Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,361)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-2146 1Import Csv Files Project 1Import Csv Files Jun 17, 2026 Jul 17, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The Import CSV Files WordPress plugin through 1.0 does not sanitise and escaped imported data before outputting them back in a page, and is lacking CSRF check when performing such action as well, resulting in a Reflected...Show more The Import CSV Files WordPress plugin through 1.0 does not sanitise and escaped imported data before outputting them back in a page, and is lacking CSRF check when performing such action as well, resulting in a Reflected Cross-Site ScriptingShow less
CVE-2022-2144 1Jquery Validation For Contact Form 7 Project 1Jquery Validation For Contact Form 7 Jun 17, 2026 Jul 17, 2022 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 The Jquery Validation For Contact Form 7 WordPress plugin before 5.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change Blog options like default_ro...Show more The Jquery Validation For Contact Form 7 WordPress plugin before 5.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change Blog options like default_role, users_can_register via a CSRF attackShow less
CVE-2022-1672 1Insights From Google Pagespeed Project 1Insights From Google Pagespeed Jun 17, 2026 Jul 17, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The Insights from Google PageSpeed WordPress plugin before 4.0.7 does not verify for CSRF before doing various actions such as deleting Custom URLs, which could allow attackers to make a logged in admin perform such acti...Show more The Insights from Google PageSpeed WordPress plugin before 4.0.7 does not verify for CSRF before doing various actions such as deleting Custom URLs, which could allow attackers to make a logged in admin perform such actions via CSRF attacksShow less
CVE-2022-35228 1Sap 1Businessobjects Business Intelligence Platform Jun 17, 2026 Jul 12, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 SAP BusinessObjects CMC allows an unauthenticated attacker to retrieve token information over the network which would otherwise be restricted. This can be achieved only when a legitimate user accesses the application and...Show more SAP BusinessObjects CMC allows an unauthenticated attacker to retrieve token information over the network which would otherwise be restricted. This can be achieved only when a legitimate user accesses the application and a local compromise occurs, like sniffing or social engineering. On successful exploitation, the attacker can completely compromise the application.Show less
CVE-2022-2123 1Wp Opt In Project 1Wp Opt In Jun 17, 2026 Jul 11, 2022 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 The WP Opt-in WordPress plugin through 1.4.1 is vulnerable to CSRF which allows changed plugin settings and can be used for sending spam emails.
CVE-2022-2091 1Cache Images Project 1Cache Images Jun 17, 2026 Jul 11, 2022 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The Cache Images WordPress plugin before 3.2.1 does not implement nonce checks, which could allow attackers to make any logged user upload images via a CSRF attack.
CVE-2022-1957 1Comment License Project 1Comment License Jun 17, 2026 Jul 11, 2022 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 The Comment License WordPress plugin before 1.4.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVE-2022-1956 1Shortcut Macros Project 1Shortcut Macros Jun 17, 2026 Jul 11, 2022 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 The Shortcut Macros WordPress plugin through 1.3 does not have authorisation and CSRF checks in place when updating its settings, which could allow any authenticated users, such as subscriber, to update them.
CVE-2022-1757 1Pagebar Project 1Pagebar Jun 17, 2026 Jul 11, 2022 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 The pagebar WordPress plugin before 2.70 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of...Show more The pagebar WordPress plugin before 2.70 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of sanitisation in some of them, it could also lead to Stored XSS issuesShow less
CVE-2022-1732 1Rename Wp Login Project 1Rename Wp Login Jun 17, 2026 Jul 11, 2022 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The Rename wp-login.php WordPress plugin through 2.6.0 does not have CSRF check in place when updating the secret login URL, which could allow attackers to make a logged in admin change them via a CSRF attack
CVE-2022-1626 1Sharebar Project 1Sharebar Jun 17, 2026 Jul 11, 2022 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 The Sharebar WordPress plugin through 1.4.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and also lead to Stored Cross-...Show more The Sharebar WordPress plugin through 1.4.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and also lead to Stored Cross-Site Scripting issue due to the lack of sanitisation and escaping in some of themShow less
CVE-2022-1599 1Admin Management Xtended Project 1Admin Management Xtended Jun 17, 2026 Jul 11, 2022 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The Admin Management Xtended WordPress plugin before 2.4.5 does not have CSRF checks in some of its AJAX actions, allowing attackers to make a logged users with the right capabilities to call them. This can lead to chang...Show more The Admin Management Xtended WordPress plugin before 2.4.5 does not have CSRF checks in some of its AJAX actions, allowing attackers to make a logged users with the right capabilities to call them. This can lead to changes in post status (draft, published), slug, post date, comment status (enabled, disabled) and more.Show less
CVE-2022-1576 1Themeisle 1Wp Maintenance Mode & Coming Soon Jun 17, 2026 Jul 11, 2022 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The WP Maintenance Mode & Coming Soon WordPress plugin before 2.4.5 is lacking CSRF when emptying the subscribed users list, which could allow attackers to make a logged in admin perform such action via a CSRF attack
CVE-2022-2353 1Microweber 1Microweber Jun 17, 2026 Jul 9, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Prior to microweber/microweber v1.2.20, due to improper neutralization of input, an attacker can steal tokens to perform cross-site request forgery, fetch contents from same-site and redirect a user.
CVE-2015-1785 1Imagely 1Nextgen Gallery Nov 21, 2024 Jul 7, 2022 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the web application. The vulnerabilities lie in how the application validates user upl...Show more In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the web application. The vulnerabilities lie in how the application validates user uploaded files and lack of security measures preventing unwanted HTTP requests.Show less
CVE-2021-31679 1Pescms 1Pescms Team Jun 17, 2026 Jul 6, 2022 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerability that allows attackers to delete admin and other members' account numbers.
CVE-2021-31678 1Pescms 1Pescms Team Jun 17, 2026 Jul 6, 2022 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerability that can delete import information about a user's company.
CVE-2021-31677 1Pescms 1Pescms Team Jun 17, 2026 Jul 6, 2022 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerability that can modify admin and other members' passwords.
CVE-2021-23163 1Jfrog 1Artifactory Jun 17, 2026 Jul 6, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 JFrog Artifactory prior to version 7.33.6 and 6.23.38, is vulnerable to CSRF ( Cross-Site Request Forgery) for specific endpoints. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions before 7.33.6 vers...Show more JFrog Artifactory prior to version 7.33.6 and 6.23.38, is vulnerable to CSRF ( Cross-Site Request Forgery) for specific endpoints. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions before 7.33.6 versions prior to 7.x; JFrog Artifactory versions before 6.23.38 versions prior to 6.x.Show less
CVE-2022-1967 1Wp Championship Project 1Wp Championship Jun 17, 2026 Jul 4, 2022 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The WP Championship WordPress plugin before 9.3 is lacking CSRF checks in various places, allowing attackers to make a logged in admin perform unwanted actions, such as create and delete arbitrary teams as well as update...Show more The WP Championship WordPress plugin before 9.3 is lacking CSRF checks in various places, allowing attackers to make a logged in admin perform unwanted actions, such as create and delete arbitrary teams as well as update the plugin's settings. Due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issuesShow less

Previous 1...280281282...469 Next