Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,349)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2017-18607 1Theme Fusion 1Avada Nov 21, 2024 Sep 10, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The avada theme before 5.1.5 for WordPress has CSRF.
CVE-2019-10253 1Teammatesolutions 1Teammate+ Jun 17, 2026 Sep 9, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 A Cross-Site Request Forgery (CSRF) vulnerability exists in TeamMate+ 21.0.0.0 that allows a remote attacker to modify application data (upload malicious/forged files on a TeamMate server, or replace existing uploaded fi...Show more A Cross-Site Request Forgery (CSRF) vulnerability exists in TeamMate+ 21.0.0.0 that allows a remote attacker to modify application data (upload malicious/forged files on a TeamMate server, or replace existing uploaded files with malicious/forged files). The specific flaw exists within the handling of Upload/DomainObjectDocumentUpload.ashx requests because of failure to validate a CSRF token before handling a POST request.Show less
CVE-2019-16099 1Silver Peak 1Unity Edgeconnect Sd Wan Firmware Jun 17, 2026 Sep 8, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows CSRF via JSON data to a .swf file.
CVE-2019-15128 1If.svnadmin Project 1If.svnadmin Jun 17, 2026 Sep 6, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 iF.SVNAdmin through 1.6.2 allows svnadmin/usercreate.php CSRF to create a user.
CVE-2019-16059 1Sapplica 1Sentrifugo Jun 17, 2026 Sep 6, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Sentrifugo 3.2 lacks CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code at index.php/dashboard/viewprofile via a crafted HTML page.
CVE-2019-15868 1Wpaffiliatemanager 1Affiliates Manager Jun 17, 2026 Sep 3, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The affiliates-manager plugin before 2.6.6 for WordPress has CSRF.
CVE-2019-15865 1Holest 1Breadcrumbs By Menu Jun 17, 2026 Sep 3, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The breadcrumbs-by-menu plugin before 1.0.3 for WordPress has CSRF.
CVE-2019-15841 1Facebook 1Facebook For Woocommerce Jun 17, 2026 Aug 30, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The facebook-for-woocommerce plugin before 1.9.15 for WordPress has CSRF via ajax_woo_infobanner_post_click, ajax_woo_infobanner_post_xout, or ajax_fb_toggle_visibility.
CVE-2019-15840 1Facebook 1Facebook For Woocommerce Jun 17, 2026 Aug 30, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The facebook-for-woocommerce plugin before 1.9.14 for WordPress has CSRF.
CVE-2019-15835 1Wp Better Permalinks Project 1Wp Better Permalinks Jun 17, 2026 Aug 30, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The wp-better-permalinks plugin before 3.0.5 for WordPress has CSRF.
CVE-2019-15834 1Webp Converter For Media Project 1Webp Converter For Media Jun 17, 2026 Aug 30, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The webp-converter-for-media plugin before 1.0.3 for WordPress has CSRF.
CVE-2019-15832 1Wp Buy 1Visitor Traffic Real Time Statistics Jun 17, 2026 Aug 30, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The visitors-traffic-real-time-statistics plugin before 1.13 for WordPress has CSRF.
CVE-2019-15831 1Wp Buy 1Visitor Traffic Real Time Statistics Jun 17, 2026 Aug 30, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The visitors-traffic-real-time-statistics plugin before 1.12 for WordPress has CSRF in the settings page.
CVE-2019-15828 1Tribulant 1One Click Ssl Jun 17, 2026 Aug 30, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The one-click-ssl plugin before 1.4.7 for WordPress has CSRF.
CVE-2015-9380 110web 1Photo Gallery Nov 21, 2024 Aug 30, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The photo-gallery plugin before 1.2.42 for WordPress has CSRF.
CVE-2019-15781 1Weblizar 1Social Likebox & Feed Jun 17, 2026 Aug 29, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The facebook-by-weblizar plugin before 2.8.5 for WordPress has CSRF.
CVE-2019-15779 1Quadlayers 1Wp Social Feed Gallery Jun 17, 2026 Aug 29, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The insta-gallery plugin before 2.4.8 for WordPress has no nonce validation for qligg_dismiss_notice or qligg_form_item_delete.
CVE-2019-15770 1Hallme 1Woocommerce Address Book Jun 17, 2026 Aug 29, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The woo-address-book plugin before 1.6.0 for WordPress has save calls without nonce verification checks.
CVE-2019-15769 1Haktansuren 1Handl Utm Grabber Jun 17, 2026 Aug 29, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The handl-utm-grabber plugin before 2.6.5 for WordPress has CSRF via add_option and update_option.
CVE-2019-10057 1Lexmark 25Cs31x Firmware Cs41x FirmwareCx310 Firmware+22 more Jun 17, 2026 Aug 28, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Various Lexmark products have CSRF.

Previous 1...350351352...468 Next