Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,361)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-36546 1Hashenudara 1Edoc Doctor Appointment System Jun 17, 2026 Aug 26, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Edoc-doctor-appointment-system v1.0.1 was discovered to contain a Cross-Site Request Forgery (CSRF) via /patient/settings.php.
CVE-2022-31773 1Ibm 1Datapower Gateway Jun 17, 2026 Aug 26, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 IBM DataPower Gateway V10CD, 10.0.1, and 2018.4.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. I...Show more IBM DataPower Gateway V10CD, 10.0.1, and 2018.4.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 228357.Show less
CVE-2021-39394 1Mm Wiki Project 1Mm Wiki Jun 17, 2026 Aug 26, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 mm-wiki v0.2.1 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add user accounts and modify user information.
CVE-2022-36358 1Seoscout 1Seo Scout Jun 17, 2026 Aug 25, 2022 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in SEO Scout plugin <= 0.9.83 at WordPress allows attackers to trick users with administrative rights to unintentionally change the plugin settings.
CVE-2018-14519 1Getkirby 1Kirby Nov 21, 2024 Aug 24, 2022 N/A· v4 4.3 MEDIUM· v3 N/A· v2 An issue was discovered in Kirby 2.5.12. The delete page functionality suffers from a CSRF flaw. A remote attacker can craft a malicious CSRF page and force the user to delete a page.
CVE-2022-36389 1Wordplus 1Better Messages Jun 17, 2026 Aug 23, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in WordPlus Better Messages plugin <= 1.9.9.148 at WordPress.
CVE-2022-36379 1Yookassa 1Yukassa For Woocommerce Jun 17, 2026 Aug 23, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) leading to plugin settings update in YooMoney ЮKassa для WooCommerce plugin <= 2.3.0 at WordPress.
CVE-2022-36292 1Wpchill 1Gallery Photoblocks Jun 17, 2026 Aug 23, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerabilities in WPChill Gallery PhotoBlocks plugin <= 1.2.6 at WordPress.
CVE-2022-36288 1W3eden 1Download Manager Jun 17, 2026 Aug 23, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in W3 Eden Download Manager plugin <= 3.2.48 at WordPress.
CVE-2022-29468 1Wwbn 1Avideo Jun 17, 2026 Aug 22, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 A cross-site request forgery (CSRF) vulnerability exists in WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to increased privileges. An attacker can get an authenticated user to...Show more A cross-site request forgery (CSRF) vulnerability exists in WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to increased privileges. An attacker can get an authenticated user to send a crafted HTTP request to trigger this vulnerability.Show less
CVE-2022-36346 1Maxfoundry 1Maxbuttons Jun 17, 2026 Aug 22, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Max Foundry MaxButtons plugin <= 9.2 at WordPress.
CVE-2022-35656 1Pega 1Pega Platform Jun 17, 2026 Aug 22, 2022 N/A· v4 4.5 MEDIUM· v3 N/A· v2 Pega Platform from 8.3 to 8.7.3 vulnerability may allow authenticated security administrators to alter CSRF settings directly.
CVE-2022-34347 1W3eden 1Download Manager Jun 17, 2026 Aug 22, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in W3 Eden Download Manager plugin <= 3.2.48 at WordPress.
CVE-2022-2555 1Yotpo Reviews For Woocommerce Project 1Yotpo Reviews For Woocommerce Jun 17, 2026 Aug 22, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 The Yotpo Reviews for WooCommerce WordPress plugin through 2.0.4 lacks nonce check when updating its settings, which could allow attacker to make a logged in admin change them via a CSRF attack.
CVE-2022-2389 1Funnelkit 1Funnelkit Automations Jun 17, 2026 Aug 22, 2022 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Abandoned Cart Recovery for WooCommerce, Follow Up Emails, Newsletter Builder & Marketing Automation By Autonami WordPress plugin before 2.1.2 does not have authorisation and CSRF checks in one of its AJAX action, al...Show more The Abandoned Cart Recovery for WooCommerce, Follow Up Emails, Newsletter Builder & Marketing Automation By Autonami WordPress plugin before 2.1.2 does not have authorisation and CSRF checks in one of its AJAX action, allowing any authenticated users, such as subscriber to create automationsShow less
CVE-2022-2388 1Wow Company 1Wp Coder Jun 17, 2026 Aug 22, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 The WP Coder WordPress plugin before 2.5.3 does not have CSRF check in place when deleting code created by the plugin, which could allow attackers to make a logged in admin delete arbitrary ones via a CSRF attack
CVE-2022-2382 1Shapedplugin 1Product Slider For Woocommerce Jun 17, 2026 Aug 22, 2022 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Product Slider for WooCommerce WordPress plugin before 2.5.7 has flawed CSRF checks and lack authorisation in some of its AJAX actions, allowing any authenticated users, such as subscriber to call them. One in partic...Show more The Product Slider for WooCommerce WordPress plugin before 2.5.7 has flawed CSRF checks and lack authorisation in some of its AJAX actions, allowing any authenticated users, such as subscriber to call them. One in particular could allow them to delete arbitrary blog options.Show less
CVE-2022-2377 1Wpwax 1Directorist Jun 17, 2026 Aug 22, 2022 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Directorist WordPress plugin before 7.3.0 does not have authorisation and CSRF checks in an AJAX action, allowing any authenticated users to send arbitrary emails on behalf of the blog
CVE-2022-2375 1Okapitech 1Wp Sticky Button Jun 17, 2026 Aug 22, 2022 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The WP Sticky Button WordPress plugin before 1.4.1 does not have authorisation and CSRF checks when saving its settings, allowing unauthenticated users to update them. Furthermore, due to the lack of escaping in some of...Show more The WP Sticky Button WordPress plugin before 1.4.1 does not have authorisation and CSRF checks when saving its settings, allowing unauthenticated users to update them. Furthermore, due to the lack of escaping in some of them, it could lead to Stored Cross-Site Scripting issuesShow less
CVE-2022-2312 1Student Result Or Employee Database Project 1Student Result Or Employee Database Jun 17, 2026 Aug 22, 2022 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The Student Result or Employee Database WordPress plugin before 1.7.5 does not have CSRF in its AJAX actions, allowing attackers to make logged in user with a role as low as contributor to add/edit and delete students vi...Show more The Student Result or Employee Database WordPress plugin before 1.7.5 does not have CSRF in its AJAX actions, allowing attackers to make logged in user with a role as low as contributor to add/edit and delete students via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site scriptingShow less

Previous 1...276277278...469 Next