CWE-352
9,349 CVEs • Abstraction: Compound • Likelihood of Exploit: Medium
Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
CVEs (9,349)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Codeermeneer 1Companion Auto Update Nov 21, 2024 Aug 16, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The companion-auto-update plugin before 3.2.1 for WordPress has CSRF. |
1Churchadminplugin 1Church Admin Nov 21, 2024 Aug 16, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The church-admin plugin before 1.2550 for WordPress has CSRF affecting the upload of a bible reading plan. |
1Neliosoftware 1Nelio Ab Testing Nov 21, 2024 Aug 16, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The nelio-ab-testing plugin before 4.6.4 for WordPress has CSRF in experiment forms. |
1Jayj Quicktag Project 1Jayj Quicktag Nov 21, 2024 Aug 16, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The jayj-quicktag plugin before 1.3.2 for WordPress has CSRF. |
1Invite Anyone Project 1Invite Anyone Nov 21, 2024 Aug 16, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The invite-anyone plugin before 1.3.16 for WordPress has admin-panel CSRF. |
1Erident Custom Login And Dashboard Project 1Erident Custom Login And Dashboard Nov 21, 2024 Aug 16, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The erident-custom-login-and-dashboard plugin before 3.5 for WordPress has CSRF. |
In OSIsoft PI Web API and prior, the affected product is vulnerable to a direct attack due to a cross-site request forgery protection setting that has not taken effect. |
In ClickHouse before 1.1.54388, "remote" table function allowed arbitrary symbols in "user", "password" and "default_database" fields which led to Cross Protocol Request Forgery Attacks. |
An issue was discovered in Dolibarr 11.0.0-alpha. A user can store an IFRAME element (containing a user/card.php CSRF request) in his Linked Files settings page. When visited by the admin, this could completely take over...Show more |
An issue was discovered on NETGEAR Nighthawk M1 (MR1100) devices before 12.06.03. The web-interface Cross-Site Request Forgery token is stored in a dynamically generated JavaScript file, and therefore can be embedded in...Show more |
1Wp Svg Icons Project 1Wp Svg Icons Jun 17, 2026 Aug 14, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in the svg-vector-icon-plugin (aka WP SVG Icons) plugin through 3.2.1 for WordPress. wp-admin/admin.php?page=wp-svg-icons-custom-set mishandles Custom Icon uploads. CSRF leads to upload of a ZIP a...Show more |
It was found that Keycloak's account console, up to 6.0.1, did not perform adequate header checks in some requests. An attacker could use this flaw to trick an authenticated user into performing operations via request fr...Show more |
1Smackcoders 1Ultimate Exporter Nov 21, 2024 Aug 14, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The wp-ultimate-exporter plugin before 1.4.2 for WordPress has CSRF. |
1Smackcoders 1Import All Pages, Post Types, Products, Orders, And Users As Xml & Csv Nov 21, 2024 Aug 14, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The wp-ultimate-csv-importer plugin before 5.6.1 for WordPress has CSRF. |
The responsive-menu plugin before 3.1.4 for WordPress has no CSRF protection mechanism for the admin interface. |
1Supsystic 1Newsletter By Supsystic Nov 21, 2024 Aug 14, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The newsletter-by-supsystic plugin before 1.1.8 for WordPress has CSRF. |
The custom-sidebars plugin before 3.0.8.1 for WordPress has CSRF. |
The custom-sidebars plugin before 3.1.0 for WordPress has CSRF related to set location, import actions, and export actions. |
The wp-editor plugin before 1.2.6 for WordPress has CSRF. |
1Simple Membership Plugin 1Simple Membership Nov 21, 2024 Aug 14, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The simple-membership plugin before 3.3.3 for WordPress has multiple CSRF issues. |