CWE-352
9,361 CVEs • Abstraction: Compound • Likelihood of Exploit: Medium
Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
CVEs (9,361)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Jenkins 1Failed Job Deactivator Jun 17, 2026 Jun 30, 2022 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 A cross-site request forgery (CSRF) vulnerability in Jenkins Failed Job Deactivator Plugin 1.2.1 and earlier allows attackers to disable jobs. |
1Jenkins 1Request Rename Or Delete Jun 17, 2026 Jun 30, 2022 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 A cross-site request forgery (CSRF) vulnerability in Jenkins Request Rename Or Delete Plugin 1.1.0 and earlier allows attackers to accept pending requests, thereby renaming or deleting jobs. |
1Jenkins 1Xpath Configuration Viewer Jun 17, 2026 Jun 30, 2022 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 A cross-site request forgery (CSRF) vulnerability in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers to create and delete XPath expressions. |
1Jenkins 1Deployment Dashboard Jun 17, 2026 Jun 30, 2022 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 A cross-site request forgery (CSRF) vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to connect to an attacker-specified HTTP URL using attacker-specified credentials. |
A cross-site request forgery (CSRF) vulnerability in Jenkins Recipe Plugin 1.2 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML. |
A cross-site request forgery (CSRF) vulnerability in Jenkins Matrix Reloaded Plugin 1.1.3 and earlier allows attackers to rebuild previous matrix builds. |
1Jenkins 1Xebialabs Xl Release Jun 17, 2026 Jun 30, 2022 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 A cross-site request forgery (CSRF) vulnerability in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtain...Show more |
A vulnerability classified as problematic was found in TrueConf Server 4.3.7. This vulnerability affects unknown code of the file /admin/service/stop/. The manipulation leads to cross-site request forgery. The attack can...Show more |
Marval MSM v14.19.0.12476 is vulnerable to Cross Site Request Forgery (CSRF). An attacker can disable the 2FA by sending the user a malicious form. |
Jorani v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /application/controllers/Users.php. |
The MyCSS WordPress plugin through 1.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack |
1Clean Contact Project 1Clean Contact Jun 17, 2026 Jun 27, 2022 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 The Clean-Contact WordPress plugin through 1.6 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored XSS due...Show more |
1Add Post Url Project 1Add Post Url Jun 17, 2026 Jun 27, 2022 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 The Add Post URL WordPress plugin through 2.1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-S...Show more |
1Cimy Header Image Rotator Project 1Cimy Header Image Rotator Jun 17, 2026 Jun 27, 2022 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 The Cimy Header Image Rotator WordPress plugin through 6.1.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack |
1Rotating Posts Project 1Rotating Posts Jun 17, 2026 Jun 27, 2022 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 The Rotating Posts WordPress plugin through 1.11 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack |
1Tiny Contact Form Project 1Tiny Contact Form Jun 17, 2026 Jun 27, 2022 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 The Tiny Contact Form WordPress plugin through 0.7 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack |
1Wp Post Styling Project 1Wp Post Styling Jun 17, 2026 Jun 27, 2022 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 The WP Post Styling WordPress plugin before 1.3.1 does not have CSRF checks in various actions, which could allow attackers to make a logged in admin delete plugin's data, update the settings, add new entries and more vi...Show more |
1Wp Sentry Project 1Wp Sentry Jun 17, 2026 Jun 27, 2022 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 The WP Sentry WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site S...Show more |
1Mailpress Project 1Mailpress Jun 17, 2026 Jun 27, 2022 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The MailPress WordPress plugin through 7.2.1 does not have CSRF checks in various places, which could allow attackers to make a logged in admin change the settings, purge log files and more via CSRF attacks |
1Openbook Book Data Project 1Openbook Book Data Jun 17, 2026 Jun 27, 2022 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 The OpenBook Book Data WordPress plugin through 3.5.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored C...Show more |