Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,308)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-43192 1Ibm 2Diamondback Tape Library Firmware Storage Ts4500 Library Firmware Dec 11, 2025 Sep 27, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 IBM Storage TS4500 Library 1.11.0.0 and 2.11.0.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
CVE-2025-59845 - - Sep 29, 2025 Sep 26, 2025 N/A· v4 8.2 HIGH· v3 N/A· v2 Apollo Studio Embeddable Explorer & Embeddable Sandbox are website embeddable software solutions from Apollo GraphQL. Prior to Apollo Sandbox version 2.7.2 and Apollo Explorer version 3.7.3, a cross-site request forgery...Show more Apollo Studio Embeddable Explorer & Embeddable Sandbox are website embeddable software solutions from Apollo GraphQL. Prior to Apollo Sandbox version 2.7.2 and Apollo Explorer version 3.7.3, a cross-site request forgery (CSRF) vulnerability was identified. The vulnerability arises from missing origin validation in the client-side code that handles window.postMessage events. A malicious website can send forged messages to the embedding page, causing the victim’s browser to execute arbitrary GraphQL queries or mutations against their GraphQL server while authenticated with the victim’s cookies. This issue has been patched in Apollo Sandbox version 2.7.2 and Apollo Explorer version 3.7.3.Show less
CVE-2025-11029 1Vvveb 1Vvveb Apr 29, 2026 Sep 26, 2025 2.1 LOW· v4 8.8 HIGH· v3 5.0 MEDIUM· v2 A weakness has been identified in givanz Vvveb up to 1.0.7.2. This vulnerability affects unknown code. Executing manipulation can lead to cross-site request forgery. The attack can be executed remotely. The exploit has b...Show more A weakness has been identified in givanz Vvveb up to 1.0.7.2. This vulnerability affects unknown code. Executing manipulation can lead to cross-site request forgery. The attack can be executed remotely. The exploit has been made available to the public and could be exploited. Once again the project maintainer reacted very professional: "I accept the existence of these vulnerabilities. (...) I fixed the code to remove these vulnerabilities and will push the code to github and make a new release."Show less
CVE-2025-60173 - - Apr 23, 2026 Sep 26, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Ashwani kumar GST for WooCommerce gst-for-woocommerce allows Stored XSS.This issue affects GST for WooCommerce: from n/a through <= 2.0.
CVE-2025-60172 - - Apr 23, 2026 Sep 26, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in flytedesk Flytedesk Digital flytedesk-digital allows Stored XSS.This issue affects Flytedesk Digital: from n/a through <= 20181101.
CVE-2025-60171 - - Apr 28, 2026 Sep 26, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in yourplugins Conditional Cart Messages for WooCommerce – YourPlugins.com yourplugins-wc-conditional-cart-notices allows Stored XSS.This issue affects Conditional Cart Mes...Show more Cross-Site Request Forgery (CSRF) vulnerability in yourplugins Conditional Cart Messages for WooCommerce – YourPlugins.com yourplugins-wc-conditional-cart-notices allows Stored XSS.This issue affects Conditional Cart Messages for WooCommerce – YourPlugins.com: from n/a through <= 1.2.10.Show less
CVE-2025-60170 - - Apr 23, 2026 Sep 26, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Taraprasad Swain HTACCESS IP Blocker htaccess-ip-blocker allows Stored XSS.This issue affects HTACCESS IP Blocker: from n/a through <= 1.0.
CVE-2025-60169 - - Apr 23, 2026 Sep 26, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in W3S Cloud Technology W3SCloud Contact Form 7 to Zoho CRM w3s-cf7-zoho allows Stored XSS.This issue affects W3SCloud Contact Form 7 to Zoho CRM: from n/a through <= 3.2.
CVE-2025-60164 - - Apr 23, 2026 Sep 26, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in NewsMAN NewsmanApp newsmanapp allows Stored XSS.This issue affects NewsmanApp: from n/a through <= 2.7.7.
CVE-2025-60156 - - Apr 28, 2026 Sep 26, 2025 N/A· v4 9.6 CRITICAL· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in webandprint AR For WordPress ar-for-wordpress allows Upload a Web Shell to a Web Server.This issue affects AR For WordPress: from n/a through <= 8.34.
CVE-2025-60145 - - Apr 23, 2026 Sep 26, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in yonifre Lenix scss compiler lenix-scss-compiler allows Cross Site Request Forgery.This issue affects Lenix scss compiler: from n/a through <= 1.2.
CVE-2025-60139 - - Apr 23, 2026 Sep 26, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Joovii Sendle Shipping official-sendle-shipping-method allows Cross Site Request Forgery.This issue affects Sendle Shipping: from n/a through <= 6.02.
CVE-2025-60137 - - Apr 23, 2026 Sep 26, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Galaxy Weblinks Post Featured Video post-featured-video allows Cross Site Request Forgery.This issue affects Post Featured Video: from n/a through <= 1.7.
CVE-2025-60117 - - Apr 23, 2026 Sep 26, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in TangibleWP Vehica Core vehica-core allows Cross Site Request Forgery.This issue affects Vehica Core: from n/a through <= 1.0.100.
CVE-2025-60115 - - Apr 23, 2026 Sep 26, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in instapagedev Instapage Plugin instapage allows Cross Site Request Forgery.This issue affects Instapage Plugin: from n/a through <= 3.7.0.
CVE-2025-60113 - - Apr 23, 2026 Sep 26, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in grooni Groovy Menu groovy-menu-free allows Cross Site Request Forgery.This issue affects Groovy Menu: from n/a through <= 1.4.3.
CVE-2025-60111 - - Apr 23, 2026 Sep 26, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in javothemes Javo Core javo-core allows Authentication Bypass.This issue affects Javo Core: from n/a through <= 3.0.0.266.
CVE-2025-60093 - - Apr 23, 2026 Sep 26, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Shahjada Download Manager download-manager allows Cross Site Request Forgery.This issue affects Download Manager: from n/a through <= 3.3.24.
CVE-2025-58914 - - Apr 23, 2026 Sep 26, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Di Themes Di Themes Demo Site Importer di-themes-demo-site-importer allows Cross Site Request Forgery.This issue affects Di Themes Demo Site Importer: from n/a through <...Show more Cross-Site Request Forgery (CSRF) vulnerability in Di Themes Di Themes Demo Site Importer di-themes-demo-site-importer allows Cross Site Request Forgery.This issue affects Di Themes Demo Site Importer: from n/a through <= 1.2.Show less
CVE-2025-10377 - - Sep 26, 2025 Sep 26, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The System Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.20. This is due to missing nonce validation on the sd_toggle_logs() function. This makes it...Show more The System Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.20. This is due to missing nonce validation on the sd_toggle_logs() function. This makes it possible for unauthenticated attackers to toggle critical logging settings including Page Access Logs, Error Logs, and Email Delivery Logs via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less

Previous 1...474849...466 Next