Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,308)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-10752 - - Sep 26, 2025 Sep 26, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The OAuth Single Sign On – SSO (OAuth Client) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.26.12. This is due to using a predictable state parameter (base64 enc...Show more The OAuth Single Sign On – SSO (OAuth Client) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.26.12. This is due to using a predictable state parameter (base64 encoded app name) without any randomness in the OAuth flow. This makes it possible for unauthenticated attackers to forge OAuth authorization requests and potentially hijack the OAuth flow via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2025-56311 - - Oct 28, 2025 Sep 23, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 In Shenzhen C-Data Technology Co. FD602GW-DX-R410 (firmware v2.2.14), the web management interface contains an authenticated CSRF vulnerability on the reboot endpoint (/boaform/admin/formReboot). An attacker can craft a...Show more In Shenzhen C-Data Technology Co. FD602GW-DX-R410 (firmware v2.2.14), the web management interface contains an authenticated CSRF vulnerability on the reboot endpoint (/boaform/admin/formReboot). An attacker can craft a malicious webpage that, when visited by an authenticated administrator, causes the router to reboot without explicit user consent. This lack of CSRF protection on a sensitive administrative function can lead to denial of service by disrupting network availability.Show less
CVE-2025-59572 - - Apr 23, 2026 Sep 22, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in purethemes WorkScout-Core workscout-core allows Cross Site Request Forgery.This issue affects WorkScout-Core: from n/a through < 1.7.06.
CVE-2025-59568 - - Apr 23, 2026 Sep 22, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Zoho Flow Zoho Flow zoho-flow allows Cross Site Request Forgery.This issue affects Zoho Flow: from n/a through <= 2.14.1.
CVE-2025-58956 - - Apr 23, 2026 Sep 22, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in loopus WP Attractive Donations System wp-attractive-donations-system-easy-stripe-paypal-donations allows Stored XSS.This issue affects WP Attractive Donations System: fr...Show more Cross-Site Request Forgery (CSRF) vulnerability in loopus WP Attractive Donations System wp-attractive-donations-system-easy-stripe-paypal-donations allows Stored XSS.This issue affects WP Attractive Donations System: from n/a through < 1.29.Show less
CVE-2025-58690 - - Apr 23, 2026 Sep 22, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in ptibogxiv Doliconnect doliconnect allows Stored XSS.This issue affects Doliconnect: from n/a through <= 9.5.7.
CVE-2025-58688 - - Apr 23, 2026 Sep 22, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Casengo Casengo Live Chat Support the-casengo-chat-widget allows Stored XSS.This issue affects Casengo Live Chat Support: from n/a through <= 2.1.4.
CVE-2025-58687 - - Apr 23, 2026 Sep 22, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in WP CMS Ninja Current Age Plugin current-age allows Stored XSS.This issue affects Current Age Plugin: from n/a through <= 1.6.
CVE-2025-58677 - - Apr 23, 2026 Sep 22, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in puravida1976 ShrinkTheWeb (STW) Website Previews shrinktheweb-website-preview-plugin allows Stored XSS.This issue affects ShrinkTheWeb (STW) Website Previews: from n/a t...Show more Cross-Site Request Forgery (CSRF) vulnerability in puravida1976 ShrinkTheWeb (STW) Website Previews shrinktheweb-website-preview-plugin allows Stored XSS.This issue affects ShrinkTheWeb (STW) Website Previews: from n/a through <= 2.8.5.Show less
CVE-2025-58676 - - Apr 23, 2026 Sep 22, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in extendyourweb HORIZONTAL SLIDER horizontal-slider allows Stored XSS.This issue affects HORIZONTAL SLIDER: from n/a through <= 2.4.
CVE-2025-58675 - - Apr 23, 2026 Sep 22, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in tryinteract Interact: Embed A Quiz On Your Site interact-quiz-embed allows Cross Site Request Forgery.This issue affects Interact: Embed A Quiz On Your Site: from n/a th...Show more Cross-Site Request Forgery (CSRF) vulnerability in tryinteract Interact: Embed A Quiz On Your Site interact-quiz-embed allows Cross Site Request Forgery.This issue affects Interact: Embed A Quiz On Your Site: from n/a through <= 3.1.Show less
CVE-2025-58670 - - Apr 23, 2026 Sep 22, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Shankaranand Maurya WP Content Protection wp-content-protection allows Stored XSS.This issue affects WP Content Protection: from n/a through <= 1.3.
CVE-2025-58657 - - Apr 23, 2026 Sep 22, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in EdwardBock Grid grid allows Stored XSS.This issue affects Grid: from n/a through <= 2.3.1.
CVE-2025-58270 - - Apr 23, 2026 Sep 22, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in NIX Solutions Ltd NIX Anti-Spam Light nix-anti-spam-light allows Cross Site Request Forgery.This issue affects NIX Anti-Spam Light: from n/a through <= 0.0.4.
CVE-2025-58268 - - Apr 23, 2026 Sep 22, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in WPMK WPMK PDF Generator wpmk-pdf-generator allows Stored XSS.This issue affects WPMK PDF Generator: from n/a through <= 1.0.1.
CVE-2025-58267 - - Apr 23, 2026 Sep 22, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Aftabul Islam Stock Message stock-message allows Stored XSS.This issue affects Stock Message: from n/a through <= 1.1.0.
CVE-2025-58262 - - Apr 23, 2026 Sep 22, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in WPDirectoryKit Sweet Energy Efficiency sweet-energy-efficiency allows Stored XSS.This issue affects Sweet Energy Efficiency: from n/a through <= 1.0.8.
CVE-2025-58261 - - Apr 23, 2026 Sep 22, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in PressPage Entertainment Inc Mavis HTTPS to HTTP Redirection mavis-https-to-http-redirect allows Stored XSS.This issue affects Mavis HTTPS to HTTP Redirection: from n/a t...Show more Cross-Site Request Forgery (CSRF) vulnerability in PressPage Entertainment Inc Mavis HTTPS to HTTP Redirection mavis-https-to-http-redirect allows Stored XSS.This issue affects Mavis HTTPS to HTTP Redirection: from n/a through <= 1.4.3.Show less
CVE-2025-58259 - - Apr 23, 2026 Sep 22, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in scriptsbundle Nokri nokri allows Cross Site Request Forgery.This issue affects Nokri: from n/a through <= 1.6.4.
CVE-2025-58255 - - Apr 23, 2026 Sep 22, 2025 N/A· v4 9.6 CRITICAL· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in yonisink Custom Post Type Images custom-post-types-image allows Code Injection.This issue affects Custom Post Type Images: from n/a through <= 0.5.

Previous 1...484950...466 Next