.5.2. This is due to missing nonce validation when saving the plugin's settings. This makes it possible f...Show more The Becustom plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.5.2. This is due to missing nonce validation when saving the plugin's settings. This makes it possible for unauthenticated attackers to update the plugin's settings like betheme_url_slug, replaced_theme_author, and betheme_label to name a few, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2022-44937 1Bosscms 1Bosscms Jun 17, 2026 Nov 28, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Bosscms v2.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Add function under the Administrator List module.
CVE-2022-34654 1Freeamigos 1Manage Notification E Mails Jun 17, 2026 Nov 28, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) in Virgial Berveling's Manage Notification E-mails plugin <= 1.8.2 on WordPress.
CVE-2022-23044 1Prasathmani 1Tiny File Manager Jun 17, 2026 Nov 25, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to persuade users to perform unintended actions within the application. This is possible because the application is vulnerable to CSRF.
CVE-2022-4090 1Stock Management System Project 1Stock Management System Jun 17, 2026 Nov 24, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 A vulnerability was found in rickxy Stock Management System and classified as problematic. This issue affects some unknown processing of the file us_transac.php?action=add. The manipulation leads to cross-site request fo...Show more A vulnerability was found in rickxy Stock Management System and classified as problematic. This issue affects some unknown processing of the file us_transac.php?action=add. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214331.Show less
CVE-2021-29334 1Jizhicms 1Jizhicms Jun 17, 2026 Nov 23, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 An issue was discovered in JIZHI CMS 1.9.4. There is a CSRF vulnerability that can add an admin account via index, /admin.php/Admin/adminadd.html

Previous 1...266267268...469 Next