Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,349)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2016-10989 1Leenk 1Leenk.me Nov 21, 2024 Sep 17, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The leenkme plugin before 2.6.0 for WordPress has wp-admin/admin.php?page=leenkme_facebook CSRF.
CVE-2016-10982 1Kentothemes 1Kento Post View Counter Nov 21, 2024 Sep 17, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The kento-post-view-counter plugin through 2.8 for WordPress has wp-admin/admin.php?page=kentopvc_settings CSRF.
CVE-2016-10978 1Fossura 1Tag Miner Nov 21, 2024 Sep 17, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The fossura-tag-miner plugin before 1.1.5 for WordPress has CSRF.
CVE-2016-10974 1Tonjoostudio 1Fluid Responsive Slideshow Nov 21, 2024 Sep 17, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The fluid-responsive-slideshow plugin before 2.2.7 for WordPress has frs_save CSRF with resultant stored XSS.
CVE-2016-10962 1Icegram 1Icegram Engage Nov 21, 2024 Sep 16, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The icegram plugin before 1.9.19 for WordPress has CSRF via the wp-admin/edit.php option_name parameter.
CVE-2019-16311 1Niushop 1Niushop Jun 17, 2026 Sep 14, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 NIUSHOP V1.11 has CSRF via search_info to index.php.
CVE-2019-13920 1Siemens 1Sinema Remote Connect Server Jun 17, 2026 Sep 13, 2019 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). Some parts of the web application are not protected against Cross Site Request Forgery (CSRF) attacks. The security vulnerabi...Show more A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). Some parts of the web application are not protected against Cross Site Request Forgery (CSRF) attacks. The security vulnerability could be exploited by an attacker that is able to trigger requests of a logged-in user to the application. The vulnerability could allow switching the connectivity state of a user or a device. At the time of advisory publication no public exploitation of this security vulnerability was known.Show less
CVE-2019-13364 1Piwigo 1Piwigo Jun 17, 2026 Sep 13, 2019 N/A· v4 9.6 CRITICAL· v3 6.8 MEDIUM· v2 admin.php?page=account_billing in Piwigo 2.9.5 has XSS via the vat_number, billing_name, company, or billing_address parameter. This is exploitable via CSRF.
CVE-2019-13363 1Piwigo 1Piwigo Jun 17, 2026 Sep 13, 2019 N/A· v4 9.6 CRITICAL· v3 6.8 MEDIUM· v2 admin.php?page=notification_by_mail in Piwigo 2.9.5 has XSS via the nbm_send_html_mail, nbm_send_mail_as, nbm_send_detailed_content, nbm_complementary_mail_content, nbm&#95...Show more admin.php?page=notification_by_mail in Piwigo 2.9.5 has XSS via the nbm_send_html_mail, nbm_send_mail_as, nbm_send_detailed_content, nbm_complementary_mail_content, nbm_send_recent_post_dates, or param_submit parameter. This is exploitable via CSRF.Show less
CVE-2019-12922 2Fedoraproject Phpmyadmin 2Fedora Phpmyadmin Jun 17, 2026 Sep 13, 2019 N/A· v4 6.5 MEDIUM· v3 5.8 MEDIUM· v2 A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in the Setup page.
CVE-2016-10946 1Wp D3 Project 1Wp D3 Nov 21, 2024 Sep 13, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The wp-d3 plugin before 2.4.1 for WordPress has CSRF.
CVE-2016-10945 1Pagelines 1Pagelines Nov 21, 2024 Sep 13, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The PageLines theme 1.1.4 for WordPress has wp-admin/admin-post.php?page=pagelines CSRF.
CVE-2016-10944 1Wpmaz 1Multisite Post Duplicator Nov 21, 2024 Sep 13, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The multisite-post-duplicator plugin before 1.1.3 for WordPress has wp-admin/tools.php?page=mpd CSRF.
CVE-2016-10938 1Copy Me Project 1Copy Me Nov 21, 2024 Sep 13, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The copy-me plugin 1.0.0 for WordPress has CSRF for copying non-public posts to a public location.
CVE-2019-5993 1Tipsandtricks Hq 1Category Specific Rss Feed Subscription Jun 17, 2026 Sep 12, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in Category Specific RSS feed Subscription version v2.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
CVE-2019-5992 1Ultra Prod 1Wordpress Ultra Simple Paypal Shopping Cart Jun 17, 2026 Sep 12, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in WordPress Ultra Simple Paypal Shopping Cart v4.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
CVE-2019-5986 2Ntt East Ntt West 46Pr 400ki Firmware Pr 400ki FirmwarePr 400mi Firmware+43 more Jun 17, 2026 Sep 12, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in Hikari Denwa router/Home GateWay (Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware ver...Show more Cross-site request forgery (CSRF) vulnerability in Hikari Denwa router/Home GateWay (Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier, PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier, PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier, RS-500KI firmware version Ver.01.00.0070 and earlier, PR-500MI/RT-500MI firmware version Ver.01.01.0014 and earlier, and RS-500MI firmware version Ver.03.01.0019 and earlier, and Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier, PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier, PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier, and PR-500MI/RT-500MI firmware version Ver.01.01.0011 and earlier) allow remote attackers to hijack the authentication of administrators via unspecified vectors.Show less
CVE-2019-1261 1Microsoft 3Sharepoint Enterprise Server Sharepoint FoundationSharepoint Server Jun 17, 2026 Sep 11, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests to authorize applications, resulting in cross-site request forgery (CSRF).To exploit this vulnerability, an attacker would need...Show more A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests to authorize applications, resulting in cross-site request forgery (CSRF).To exploit this vulnerability, an attacker would need to create a page specifically designed to cause a cross-site request, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1259.Show less
CVE-2019-1259 1Microsoft 1Sharepoint Foundation Jun 17, 2026 Sep 11, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests to authorize applications, resulting in cross-site request forgery (CSRF).To exploit this vulnerability, an attacker would need...Show more A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests to authorize applications, resulting in cross-site request forgery (CSRF).To exploit this vulnerability, an attacker would need to create a page specifically designed to cause a cross-site request, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1261.Show less
CVE-2019-14998 1Atlassian 1Jira Server Jun 17, 2026 Sep 11, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The Webwork action Cross-Site Request Forgery (CSRF) protection implementation in Jira before version 8.4.0 allows remote attackers to bypass its protection via "cookie tossing" a CSRF cookie from a subdomain of a Jira i...Show more The Webwork action Cross-Site Request Forgery (CSRF) protection implementation in Jira before version 8.4.0 allows remote attackers to bypass its protection via "cookie tossing" a CSRF cookie from a subdomain of a Jira instance.Show less

Previous 1...349350351...468 Next