Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,364)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-41615 1Agilelogix 1Store Locator Jun 17, 2026 Nov 18, 2022 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in Store Locator plugin <= 1.4.5 on WordPress.
CVE-2022-40695 1Clogica 1Seo Redirection Jun 17, 2026 Nov 18, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Multiple Cross-Site Scripting (CSRF) vulnerabilities in SEO Redirection Plugin plugin <= 8.9 on WordPress.
CVE-2022-41805 1Booster 1Booster For Woocommerce Jun 17, 2026 Nov 18, 2022 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Booster for WooCommerce plugin <= 5.6.6 on WordPress.
CVE-2022-40687 1Constantcontact 1Creative Mail Jun 17, 2026 Nov 18, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Creative Mail plugin <= 1.5.4 on WordPress.
CVE-2022-40686 1Constantcontact 1Creative Mail Jun 17, 2026 Nov 18, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Creative Mail plugin <= 1.5.4 on WordPress.
CVE-2022-38075 1Webartesanal 1Mantenimiento Web Jun 17, 2026 Nov 18, 2022 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in Mantenimiento web plugin <= 0.13 on WordPress.
CVE-2022-40192 1Gvectors 1Wpforo Forum Jun 17, 2026 Nov 17, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in wpForo Forum plugin <= 2.0.9 on WordPress.
CVE-2022-45072 1Wpml 1Wpml Jun 17, 2026 Nov 17, 2022 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in WPML Multilingual CMS premium plugin <= 4.5.13 on WordPress.
CVE-2022-45071 1Wpml 1Wpml Jun 17, 2026 Nov 17, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in WPML Multilingual CMS premium plugin <= 4.5.13 on WordPress.
CVE-2022-42246 1Duofoxtechnologies 1Duofox Cms Jun 17, 2026 Nov 17, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Doufox 0.0.4 contains a CSRF vulnerability that can add system administrator account.
CVE-2022-4021 1Permalink Manager Lite Project 1Permalink Manager Lite Jun 17, 2026 Nov 16, 2022 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Permalink Manager Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.2.20.1. This is due to missing or incorrect nonce validation on the extra_actions function....Show more The Permalink Manager Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.2.20.1. This is due to missing or incorrect nonce validation on the extra_actions function. This makes it possible for unauthenticated attackers to change plugin settings including permalinks and site maps, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2022-4014 1Feehi 1Feehicms Jun 17, 2026 Nov 16, 2022 N/A· v4 4.3 MEDIUM· v3 N/A· v2 A vulnerability, which was classified as problematic, has been found in FeehiCMS. Affected by this issue is some unknown functionality of the component Post My Comment Tab. The manipulation leads to cross-site request fo...Show more A vulnerability, which was classified as problematic, has been found in FeehiCMS. Affected by this issue is some unknown functionality of the component Post My Comment Tab. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The identifier of this vulnerability is VDB-213788.Show less
CVE-2022-4013 1Hospital Management Center Project 1Hospital Management Center Jun 17, 2026 Nov 16, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 A vulnerability classified as problematic was found in Hospital Management Center. Affected by this vulnerability is an unknown functionality of the file appointment.php. The manipulation leads to cross-site request forg...Show more A vulnerability classified as problematic was found in Hospital Management Center. Affected by this vulnerability is an unknown functionality of the file appointment.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-213787.Show less
CVE-2022-45398 1Jenkins 1Cluster Statistics Jun 17, 2026 Nov 15, 2022 N/A· v4 4.3 MEDIUM· v3 N/A· v2 A cross-site request forgery (CSRF) vulnerability in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics.
CVE-2022-45393 1Jenkins 1Delete Log Jun 17, 2026 Nov 15, 2022 N/A· v4 3.5 LOW· v3 N/A· v2 A cross-site request forgery (CSRF) vulnerability in Jenkins Delete log Plugin 1.0 and earlier allows attackers to delete build logs.
CVE-2022-3240 1Follow Me Plugin Project 1Follow Me Plugin Jun 17, 2026 Nov 15, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 The "Follow Me Plugin" plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1.1. This is due to missing nonce validation on the FollowMeIgniteSocialMedia_options_page() fun...Show more The "Follow Me Plugin" plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1.1. This is due to missing nonce validation on the FollowMeIgniteSocialMedia_options_page() function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2022-35613 1Konker 1Konker Platform Jun 17, 2026 Nov 15, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Konker v2.3.9 was to discovered to contain a Cross-Site Request Forgery (CSRF).
CVE-2022-44389 1Eyoucms 1Eyoucms Jun 17, 2026 Nov 14, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Edit Admin Profile module. This vulnerability allows attackers to arbitrarily change Administrator account information.
CVE-2022-44387 1Eyoucms 1Eyoucms Jun 17, 2026 Nov 14, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Basic Information component under the Edit Member module.
CVE-2022-43323 1Eyoucms 1Eyoucms Jun 17, 2026 Nov 14, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Top Up Balance component under the Edit Member module.

Previous 1...268269270...469 Next