Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,349)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-12624 1Cisco 1Ios Xe Jun 17, 2026 Aug 21, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A vulnerability in the web-based management interface of Cisco IOS XE New Generation Wireless Controller (NGWC) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and pe...Show more A vulnerability in the web-based management interface of Cisco IOS XE New Generation Wireless Controller (NGWC) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected device by using a web browser and with the privileges of the user.Show less
CVE-2017-18521 1Wp Kama 1Democracy Poll Nov 21, 2024 Aug 21, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The democracy-poll plugin before 5.4 for WordPress has CSRF via wp-admin/options-general.php?page=democracy-poll&subpage=l10n.
CVE-2016-10903 1Godaddy 1Godaddy Email Marketing Nov 21, 2024 Aug 21, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The GoDaddy godaddy-email-marketing-sign-up-forms plugin before 1.1.3 for WordPress has CSRF.
CVE-2016-10902 1Gowebsolutions 1Wp Customer Reviews Nov 21, 2024 Aug 21, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The wp-customer-reviews plugin before 3.0.9 for WordPress has CSRF in the admin tools.
CVE-2019-4167 1Ibm 1Storediq Jun 17, 2026 Aug 20, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 IBM StoredIQ 7.6.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158700.
CVE-2019-4117 1Ibm 1Cloud Private Jun 17, 2026 Aug 20, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 IBM Cloud Private 3.1.1 and 3.1.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 1...Show more IBM Cloud Private 3.1.1 and 3.1.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158116.Show less
CVE-2017-18523 1Eelv Newsletter Project 1Eelv Newsletter Nov 21, 2024 Aug 20, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The eelv-newsletter plugin before 4.6.1 for WordPress has CSRF in the address book.
CVE-2019-15238 1Cformsii Project 1Cformsii Jun 17, 2026 Aug 20, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The cforms2 plugin before 15.0.2 for WordPress has CSRF related to the IP address field.
CVE-2017-18569 1Mythemeshop 1My Wp Translate Nov 21, 2024 Aug 20, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The my-wp-translate plugin before 1.0.4 for WordPress has CSRF.
CVE-2016-10915 1Supsystic 1Popup Nov 21, 2024 Aug 20, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The popup-by-supsystic plugin before 1.7.9 for WordPress has CSRF.
CVE-2016-10914 1Add From Server Project 1Add From Server Nov 21, 2024 Aug 20, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The add-from-server plugin before 3.3.2 for WordPress has CSRF for importing a large file.
CVE-2015-9332 1Wordpress Uninstall Project 1Wordpress Uninstall Nov 21, 2024 Aug 20, 2019 N/A· v4 6.5 MEDIUM· v3 5.8 MEDIUM· v2 The uninstall plugin before 1.2 for WordPress has CSRF to delete all tables via the wp-admin/admin-ajax.php?action=uninstall URI.
CVE-2014-10381 1User Domain Whitelist Project 1User Domain Whitelist Nov 21, 2024 Aug 20, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The user-domain-whitelist plugin before 1.5 for WordPress has CSRF.
CVE-2011-5328 1User Access Manager Project 1User Access Manager Nov 21, 2024 Aug 20, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The user-access-manager plugin before 1.2 for WordPress has CSRF.
CVE-2019-15229 1Thedaylightstudio 1Fuel Cms Jun 17, 2026 Aug 20, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 FUEL CMS 1.4.4 has CSRF in the blocks/create/ Create Blocks section of the Admin console. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page.
CVE-2019-15150 1Schine.games 1Mw Oauth2client Jun 17, 2026 Aug 19, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 In the OAuth2 Client extension before 0.4 for MediaWiki, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callback function.
CVE-2019-15115 1Profilepress 1Loginwp Jun 17, 2026 Aug 16, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The peters-login-redirect plugin before 2.9.2 for WordPress has CSRF.
CVE-2019-15114 1Ncrafts 1Formcraft Jun 17, 2026 Aug 16, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The formcraft-form-builder plugin before 1.2.2 for WordPress has CSRF.
CVE-2019-15113 1Codeermeneer 1Companion Sitemap Generator Jun 17, 2026 Aug 16, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The companion-sitemap-generator plugin before 3.7.0 for WordPress has CSRF.
CVE-2018-20974 1Joomsky 1Js Job Manager Nov 21, 2024 Aug 16, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The js-jobs plugin before 1.0.7 for WordPress has CSRF.

Previous 1...352353354...468 Next