Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,361)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-1653 1Supsystic 1Social Share Buttons Jun 17, 2026 Jun 27, 2022 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 The Social Share Buttons by Supsystic WordPress plugin before 2.2.4 does not perform CSRF checks in it's ajax endpoints and admin pages, allowing an attacker to trick any logged in user to manipulate or change the plugin...Show more The Social Share Buttons by Supsystic WordPress plugin before 2.2.4 does not perform CSRF checks in it's ajax endpoints and admin pages, allowing an attacker to trick any logged in user to manipulate or change the plugin settings, as well as create, delete and rename projects and networks.Show less
CVE-2022-1627 1Zatzlabs 1My Private Site Jun 17, 2026 Jun 27, 2022 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 The My Private Site WordPress plugin before 3.0.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVE-2022-1625 1Wpexperts 1New User Approve Jun 17, 2026 Jun 27, 2022 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 The New User Approve WordPress plugin before 2.4 does not have CSRF check in place when updating its settings and adding invitation codes, which could allow attackers to add invitation codes (for bypassing the provided r...Show more The New User Approve WordPress plugin before 2.4 does not have CSRF check in place when updating its settings and adding invitation codes, which could allow attackers to add invitation codes (for bypassing the provided restrictions) and to change plugin settings by tricking admin users into visiting specially crafted websites.Show less
CVE-2022-1574 1Html2wp Project 1Html2wp Jun 17, 2026 Jun 27, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The HTML2WP WordPress plugin through 1.0.0 does not have authorisation and CSRF checks when importing files, and does not validate them, as a result, unauthenticated attackers can upload arbitrary files (such as PHP) on...Show more The HTML2WP WordPress plugin through 1.0.0 does not have authorisation and CSRF checks when importing files, and does not validate them, as a result, unauthenticated attackers can upload arbitrary files (such as PHP) on the remote serverShow less
CVE-2022-1573 1Html2wp Project 1Html2wp Jun 17, 2026 Jun 27, 2022 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 The HTML2WP WordPress plugin through 1.0.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them
CVE-2022-1572 1Html2wp Project 1Html2wp Jun 17, 2026 Jun 27, 2022 N/A· v4 8.1 HIGH· v3 5.5 MEDIUM· v2 The HTML2WP WordPress plugin through 1.0.0 does not have authorisation and CSRF checks in an AJAX action, available to any authenticated users such as subscriber, which could allow them to delete arbitrary file
CVE-2022-0875 1Miniorange 1Google Authenticator Jun 17, 2026 Jun 27, 2022 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 The Google Authenticator WordPress plugin before 1.0.5 does not have CSRF check when saving its settings, and does not sanitise as well as escape them, allowing attackers to make a logged in admin change them and perform...Show more The Google Authenticator WordPress plugin before 1.0.5 does not have CSRF check when saving its settings, and does not sanitise as well as escape them, allowing attackers to make a logged in admin change them and perform Cross-Site Scripting attacksShow less
CVE-2022-0444 1Watchful 1Xcloner Jun 17, 2026 Jun 27, 2022 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 The Backup, Restore and Migrate WordPress Sites With the XCloner Plugin WordPress plugin before 4.3.6 does not have authorisation and CSRF checks when resetting its settings, allowing unauthenticated attackers to reset t...Show more The Backup, Restore and Migrate WordPress Sites With the XCloner Plugin WordPress plugin before 4.3.6 does not have authorisation and CSRF checks when resetting its settings, allowing unauthenticated attackers to reset them, including generating a new backup encryption key.Show less
CVE-2022-33121 11234n 1Minicms Jun 17, 2026 Jun 24, 2022 N/A· v4 8.1 HIGH· v3 5.8 MEDIUM· v2 A Cross-Site Request Forgery (CSRF) in MiniCMS v1.11 allows attackers to arbitrarily delete local .dat files via clicking on a malicious link.
CVE-2017-20093 1W3eden 1Download Manager Mar 21, 2025 Jun 24, 2022 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 A vulnerability, which was classified as problematic, was found in Download Manager Plugin 2.8.99. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attac...Show more A vulnerability, which was classified as problematic, was found in Download Manager Plugin 2.8.99. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely.Show less
CVE-2022-34211 1Jenkins 1Vrealize Orchestrator Jun 17, 2026 Jun 23, 2022 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 A cross-site request forgery (CSRF) vulnerability in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers to send an HTTP POST request to an attacker-specified URL.
CVE-2022-34209 1Jenkins 1Threadfix Jun 17, 2026 Jun 23, 2022 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 A cross-site request forgery (CSRF) vulnerability in Jenkins ThreadFix Plugin 1.5.4 and earlier allows attackers to connect to an attacker-specified URL.
CVE-2022-34207 1Jenkins 1Beaker Builder Jun 17, 2026 Jun 23, 2022 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 A cross-site request forgery (CSRF) vulnerability in Jenkins Beaker builder Plugin 1.10 and earlier allows attackers to connect to an attacker-specified URL.
CVE-2022-34205 1Jenkins 1Jianliao Notification Jun 17, 2026 Jun 23, 2022 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 A cross-site request forgery (CSRF) vulnerability in Jenkins Jianliao Notification Plugin 1.1 and earlier allows attackers to send HTTP POST requests to an attacker-specified URL.
CVE-2022-34203 1Jenkins 1Easyqa Jun 17, 2026 Jun 23, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A cross-site request forgery (CSRF) vulnerability in Jenkins EasyQA Plugin 1.0 and earlier allows attackers to connect to an attacker-specified HTTP server.
CVE-2022-34200 1Jenkins 1Convertigo Mobile Platform Jun 17, 2026 Jun 23, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A cross-site request forgery (CSRF) vulnerability in Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier allows attackers to connect to an attacker-specified URL.
CVE-2017-20091 1Wpjos 1Library File Manager Nov 21, 2024 Jun 23, 2022 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 A vulnerability was found in File Manager Plugin 3.0.1. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack rem...Show more A vulnerability was found in File Manager Plugin 3.0.1. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely.Show less
CVE-2017-20090 1Global Content Blocks Project 1Global Content Blocks Nov 21, 2024 Jun 23, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A vulnerability was found in Global Content Blocks Plugin 2.1.5. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initi...Show more A vulnerability was found in Global Content Blocks Plugin 2.1.5. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely.Show less
CVE-2017-20088 1Bytesforall 1Atahualpa Nov 21, 2024 Jun 23, 2022 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 A vulnerability classified as problematic has been found in Atahualpa Theme. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely.
CVE-2017-20065 1Supsystic 1Popup Nov 21, 2024 Jun 20, 2022 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 A vulnerability was found in Supsystic Popup Plugin 1.7.6 and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remot...Show more A vulnerability was found in Supsystic Popup Plugin 1.7.6 and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.Show less

Previous 1...282283284...469 Next