Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,360)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-29441 1Private Messages Project 1Private Messages Jun 17, 2026 Jun 15, 2022 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 Cross-Site Request Forgery (CSRF) vulnerability in Private Messages For WordPress plugin <= 2.1.10 at WordPress allows attackers to send messages.
CVE-2022-29439 1Nextcode 1Image Slider By Nextcode Jun 17, 2026 Jun 15, 2022 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 Cross-Site Request Forgery (CSRF) vulnerability in Image Slider by NextCode plugin <= 1.1.2 at WordPress allows deleting slides.
CVE-2022-29437 1Nextcode 1Image Slider By Nextcode Jun 17, 2026 Jun 15, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Image Slider by NextCode plugin <= 1.1.2 at WordPress.
CVE-2022-30930 1Phpgurukul 1Tourism Management System Jun 17, 2026 Jun 14, 2022 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 Tourism Management System Version: V 3.2 is affected by: Cross Site Request Forgery (CSRF).
CVE-2022-30931 1Employee Leaves Management System Project 1Employee Leaves Management System Jun 17, 2026 Jun 14, 2022 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Employee Leaves Management System (ELMS) V 2.1 is vulnerable to Cross Site Request Forgery (CSRF) via /myprofile.php.
CVE-2022-1969 1Script 1Mobile Browser Color Select Jun 17, 2026 Jun 13, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The Mobile browser color select plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the admin_update_data() fu...Show more The Mobile browser color select plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the admin_update_data() function. This makes it possible for unauthenticated attackers to inject malicious web scripts via forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2022-1749 1Wpmk Ajax Finder Project 1Wpmk Ajax Finder Jun 17, 2026 Jun 13, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The WPMK Ajax Finder WordPress plugin is vulnerable to Cross-Site Request Forgery via the createplugin_atf_admin_setting_page() function found in the ~/inc/config/create-plugin-config.php file due to a missing nonce chec...Show more The WPMK Ajax Finder WordPress plugin is vulnerable to Cross-Site Request Forgery via the createplugin_atf_admin_setting_page() function found in the ~/inc/config/create-plugin-config.php file due to a missing nonce check which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.1.Show less
CVE-2022-1918 1Toolbar To Share Project 1Toolbar To Share Jun 17, 2026 Jun 13, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The ToolBar to Share plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0. This is due to missing nonce validation on the plugin_toolbar_comparte page. This makes it poss...Show more The ToolBar to Share plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0. This is due to missing nonce validation on the plugin_toolbar_comparte page. This makes it possible for unauthenticated attackers to update the plugins settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2022-1900 1Copify 1Copify Jun 17, 2026 Jun 13, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The Copify plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.0. This is due to missing nonce validation on the CopifySettings page. This makes it possible for unauthen...Show more The Copify plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.0. This is due to missing nonce validation on the CopifySettings page. This makes it possible for unauthenticated attackers to update the plugins settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2022-1793 1Private Files Project 1Private Files Jun 17, 2026 Jun 13, 2022 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 The Private Files WordPress plugin through 0.40 is missing CSRF check when disabling the protection, which could allow attackers to make a logged in admin perform such action via a CSRF attack and make the blog public
CVE-2022-1792 1Quick Subscribe Project 1Quick Subscribe Jun 17, 2026 Jun 13, 2022 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 The Quick Subscribe WordPress plugin through 1.7.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and leading to Stored X...Show more The Quick Subscribe WordPress plugin through 1.7.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and leading to Stored XSS due to the lack of sanitisation and escaping in some of themShow less
CVE-2022-1791 1One Click Plugin Updater Project 1One Click Plugin Updater Jun 17, 2026 Jun 13, 2022 N/A· v4 8.1 HIGH· v3 5.8 MEDIUM· v2 The One Click Plugin Updater WordPress plugin through 2.4.14 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and disable /...Show more The One Click Plugin Updater WordPress plugin through 2.4.14 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and disable / hide the badge of the available updates and the related check.Show less
CVE-2022-1790 1New User Email Set Up Project 1New User Email Set Up Jun 17, 2026 Jun 13, 2022 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The New User Email Set Up WordPress plugin through 0.5.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVE-2022-1788 1Change Uploaded File Permissions Project 1Change Uploaded File Permissions Jun 17, 2026 Jun 13, 2022 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Due to missing checks the Change Uploaded File Permissions WordPress plugin through 4.0.0 is vulnerable to CSRF attacks. This can be used to change the file and folder permissions of any folder. This could be problematic...Show more Due to missing checks the Change Uploaded File Permissions WordPress plugin through 4.0.0 is vulnerable to CSRF attacks. This can be used to change the file and folder permissions of any folder. This could be problematic when specific files like ini files are made readable for everyone due to this.Show less
CVE-2022-1787 1Sideblog Project 1Sideblog Jun 17, 2026 Jun 13, 2022 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 The Sideblog WordPress plugin through 6.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Sc...Show more The Sideblog WordPress plugin through 6.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escapingShow less
CVE-2022-1781 1Posttabs Project 1Posttabs Jun 17, 2026 Jun 13, 2022 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 The postTabs WordPress plugin through 2.10.6 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, which also lead to Stored Cr...Show more The postTabs WordPress plugin through 2.10.6 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, which also lead to Stored Cross-Site Scripting due to the lack of sanitisation and escapingShow less
CVE-2022-1780 1Latex Project 1Latex Jun 17, 2026 Jun 13, 2022 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 The LaTeX for WordPress plugin through 3.4.10 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack which could also lead to Sto...Show more The LaTeX for WordPress plugin through 3.4.10 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack which could also lead to Stored Cross-Site Scripting due to the lack of sanitisation and escapingShow less
CVE-2022-1779 1Auto Delete Posts Project 1Auto Delete Posts Jun 17, 2026 Jun 13, 2022 N/A· v4 8.1 HIGH· v3 5.8 MEDIUM· v2 The Auto Delete Posts WordPress plugin through 1.3.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and delete specific p...Show more The Auto Delete Posts WordPress plugin through 1.3.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and delete specific posts, categories and attachments at once.Show less
CVE-2022-1765 1Hot Linked Image Cacher Project 1Hot Linked Image Cacher Jun 17, 2026 Jun 13, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The Hot Linked Image Cacher WordPress plugin through 1.16 is vulnerable to CSRF. This can be used to store / cache images from external domains on the server, which could lead to legal risks (due to copyright violations...Show more The Hot Linked Image Cacher WordPress plugin through 1.16 is vulnerable to CSRF. This can be used to store / cache images from external domains on the server, which could lead to legal risks (due to copyright violations or licensing rules).Show less
CVE-2022-1764 1Wp Chgfontsize Project 1Wp Chgfontsize Jun 17, 2026 Jun 13, 2022 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 The WP-chgFontSize WordPress plugin through 1.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-S...Show more The WP-chgFontSize WordPress plugin through 1.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escapingShow less

Previous 1...284285286...468 Next