Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,362)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-3024 1Simple Bitcoin Faucets Project 1Simple Bitcoin Faucets Jun 17, 2026 Sep 26, 2022 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The Simple Bitcoin Faucets WordPress plugin through 1.7.0 does not have any authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscribers to call it and add/delete/edit Bonds. Furthermor...Show more The Simple Bitcoin Faucets WordPress plugin through 1.7.0 does not have any authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscribers to call it and add/delete/edit Bonds. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issuesShow less
CVE-2022-2987 1Ldap Wp Login / Active Directory Integration Project 1Ldap Wp Login / Active Directory Integration Jun 17, 2026 Sep 26, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 The Ldap WP Login / Active Directory Integration WordPress plugin before 3.0.2 does not have any authorisation and CSRF checks when updating it's settings (which are hooked to the init action), allowing unauthenticated a...Show more The Ldap WP Login / Active Directory Integration WordPress plugin before 3.0.2 does not have any authorisation and CSRF checks when updating it's settings (which are hooked to the init action), allowing unauthenticated attackers to update them. Attackers could set their own LDAP server to be used to authenticated users, therefore bypassing the current authenticationShow less
CVE-2022-2405 1Themehunk 1Wp Popup Builder Jun 17, 2026 Sep 26, 2022 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The WP Popup Builder WordPress plugin before 1.2.9 does not have authorisation and CSRF check in an AJAX action, allowing any authenticated users, such as subscribers to delete arbitrary Popup
CVE-2021-24890 1Dplugins 1Scripts Organizer Jun 17, 2026 Sep 26, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 The Scripts Organizer WordPress plugin before 3.0 does not have capability and CSRF checks in the saveScript AJAX action, available to both unauthenticated and authenticated users, and does not validate user input in any...Show more The Scripts Organizer WordPress plugin before 3.0 does not have capability and CSRF checks in the saveScript AJAX action, available to both unauthenticated and authenticated users, and does not validate user input in any way, which could allow unauthenticated users to put arbitrary PHP code in a fileShow less
CVE-2022-40132 1Castos 1Seriously Simple Podcasting Jun 17, 2026 Sep 23, 2022 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Seriously Simple Podcasting plugin <= 2.16.0 at WordPress, leading to plugin settings change.
CVE-2022-38704 1Clogica 1Seo Redirection Jun 17, 2026 Sep 23, 2022 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in SEO Redirection plugin <= 8.9 at WordPress, leading to deletion of 404 errors and redirection history.
CVE-2022-38454 1Kraken 1Kraken.io Image Optimizer Jun 17, 2026 Sep 23, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Kraken.io Image Optimizer plugin <= 2.6.5 at WordPress.
CVE-2022-38079 1Backup Scheduler Project 1Backup Scheduler Jun 17, 2026 Sep 23, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability Backup Scheduler plugin <= 1.5.13 at WordPress.
CVE-2022-38470 1Cusrev 1Customer Reviews For Woocommerce Jun 17, 2026 Sep 23, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress.
CVE-2022-36417 13d Tag Cloud Project 13d Tag Cloud Jun 17, 2026 Sep 23, 2022 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Multiple Stored Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in 3D Tag Cloud plugin <= 3.8 at WordPress.
CVE-2022-40671 1Blazzdev 1Rate My Post Wp Rating System Jun 17, 2026 Sep 23, 2022 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Rate my Post – WP Rating System plugin <= 3.3.4 at WordPress.
CVE-2022-38085 1Read More By Adam Project 1Read More By Adam Jun 17, 2026 Sep 23, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Read more By Adam plugin <= 1.1.8 at WordPress.
CVE-2022-36388 1Ydesignservices 1Yds Support Ticket System Jun 17, 2026 Sep 23, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in YDS Support Ticket System plugin <= 1.0 at WordPress.
CVE-2022-38095 1Algolplus 1Advanced Dynamic Pricing For Woocommerce Jun 17, 2026 Sep 23, 2022 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in AlgolPlus Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.3 at WordPress.
CVE-2022-36798 1Topdigitaltrends 1Mega Addons For Wpbakery Page Builder Jun 17, 2026 Sep 23, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Topdigitaltrends Mega Addons For WPBakery Page Builder plugin <= 4.2.7 at WordPress.
CVE-2022-3274 1Ikus Soft 1Rdiffweb Jun 17, 2026 Sep 22, 2022 N/A· v4 3.5 LOW· v3 N/A· v2 Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.7.
CVE-2022-3267 1Ikus Soft 1Rdiffweb Jun 17, 2026 Sep 22, 2022 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.6.
CVE-2022-3233 1Ikus Soft 1Rdiffweb Jun 17, 2026 Sep 21, 2022 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.6.
CVE-2022-40219 1Sedlex 1Favicon Switcher Jun 17, 2026 Sep 21, 2022 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in SedLex FavIcon Switcher plugin <= 1.2.11 at WordPress allows plugin settings change.
CVE-2022-41253 1Jenkins 1Cons3rt Jun 17, 2026 Sep 21, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 A cross-site request forgery (CSRF) vulnerability in Jenkins CONS3RT Plugin 1.0.0 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through ano...Show more A cross-site request forgery (CSRF) vulnerability in Jenkins CONS3RT Plugin 1.0.0 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.Show less

Previous 1...273274275...469 Next