Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,363)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-3632 1Digitialpixies 1Oauth Client Jun 17, 2026 Nov 14, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 The OAuth Client by DigitialPixies WordPress plugin through 1.1.0 does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions.
CVE-2022-3538 1Webmaster Tools Verification Project 1Webmaster Tools Verification Jun 17, 2026 Nov 14, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 The Webmaster Tools Verification WordPress plugin through 1.2 does not have authorisation and CSRF checks when disabling plugins, allowing unauthenticated users to disable arbitrary plugins
CVE-2022-2449 1Resmush.it 1Resmush.it Image Optimizer Jun 17, 2026 Nov 14, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 The reSmush.it : the only free Image Optimizer & compress plugin WordPress plugin before 0.4.4 does not perform CSRF checks for any of its AJAX actions, allowing an attackers to trick logged in users to perform various a...Show more The reSmush.it : the only free Image Optimizer & compress plugin WordPress plugin before 0.4.4 does not perform CSRF checks for any of its AJAX actions, allowing an attackers to trick logged in users to perform various actions on their behalf on the site.Show less
CVE-2022-3978 1Nodebb 1Nodebb Jun 17, 2026 Nov 13, 2022 N/A· v4 4.3 MEDIUM· v3 N/A· v2 A vulnerability, which was classified as problematic, was found in NodeBB up to 2.5.7. This affects an unknown part of the file /register/abort. The manipulation leads to cross-site request forgery. It is possible to ini...Show more A vulnerability, which was classified as problematic, was found in NodeBB up to 2.5.7. This affects an unknown part of the file /register/abort. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 2.5.8 is able to address this issue. The name of the patch is 2f9d8c350e54543f608d3d4c8e1a49bbb6cdea38. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-213555.Show less
CVE-2022-45130 1Plesk 1Obsidian Jun 17, 2026 Nov 10, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Plesk Obsidian allows a CSRF attack, e.g., via the /api/v2/cli/commands REST API to change an Admin password. NOTE: Obsidian is a specific version of the Plesk product: version numbers were used through version 12, and t...Show more Plesk Obsidian allows a CSRF attack, e.g., via the /api/v2/cli/commands REST API to change an Admin password. NOTE: Obsidian is a specific version of the Plesk product: version numbers were used through version 12, and then the convention was changed so that versions are identified by names ("Obsidian"), not numbers.Show less
CVE-2022-43031 1Dedecms 1Dedecms Jun 17, 2026 Nov 9, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 DedeCMS v6.1.9 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add Administrator accounts and modify Admin passwords.
CVE-2022-43488 1Algolplus 1Advanced Dynamic Pricing For Woocommerce Jun 17, 2026 Nov 9, 2022 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.5 on WordPress leading to rule type migration.
CVE-2022-44741 1Slidervilla 1Testimonial Slider Jun 17, 2026 Nov 8, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS) in David Anderson Testimonial Slider plugin <= 1.3.1 on WordPress.
CVE-2022-43491 1Algolplus 1Advanced Dynamic Pricing For Woocommerce Jun 17, 2026 Nov 8, 2022 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.5 on WordPress leading to plugin settings import.
CVE-2022-43481 1Rymera 1Advanced Coupons Jun 17, 2026 Nov 8, 2022 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Advanced Coupons for WooCommerce Coupons plugin <= 4.5 on WordPress leading to notice dismissal.
CVE-2022-41136 1Getshortcodes 1Shortcodes Ultimate Jun 17, 2026 Nov 8, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in Vladimir Anokhin's Shortcodes Ultimate plugin <= 5.12.0 on WordPress.
CVE-2022-40632 1Gvectors 1Wpforo Forum Jun 17, 2026 Nov 8, 2022 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team wpForo Forum plugin <= 2.0.5 on WordPress leading to topic deletion.
CVE-2022-40128 1Algolplus 1Advanced Order Export For Woocommerce Jun 17, 2026 Nov 8, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Advanced Order Export For WooCommerce plugin <= 3.3.2 on WordPress leading to export file download.
CVE-2022-38137 1Analytify 1Analytify Google Analytics Dashboard Jun 17, 2026 Nov 8, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Analytify plugin <= 4.2.2 on WordPress.
CVE-2022-32587 1Codeandmore 1Wp Page Widget Jun 17, 2026 Nov 8, 2022 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in CodeAndMore WP Page Widget plugin <= 3.9 on WordPress leading to plugin settings change.
CVE-2022-27855 1Fatcatapps 1Analytics Cat Jun 17, 2026 Nov 8, 2022 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Fatcat Apps Analytics Cat plugin <= 1.0.9 on WordPress allows Plugin Settings Change.
CVE-2022-30694 1Siemens 1136ag1151 8ab01 7ab0 Firmware 6ag1151 8fb01 2ab0 Firmware6ag1314 6eh04 7ab0 Firmware+110 more Jun 17, 2026 Nov 8, 2022 N/A· v4 3.5 LOW· v3 N/A· v2 The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forge...Show more The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack.Show less
CVE-2022-3537 1Addify 1Role Based Pricing For Woocommerce Jun 17, 2026 Nov 7, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 The Role Based Pricing for WooCommerce WordPress plugin before 1.6.2 does not have authorisation and proper CSRF checks, and does not validate files to be uploaded, allowing any authenticated users like subscriber to upl...Show more The Role Based Pricing for WooCommerce WordPress plugin before 1.6.2 does not have authorisation and proper CSRF checks, and does not validate files to be uploaded, allowing any authenticated users like subscriber to upload arbitrary files, such as PHPShow less
CVE-2022-3536 1Addify 1Role Based Pricing For Woocommerce Jun 17, 2026 Nov 7, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 The Role Based Pricing for WooCommerce WordPress plugin before 1.6.3 does not have authorisation and proper CSRF checks, as well as does not validate path given via user input, allowing any authenticated users like subsc...Show more The Role Based Pricing for WooCommerce WordPress plugin before 1.6.3 does not have authorisation and proper CSRF checks, as well as does not validate path given via user input, allowing any authenticated users like subscriber to perform PHAR deserialization attacks when they can upload a file, and a suitable gadget chain is present on the blogShow less
CVE-2022-3489 1Weberge 1Wp Hide Jun 17, 2026 Nov 7, 2022 N/A· v4 5.3 MEDIUM· v3 N/A· v2 The WP Hide WordPress plugin through 0.0.2 does not have authorisation and CSRF checks in place when updating the custom_wpadmin_slug settings, allowing unauthenticated attackers to update it with a crafted request

Previous 1...269270271...469 Next