Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,362)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-2387 1Awesomemotive 1Easy Digital Downloads Jun 17, 2026 Nov 7, 2022 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Easy Digital Downloads WordPress plugin before 3.0 does not have CSRF check in place when deleting payment history, and does not ensure that the post to be deleted is actually a payment history. As a result, attacker...Show more The Easy Digital Downloads WordPress plugin before 3.0 does not have CSRF check in place when deleting payment history, and does not ensure that the post to be deleted is actually a payment history. As a result, attackers could make a logged in admin delete arbitrary post via a CSRF attackShow less
CVE-2022-38660 1Hcltech 1Domino Jun 17, 2026 Nov 4, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 HCL XPages applications are susceptible to a Cross Site Request Forgery (CSRF) vulnerability. An unauthenticated attacker could exploit this vulnerability to perform actions in the application on behalf of the logged in...Show more HCL XPages applications are susceptible to a Cross Site Request Forgery (CSRF) vulnerability. An unauthenticated attacker could exploit this vulnerability to perform actions in the application on behalf of the logged in user. Show less
CVE-2022-20961 1Cisco 1Identity Services Engine Jun 17, 2026 Nov 4, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary ac...Show more A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device with the privileges of the target user.Show less
CVE-2022-44627 1Coleds 1Simple Seo Jun 17, 2026 Nov 3, 2022 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple SEO plugin <= 1.8.12 on WordPress allows attackers to create or delete sitemaps.
CVE-2022-40131 1A3rev 1Page View Count Jun 17, 2026 Nov 3, 2022 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in a3rev Software Page View Count plugin <= 2.5.5 on WordPress allows an attacker to reset the plugin settings.
CVE-2022-36404 1Coleds 1Simple Seo Jun 17, 2026 Nov 3, 2022 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple SEO (WordPress plugin) plugin <= 1.8.12 versions.
CVE-2022-30608 1Ibm 1Infosphere Information Server Jun 17, 2026 Nov 3, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 "IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a "user that the website trusts. IBM X-Forc...Show more "IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a "user that the website trusts. IBM X-Force ID: 227295.Show less
CVE-2022-25952 1Keywordrush 1Content Egg Jun 17, 2026 Nov 3, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Keywordrush Content Egg plugin <= 5.4.0 on WordPress.
CVE-2022-42751 1Auieo 1Candidats Jun 17, 2026 Nov 3, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 CandidATS version 3.0.0 allows an external attacker to elevate privileges in the application. This is possible because the application suffers from CSRF. This allows to persuade an administrator to create a new account w...Show more CandidATS version 3.0.0 allows an external attacker to elevate privileges in the application. This is possible because the application suffers from CSRF. This allows to persuade an administrator to create a new account with administrative permissions.Show less
CVE-2022-3852 1Vr Calendar Project 1Vr Calendar Jun 17, 2026 Nov 3, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 The VR Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.3. This is due to missing or incorrect nonce validation on several functions. This makes it possible...Show more The VR Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.3. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to delete, and modify calendars as well as the plugin settings, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2022-3776 1Oracle 1Restaurant Menu Food Ordering System Table Reservation Jun 17, 2026 Nov 3, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.1. This is due to missing or incorrect nonce validatio...Show more The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.1. This is due to missing or incorrect nonce validation on several functions called via AJAX actions such as forms_action, set_option, & chosen_options to name a few . This makes it possible for unauthenticated attackers to perform a variety of administrative actions like modifying forms, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2022-40291 1Phppointofsale 1Php Point Of Sale Jun 17, 2026 Oct 31, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 The application was vulnerable to Cross-Site Request Forgery (CSRF) attacks, allowing an attacker to coerce users into sending malicious requests to the site to delete their account, or in rare circumstances, hijack the...Show more The application was vulnerable to Cross-Site Request Forgery (CSRF) attacks, allowing an attacker to coerce users into sending malicious requests to the site to delete their account, or in rare circumstances, hijack their account and create other admin accounts. Show less
CVE-2022-3419 1Addify 1Automatic User Roles Switcher Jun 17, 2026 Oct 31, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 The Automatic User Roles Switcher WordPress plugin before 1.1.2 does not have authorisation and proper CSRF checks, allowing any authenticated users like subscriber to add any role to themselves, such as administrator
CVE-2022-40488 1Processwire 1Processwire Jun 17, 2026 Oct 31, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 ProcessWire v3.0.200 was discovered to contain a Cross-Site Request Forgery (CSRF).
CVE-2022-43340 1Dzzoffice 1Dzzoffice Jun 17, 2026 Oct 27, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 A Cross-Site Request Forgery (CSRF) in dzzoffice 2.02.1_SC_UTF8 allows attackers to arbitrarily create user accounts and grant Administrator rights to regular users.
CVE-2022-41996 1Theme Fusion 1Avada Jun 17, 2026 Oct 27, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada premium theme versions <= 7.8.1 on WordPress leading to arbitrary plugin installation/activation.
CVE-2022-2762 1Adminpad Project 1Adminpad Jun 17, 2026 Oct 25, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 The AdminPad WordPress plugin before 2.2 does not have CSRF check when updating admin's note, allowing attackers to make a logged in admin update their notes via a CSRF attack
CVE-2022-42199 1Simple Exam Reviewer Management System Project 1Simple Exam Reviewer Management System Jun 17, 2026 Oct 20, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Simple Exam Reviewer Management System v1.0 is vulnerable to Cross Site Request Forgery (CSRF) via the Exam List.
CVE-2022-43418 1Jenkins 1Katalon Jun 17, 2026 Oct 19, 2022 N/A· v4 4.3 MEDIUM· v3 N/A· v2 A cross-site request forgery (CSRF) vulnerability in Jenkins Katalon Plugin 1.0.33 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another me...Show more A cross-site request forgery (CSRF) vulnerability in Jenkins Katalon Plugin 1.0.33 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.Show less
CVE-2022-43408 1Jenkins 1Pipeline\ Jun 17, 2026 Oct 19, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Jenkins Pipeline: Stage View Plugin 2.26 and earlier does not correctly encode the ID of 'input' steps when using it to generate URLs to proceed or abort Pipeline builds, allowing attackers able to configure Pipelines to...Show more Jenkins Pipeline: Stage View Plugin 2.26 and earlier does not correctly encode the ID of 'input' steps when using it to generate URLs to proceed or abort Pipeline builds, allowing attackers able to configure Pipelines to specify 'input' step IDs resulting in URLs that would bypass the CSRF protection of any target URL in Jenkins.Show less

Previous 1...270271272...469 Next