CWE-352
9,349 CVEs • Abstraction: Compound • Likelihood of Exploit: Medium
Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
CVEs (9,349)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Mijnpress 1Simple Add Pages Or Posts Nov 21, 2024 Aug 14, 2019 N/A· v4 6.5 MEDIUM· v3 5.8 MEDIUM· v2 The simple-add-pages-or-posts plugin before 1.7 for WordPress has CSRF for deleting users. |
1Google Doc Embedder Project 1Google Doc Embedder Nov 21, 2024 Aug 14, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The google-document-embedder plugin before 2.6.2 for WordPress has CSRF. |
The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit category feature. |
The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit map feature. |
The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit location feature. |
1Simple Fields Project 1Simple Fields Nov 21, 2024 Aug 14, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The simple-fields plugin before 1.2 for WordPress has CSRF in the admin interface. |
1Tibco 22Loglogic Enterprise Virtual Appliance Loglogic Log Management IntelligenceLoglogic Lx1025 Firmware+19 moreJun 17, 2026 Aug 13, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The web server component of TIBCO Software Inc.'s TIBCO LogLogic Enterprise Virtual Appliance, and TIBCO LogLogic Log Management Intelligence contains multiple vulnerabilities that theoretically allow persistent and refl...Show more |
1Codepeople 1Contact Form Email Nov 21, 2024 Aug 13, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The contact-form-to-email plugin before 1.2.66 for WordPress has CSRF. |
1Wpdeveloper 1Twitter Cards Meta Nov 21, 2024 Aug 12, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The twitter-cards-meta plugin before 2.5.0 for WordPress has CSRF. |
The wp-database-backup plugin before 4.3.1 for WordPress has CSRF. |
The wp-database-backup plugin before 4.3.3 for WordPress has CSRF. |
Bagisto 0.1.5 allows CSRF under /admin URIs. |
123systems 1Lightbox Plus Colorbox Nov 21, 2024 Aug 9, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The Lightbox Plus Colorbox plugin through 2.7.2 for WordPress has cross-site request forgery (CSRF) via wp-admin/admin.php?page=lightboxplus, as demonstrated by resultant width XSS. |
1Elementalpath 1Cognitoys Dino Firmware Nov 21, 2024 Aug 8, 2019 N/A· v4 5.4 MEDIUM· v3 5.8 MEDIUM· v2 Cognitoys Dino devices allow profiles_add.html CSRF. |
1Edimax 27237rpd Firmware Ew 7438rpn Mini FirmwareNov 21, 2024 Aug 8, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Edimax Wi-Fi Extender devices allow goform/formwlencryptvxd CSRF with resultant PSK key disclosure. |
1Neetcables 1Airstream Nas Firmware Nov 21, 2024 Aug 8, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Neet AirStream NAS1.1 devices have a password of ifconfig for the root account. This cannot be changed via the configuration page. |
6kbbs 7.1 and 8.0 allows CSRF via portalchannel_ajax.php (id or code parameter) or admin.php (fileids parameter). |
1Codection 1Import Users From Csv With Meta Jun 17, 2026 Aug 8, 2019 N/A· v4 5.7 MEDIUM· v3 4.9 MEDIUM· v2 The codection "Import users from CSV with meta" plugin before 1.14.2.2 for WordPress allows wp-admin/admin-ajax.php?action=acui_delete_attachment CSRF. |
1Acf\ 1 Better Search Project Jun 17, 2026 Aug 8, 2019 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 The acf-better-search (aka ACF: Better Search) plugin before 3.3.1 for WordPress allows wp-admin/options-general.php?page=acfbs_admin_page CSRF. |
1Deny All Firewall Project 1Deny All Firewall Jun 17, 2026 Aug 8, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The Deny All Firewall plugin before 1.1.7 for WordPress allows wp-admin/options-general.php?page=daf_settings&daf_remove=true CSRF. |