CWE-352
9,361 CVEs • Abstraction: Compound • Likelihood of Exploit: Medium
Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
CVEs (9,361)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Underconstruction Project 1Underconstruction Jun 17, 2026 Jun 20, 2022 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 The underConstruction WordPress plugin before 1.20 does not have CSRF check in place when deactivating the construction mode, which could allow attackers to make a logged in admin perform such action via a CSRF attack |
1Capa Protect Project 1Capa Protect Jun 17, 2026 Jun 20, 2022 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The CaPa Protect WordPress plugin through 0.5.8.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and disable the applied...Show more |
The WPlite WordPress plugin through 1.3.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack |
1Amazon Einzeltitellinks Project 1Amazon Einzeltitellinks Jun 17, 2026 Jun 20, 2022 N/A· v4 6.5 MEDIUM· v3 3.5 LOW· v2 The Amazon Einzeltitellinks WordPress plugin through 1.3.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Sto...Show more |
1Inline Google Maps Project 1Inline Google Maps Jun 17, 2026 Jun 20, 2022 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The Inline Google Maps WordPress plugin through 5.11 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, and lead to Stored C...Show more |
1Pdf24 Articles To Pdf Project 1Pdf24 Articles To Pdf Jun 17, 2026 Jun 20, 2022 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The PDF24 Articles To PDF WordPress plugin through 4.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack |
1Pdf24 Articles To Pdf Project 1Pdf24 Articles To Pdf Jun 17, 2026 Jun 20, 2022 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The PDF24 Article To PDF WordPress plugin through 4.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack |
1Cross Linker Project 1Cross Linker Jun 17, 2026 Jun 20, 2022 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The Cross-Linker WordPress plugin through 3.0.1.9 does not have CSRF check in place when creating Cross-Links, which could allow attackers to make a logged in admin perform such action via a CSRF attack |
1Multi Page Toolkit Project 1Multi Page Toolkit Jun 17, 2026 Jun 20, 2022 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 The Multi-page Toolkit WordPress plugin through 2.6 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cro...Show more |
The WP-EMail WordPress plugin before 2.69.0 does not protect its log deletion functionality with nonce checks, allowing attacker to make a logged in admin delete logs via a CSRF attack |
1Seamless Donations Project 1Seamless Donations Jun 17, 2026 Jun 20, 2022 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The Seamless Donations WordPress plugin before 5.1.9 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack |
The Mail Subscribe List WordPress plugin before 2.1.4 does not have CSRF check in place when deleting subscribed users, which could allow attackers to make a logged in admin perform such action and delete arbitrary users...Show more |
A vulnerability was found in Elefant CMS 1.3.12-RC and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. Th...Show more |
1Trendnet 1Tew 831dr Firmware Jun 17, 2026 Jun 16, 2022 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The username and password setup for the web interface does not require entering the existing password. A malicious user can change the username and pas...Show more |
1Trendnet 1Tew 831dr Firmware Jun 17, 2026 Jun 16, 2022 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The web interface is vulnerable to CSRF. An attacker can change the pre-shared key of the Wi-Fi router if the interface's IP address is known. |
JForum v2.8.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via http://target_host:port/jforum-2.8.0/jforum.page, which allows attackers to arbitrarily add admin accounts. |
1Razormist 1Online Discussion Forum Site Jun 17, 2026 Jun 16, 2022 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 An issue in the save_users() function of Online Discussion Forum Site 1 allows unauthenticated attackers to arbitrarily create or update user accounts. |
1Xyzscripts 1Contact Form Manager Nov 21, 2024 Jun 16, 2022 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 A vulnerability was found in XYZScripts Contact Form Manager Plugin. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery....Show more |
Cross-Site Request Forgery (CSRF) vulnerability in Photo Gallery by Supsystic plugin <= 1.15.5 at WordPress allows changing the plugin settings. |
1Admin Management Xtended Project 1Admin Management Xtended Jun 17, 2026 Jun 15, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Admin Management Xtended plugin <= 2.4.4 at WordPress. |