CWE-352
9,349 CVEs • Abstraction: Compound • Likelihood of Exploit: Medium
Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
CVEs (9,349)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Manageyourteam 1Myt Project Management Jun 17, 2026 Aug 28, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 MyT Project Management 1.5.1 lacks CSRF protection and, for example, allows a user/create CSRF attack. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML...Show more |
3Jenkins OracleRedhat3Communications Cloud Native Core Automated Test Suite JenkinsOpenshift Container PlatformJun 17, 2026 Aug 28, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed users to obtain CSRF tokens without an associated web session ID, resulting in CSRF tokens that did not expire and could be used to bypass CSRF protection for th...Show more |
Multiple CSRF issues exist in MicroPyramid Django CRM 0.2.1 via /change-password-by-admin/, /api/settings/add/, /cases/create/, /change-password-by-admin/, /comment/add/, /documents/1/view/, /documents/create/, /opportun...Show more |
The wp-members plugin before 3.2.8 for WordPress has CSRF. |
1Elearningfreak 1Insert Or Embed Articulate Content Jun 17, 2026 Aug 27, 2019 N/A· v4 6.5 MEDIUM· v3 5.5 MEDIUM· v2 The insert-or-embed-articulate-content-into-wordpress plugin before 4.29991 for WordPress has insufficient restrictions on deleting or renaming by a Subscriber. |
The zoho-salesiq plugin before 1.0.9 for WordPress has CSRF. |
1Bbpress Move Topics Project 1Bbpress Move Topics Nov 21, 2024 Aug 27, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The bbp-move-topics plugin before 1.1.6 for WordPress has CSRF. |
The js-support-ticket plugin before 2.0.6 for WordPress has CSRF. |
The wp-rollback plugin before 1.2.3 for WordPress has CSRF. |
Discourse 2.3.2 sends the CSRF token in the query string. |
The ServiceExecutor resource in Jira before version 8.3.2 allows remote attackers to trigger the creation of export files via a Cross-site request forgery (CSRF) vulnerability. |
1Atlassian 1Universal Plugin Manager Jun 17, 2026 Aug 23, 2019 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 The Uninstall REST endpoint in Atlassian Universal Plugin Manager before version 2.22.19, from version 3.0.0 before version 3.0.3 and from version 4.0.0 before version 4.0.3 allows remote attackers to uninstall plugins u...Show more |
The ViewSystemInfo class doGarbageCollection method in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to trigger garbage collectio...Show more |
Various exposed resources of the ViewLogging class in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allow remote attackers to modify various settings via...Show more |
The AddResolution.jspa resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to create new resolutions via a Cross-site reque...Show more |
openITCOCKPIT before 3.7.1 has CSRF, aka RVID 2-445b21. |
1Codection 1Import Users From Csv With Meta Jun 17, 2026 Aug 22, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has CSRF. |
1Pippinsplugins 1Featured Comments Nov 21, 2024 Aug 22, 2019 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 The feature-comments plugin before 1.2.5 for WordPress has CSRF for featuring or burying a comment. |
The gallery-by-supsystic plugin before 1.8.6 for WordPress has CSRF. |
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.837, CSRF in the forgot password function allows an attacker to change the password for the root account. |