Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,360)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-23983 1Wp Buy 1Wp Content Copy Protection & No Right Click Jun 17, 2026 Feb 21, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross-Site Request Forgery (CSRF) vulnerability leading to plugin Settings Update discovered in WP Content Copy Protection & No Right Click WordPress plugin (versions <= 3.4.4).
CVE-2022-0313 1Wow Estore 1Float Menu Jun 17, 2026 Feb 21, 2022 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 The Float menu WordPress plugin before 4.3.1 does not have CSRF check in place when deleting menu, which could allow attackers to make a logged in admin delete them via a CSRF attack
CVE-2022-0199 1Wpdevart 1Coming Soon And Maintenance Mode Jun 17, 2026 Feb 21, 2022 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 The Coming soon and Maintenance mode WordPress plugin before 3.6.8 does not have CSRF check in its coming_soon_send_mail AJAX action, allowing attackers to make logged in admin to send arbitrary emails to all subscribed...Show more The Coming soon and Maintenance mode WordPress plugin before 3.6.8 does not have CSRF check in its coming_soon_send_mail AJAX action, allowing attackers to make logged in admin to send arbitrary emails to all subscribed users via a CSRF attackShow less
CVE-2022-0164 1Wpdevart 1Coming Soon And Maintenance Mode Jun 17, 2026 Feb 21, 2022 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 The Coming soon and Maintenance mode WordPress plugin before 3.5.3 does not have authorisation and CSRF checks in its coming_soon_send_mail AJAX action, allowing any authenticated users, with a role as low as subscriber...Show more The Coming soon and Maintenance mode WordPress plugin before 3.5.3 does not have authorisation and CSRF checks in its coming_soon_send_mail AJAX action, allowing any authenticated users, with a role as low as subscriber to send arbitrary emails to all subscribed usersShow less
CVE-2022-0134 1Bologer 1Anycomment Jun 17, 2026 Feb 21, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The AnyComment WordPress plugin before 0.2.18 does not have CSRF checks in the Import and Revert HyperComments features, allowing attackers to make logged in admin perform such actions via a CSRF attack
CVE-2021-45007 1Plesk 1Plesk Jun 17, 2026 Feb 20, 2022 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Plesk 18.0.37 is affected by a Cross Site Request Forgery (CSRF) vulnerability that allows an attacker to insert data on the user and admin panel. NOTE: the vendor states that this is only a site-specific problem on webs...Show more Plesk 18.0.37 is affected by a Cross Site Request Forgery (CSRF) vulnerability that allows an attacker to insert data on the user and admin panel. NOTE: the vendor states that this is only a site-specific problem on websites of one or more Plesk usersShow less
CVE-2022-0638 1Microweber 1Microweber Jun 17, 2026 Feb 17, 2022 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber prior to 1.2.11.
CVE-2022-25242 1Filecloud 1Filecloud Jun 17, 2026 Feb 16, 2022 N/A· v4 8.8 HIGH· v3 5.1 MEDIUM· v2 In FileCloud before 21.3, file upload is not protected against Cross-Site Request Forgery (CSRF).
CVE-2022-25241 1Filecloud 1Filecloud Jun 17, 2026 Feb 16, 2022 N/A· v4 8.8 HIGH· v3 5.1 MEDIUM· v2 In FileCloud before 21.3, the CSV user import functionality is vulnerable to Cross-Site Request Forgery (CSRF).
CVE-2021-46252 1Scratch Wiki 1Scratch Confirmaccount V3 Jun 17, 2026 Feb 15, 2022 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 A Cross-Site Request Forgery (CSRF) in RequirementsBypassPage.php of Scratch Wiki scratch-confirmaccount-v3 allows attackers to modify account request requirement bypasses.
CVE-2022-25212 1Jenkins 1Swamp Jun 17, 2026 Feb 15, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A cross-site request forgery (CSRF) vulnerability in Jenkins SWAMP Plugin 1.2.6 and earlier allows attackers to connect to an attacker-specified web server using attacker-specified credentials.
CVE-2022-25207 1Jenkins 1Chef Sinatra Jun 17, 2026 Feb 15, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A cross-site request forgery (CSRF) vulnerability in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response.
CVE-2022-25205 1Jenkins 1Dbcharts Jun 17, 2026 Feb 15, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A cross-site request forgery (CSRF) vulnerability in Jenkins dbCharts Plugin 0.5.2 and earlier allows attackers to connect to an attacker-specified database via JDBC using attacker-specified credentials and to determine...Show more A cross-site request forgery (CSRF) vulnerability in Jenkins dbCharts Plugin 0.5.2 and earlier allows attackers to connect to an attacker-specified database via JDBC using attacker-specified credentials and to determine if a class is available in the Jenkins instance.Show less
CVE-2022-25200 1Jenkins 1Checkmarx Jun 17, 2026 Feb 15, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A cross-site request forgery (CSRF) vulnerability in Jenkins Checkmarx Plugin 2022.1.2 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through...Show more A cross-site request forgery (CSRF) vulnerability in Jenkins Checkmarx Plugin 2022.1.2 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.Show less
CVE-2022-25198 1Jenkins 1Scp Publisher Jun 17, 2026 Feb 15, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A cross-site request forgery (CSRF) vulnerability in Jenkins SCP publisher Plugin 1.8 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials.
CVE-2022-25194 1Jenkins 1Autonomiq Jun 17, 2026 Feb 15, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A cross-site request forgery (CSRF) vulnerability in Jenkins autonomiq Plugin 1.15 and earlier allows attackers to connect to an attacker-specified URL server using attacker-specified credentials.
CVE-2022-25192 1Jenkins 1Snow Commander Jun 17, 2026 Feb 15, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A cross-site request forgery (CSRF) vulnerability in Jenkins Snow Commander Plugin 1.10 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through...Show more A cross-site request forgery (CSRF) vulnerability in Jenkins Snow Commander Plugin 1.10 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.Show less
CVE-2022-23384 1Yzmcms 1Yzmcms Jun 17, 2026 Feb 15, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 YzmCMS v6.3 is affected by Cross Site Request Forgery (CSRF) in /admin.add
CVE-2021-43941 1Atlassian 2Jira Data Center Jira Server Jun 17, 2026 Feb 15, 2022 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify several resources (including CsvFieldMappingsPage.jspa and ImporterValueMappingsPage.jspa) via a Cross-Site Request Forgery (CSR...Show more Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify several resources (including CsvFieldMappingsPage.jspa and ImporterValueMappingsPage.jspa) via a Cross-Site Request Forgery (CSRF) vulnerability in the jira-importers-plugin. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3.Show less
CVE-2021-43953 1Atlassian 2Data Center Jira Jun 17, 2026 Feb 15, 2022 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to toggle the Thread Contention and CPU monitoring settings via a Cross-Site Request Forgery (CSRF) vulnerability in the /...Show more Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to toggle the Thread Contention and CPU monitoring settings via a Cross-Site Request Forgery (CSRF) vulnerability in the /secure/admin/ViewInstrumentation.jspa endpoint. The affected versions are before version 8.13.16, and from version 8.14.0 before 8.20.5.Show less

Previous 1...294295296...468 Next