← Back
CWE-352

9,349 CVEs • Abstraction: Compound • Likelihood of Exploit: Medium

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

JSON object

Loading...

CVEs (9,349)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2015-9413
1Eshop Project
1Eshop
Nov 21, 2024
Sep 26, 2019
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
The eshop plugin through 6.3.13 for WordPress has CSRF with resultant XSS via the wp-admin/admin.php?page=eshop-downloads.php title parameter.
CVE-2015-9409
1Alo Easymail Project
1Alo Easymail
Nov 21, 2024
Sep 25, 2019
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
The alo-easymail plugin before 2.6.01 for WordPress has CSRF with resultant XSS in pages/alo-easymail-admin-options.php.
CVE-2019-10408
1Jenkins
1Project Inheritance
Jun 17, 2026
Sep 25, 2019
N/A· v4
4.3 MEDIUM· v3
4.3 MEDIUM· v2
A cross-site request forgery vulnerability in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers to trigger project generation from templates.
CVE-2019-4515
1Ibm
1Security Key Lifecycle Manager
Jun 17, 2026
Sep 24, 2019
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
IBM Security Key Lifecycle Manager 3.0 and 3.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IB...Show more
IBM Security Key Lifecycle Manager 3.0 and 3.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 165137.Show less
CVE-2019-16721
15none
1Nonecms
Jun 17, 2026
Sep 23, 2019
N/A· v4
6.5 MEDIUM· v3
5.8 MEDIUM· v2
NoneCMS v1.3 has CSRF in public/index.php/admin/admin/dele.html, as demonstrated by deleting the admin user.
CVE-2019-16719
1Wtcms Project
1Wtcms
Jun 17, 2026
Sep 23, 2019
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
WTCMS 1.0 allows index.php?g=admin&m=index&a=index CSRF with resultant XSS.
CVE-2019-16706
1Kkcms Project
1Kkcms
Jun 17, 2026
Sep 23, 2019
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
kkcms v1.3 has a CSRF vulnerablity that can add an user account via admin/cms_user_add.php.
CVE-2019-16678
1Yzmcms
1Yzmcms
Jun 17, 2026
Sep 21, 2019
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
admin/urlrule/add.html in YzmCMS 5.3 allows CSRF with a resultant denial of service by adding a superseding route.
CVE-2019-16677
1Idreamsoft
1Icms
Jun 17, 2026
Sep 21, 2019
N/A· v4
6.5 MEDIUM· v3
5.8 MEDIUM· v2
An issue was discovered in idreamsoft iCMS V7.0. admincp.php?app=members&do=del allows CSRF.
CVE-2019-16660
1Joyplus Project
1Joyplus
Jun 17, 2026
Sep 21, 2019
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
joyplus-cms 1.6.0 has admin_ajax.php?action=savexml&tab=vodplay CSRF.
CVE-2019-16659
1Tuzicms
1Tuzicms
Jun 17, 2026
Sep 21, 2019
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
TuziCMS 2.0.6 has index.php/manage/link/do_add CSRF.
CVE-2019-16658
1Tuzicms
1Tuzicms
Jun 17, 2026
Sep 21, 2019
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
TuziCMS 2.0.6 has index.php/manage/notice/do_add CSRF.
CVE-2018-17789
1Prospecta
1Master Data Online
Nov 21, 2024
Sep 20, 2019
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
Prospecta Master Data Online (MDO) allows CSRF.
CVE-2015-9408
1Cyberseo
1Xpinner Lite
Nov 21, 2024
Sep 20, 2019
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
The xpinner-lite plugin through 2.2 for WordPress has wp-admin/options-general.php CSRF with resultant XSS.
CVE-2015-9394
1Usersultra
1Users Ultra Membership
Nov 21, 2024
Sep 20, 2019
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
The users-ultra plugin before 1.5.63 for WordPress has CSRF via action=package_add_new to wp-admin/admin-ajax.php.
CVE-2016-10997
1Yourinspirationweb
1Beauty Premium
Nov 21, 2024
Sep 20, 2019
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
The beauty-premium theme 1.0.8 for WordPress has CSRF with resultant arbitrary file upload in includes/sendmail.php.
CVE-2015-9388
1Mtouch Quiz Project
1Mtouch Quiz
Nov 21, 2024
Sep 20, 2019
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
The mtouch-quiz plugin before 3.1.3 for WordPress has wp-admin/edit.php CSRF with resultant XSS.
CVE-2015-9387
1Mtouch Quiz Project
1Mtouch Quiz
Nov 21, 2024
Sep 20, 2019
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
The mtouch-quiz plugin before 3.1.3 for WordPress has wp-admin/options-general.php CSRF.
CVE-2019-15089
1Prise
1Adas
Jun 17, 2026
Sep 20, 2019
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
An issue was discovered in PRiSE adAS 1.7.0. Forms have no CSRF protection, letting an attacker execute actions as the administrator.
CVE-2019-16531
1Layerbb
1Layerbb
Jun 17, 2026
Sep 20, 2019
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
LayerBB before 1.1.4 has multiple CSRF issues, as demonstrated by changing the System Settings via admin/general.php.