Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,359)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-46028 1Mblog Project 1Mblog Jun 17, 2026 Jan 20, 2022 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 In mblog <= 3.5.0 there is a CSRF vulnerability in the background article management. The attacker constructs a CSRF load. Once the administrator clicks a malicious link, the article will be deleted.
CVE-2021-46027 1Wangl1989 1Mysiteforme Jun 17, 2026 Jan 19, 2022 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 mysiteforme, as of 19-12-2022, has a CSRF vulnerability in the background blog management. The attacker constructs a CSRF load. Once the administrator clicks a malicious link, a blog tag will be added
CVE-2021-44777 1Email Tracker Project 1Email Tracker Jun 17, 2026 Jan 19, 2022 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 Cross-Site Request Forgery (CSRF) vulnerabilities leading to single or bulk e-mail entries deletion discovered in Email Tracker WordPress plugin (versions <= 5.2.6).
CVE-2022-0215 1Xootix 3Login/signup Popup Side Cart WoocommerceWaitlist Woocommerce Jun 17, 2026 Jan 18, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The Login/Signup Popup, Waitlist Woocommerce ( Back in stock notifier ), and Side Cart Woocommerce (Ajax) WordPress plugins by XootiX are vulnerable to Cross-Site Request Forgery via the save_settings function found in t...Show more The Login/Signup Popup, Waitlist Woocommerce ( Back in stock notifier ), and Side Cart Woocommerce (Ajax) WordPress plugins by XootiX are vulnerable to Cross-Site Request Forgery via the save_settings function found in the ~/includes/xoo-framework/admin/class-xoo-admin-settings.php file which makes it possible for attackers to update arbitrary options on a site that can be used to create an administrative user account and grant full privileged access to a compromised site. This affects versions <= 2.2 in Login/Signup Popup, versions <= 2.5.1 in Waitlist Woocommerce ( Back in stock notifier ), and versions <= 2.0 in Side Cart Woocommerce (Ajax).Show less
CVE-2022-0154 1Gitlab 1Gitlab Jun 17, 2026 Jan 18, 2022 N/A· v4 8.0 HIGH· v3 6.0 MEDIUM· v2 An issue has been discovered in GitLab affecting all versions starting from 7.7 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was vulnerable to a...Show more An issue has been discovered in GitLab affecting all versions starting from 7.7 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was vulnerable to a Cross-Site Request Forgery attack that allows a malicious user to have their GitHub project imported on another GitLab user account.Show less
CVE-2021-43353 1Crisp 1Crisp Jun 17, 2026 Jan 18, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The Crisp Live Chat WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the crisp_plugin_settings_page function found in the ~/crisp.php file, which made it possible for attac...Show more The Crisp Live Chat WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the crisp_plugin_settings_page function found in the ~/crisp.php file, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 0.31.Show less
CVE-2022-0245 1Livehelperchat 1Livehelperchat Jun 17, 2026 Jan 18, 2022 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 Cross-Site Request Forgery (CSRF) in GitHub repository livehelperchat/livehelperchat prior to 2.0.
CVE-2021-4164 1Janeczku 1Calibre Web Jun 17, 2026 Jan 17, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 calibre-web is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2021-25025 1Theeventscalendar 1Eventcalendar Jun 17, 2026 Jan 17, 2022 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 The EventCalendar WordPress plugin before 1.1.51 does not have proper authorisation and CSRF checks in the add_calendar_event AJAX actions, allowing users with a role as low as subscriber to create events
CVE-2022-0180 1Expresstech 1Quiz And Survey Master Jun 17, 2026 Jan 17, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote attacker to hijack the authentication of administrators and conduct arbitrary operations via a specially c...Show more Cross-site request forgery (CSRF) vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote attacker to hijack the authentication of administrators and conduct arbitrary operations via a specially crafted web page.Show less
CVE-2022-0238 2Fedoraproject Phoronix Media 2Fedora Phoronix Test Suite Jun 17, 2026 Jan 16, 2022 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2022-0226 1Livehelperchat 1Live Helper Chat Jun 17, 2026 Jan 14, 2022 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2022-0231 1Livehelperchat 1Live Helper Chat Jun 17, 2026 Jan 14, 2022 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2021-23227 1Php Everywhere Project 1Php Everywhere Jun 17, 2026 Jan 13, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross-Site Request Forgery (CSRF) vulnerability in Alexander Fuchs PHP Everywhere plugin <= 2.0.2 versions.
CVE-2022-0197 2Fedoraproject Phoronix Media 2Fedora Phoronix Test Suite Jun 17, 2026 Jan 13, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2022-0196 2Fedoraproject Phoronix Media 2Fedora Phoronix Test Suite Jun 17, 2026 Jan 13, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2022-23115 1Jenkins 1Batch Task Jun 17, 2026 Jan 12, 2022 N/A· v4 5.4 MEDIUM· v3 5.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerabilities in Jenkins batch task Plugin 1.19 and earlier allows attackers with Overall/Read access to retrieve logs, build or delete a batch task.
CVE-2022-23111 1Jenkins 1Publish Over Ssh Jun 17, 2026 Jan 12, 2022 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 A cross-site request forgery (CSRF) vulnerability in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials.
CVE-2022-20619 1Jenkins 1Bitbucket Branch Source Jun 17, 2026 Jan 12, 2022 N/A· v4 7.1 HIGH· v3 5.8 MEDIUM· v2 A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs...Show more A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.Show less
CVE-2022-20613 2Jenkins Oracle 2Communications Cloud Native Core Automated Test Suite Mailer Jun 17, 2026 Jan 12, 2022 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 A cross-site request forgery (CSRF) vulnerability in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname.

Previous 1...297298299...468 Next