CWE-352: Cross-Site Request Forgery (CSRF)

A Cross-Site Request Forgery (CSRF) vulnerability in the Harsh iSpring Embedder WordPress plugin allows attackers to trick authenticated administrator...

A Cross-Site Request Forgery (CSRF) vulnerability in the Danny Vink User Profile Meta Manager WordPress plugin allows attackers to trick authenticated...

This vulnerability in the Order Delivery Date WordPress plugin allows unauthenticated attackers to modify critical WordPress settings, including regis...

A Cross-Site Request Forgery (CSRF) vulnerability in the Adam Nowak Buddypress Humanity WordPress plugin allows attackers to trick authenticated users...

A Cross-Site Request Forgery vulnerability in the WP Options Editor WordPress plugin allows attackers to trick authenticated administrators into perfo...

This CSRF vulnerability in Pearlbells WordPress plugins allows attackers to trick authenticated users into performing unintended actions, potentially ...

This vulnerability allows unauthenticated attackers to merge lexemes in WikibaseLexeme without proper authorization. It affects MediaWiki installation...

This SSRF vulnerability in PDFMyURL allows attackers to make the service send requests to internal systems, potentially accessing sensitive data or ex...

DedeCMS v5.7 contains a CSRF vulnerability in the makehtml_homepage.php component that allows attackers to trick authenticated administrators into exe...

This CVE describes a critical Cross-Site Request Forgery vulnerability in Free5GC where attackers can bypass authentication by manipulating tokens or ...

The HTML2WP WordPress plugin through version 1.0.0 allows unauthenticated attackers to upload arbitrary files (including PHP files) to the server due ...

This vulnerability in the Product Table for WooCommerce WordPress plugin allows unauthenticated attackers to execute arbitrary PHP functions on affect...

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in certain NETGEAR WiFi extenders. Attackers can trick authenticated users into p...

CVE-2020-23426 is a privilege escalation vulnerability in zzcms 201910 that allows attackers to gain unauthorized administrative access through the /u...

This vulnerability in the XCloner Backup and Restore WordPress plugin allows Cross-Site Request Forgery (CSRF) attacks via almost any endpoint. Attack...

A Cross-Site Request Forgery (CSRF) vulnerability in the ConoHa by GMO WING WordPress Migrator plugin allows attackers to trick authenticated administ...

A Cross-Site Request Forgery (CSRF) vulnerability in Personal Project Panilux allows attackers to trick authenticated users into executing unintended ...

A Cross-Site Request Forgery (CSRF) vulnerability in Synology's WebAPI Framework allows remote attackers to trick authenticated users into executing a...

A Cross-Site Request Forgery (CSRF) vulnerability in the AR For WordPress plugin allows attackers to trick authenticated administrators into unknowing...

A Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Custom Post Type Images plugin allows attackers to trick authenticated administrato...

A Cross-Site Request Forgery (CSRF) vulnerability in the Frenify Mow WordPress theme allows attackers to trick authenticated administrators into perfo...

A Cross-Site Request Forgery (CSRF) vulnerability in the WordPress ads.txt Guru Connect plugin allows attackers to trick authenticated administrators ...

A Cross-Site Request Forgery (CSRF) vulnerability in the Shahjahan Jewel FluentSnippets WordPress plugin allows attackers to trick authenticated admin...

Sunshine's web UI lacks CSRF protection, allowing attackers to trick authenticated users into executing arbitrary OS commands with Administrator privi...

A Cross-Site Request Forgery (CSRF) vulnerability in the WP Optimizer WordPress plugin allows attackers to trick authenticated administrators into per...

A Cross-Site Request Forgery (CSRF) vulnerability in the WPFactory Custom CSS, JS & PHP WordPress plugin allows attackers to trick authenticated admin...

A Cross-Site Request Forgery vulnerability in WPJobBoard WordPress plugin allows attackers to trick authenticated administrators into executing malici...

A Cross-Site Request Forgery vulnerability in Anant Addons for Elementor WordPress plugin allows attackers to trick authenticated administrators into ...

A Cross-Site Request Forgery (CSRF) vulnerability in the WP shop WordPress plugin allows attackers to trick authenticated administrators into uploadin...

A Cross-Site Request Forgery (CSRF) vulnerability in the Ultra Demo Importer WordPress plugin allows attackers to trick authenticated administrators i...

A Cross-Site Request Forgery (CSRF) vulnerability in the WP e-Commerce Style Email WordPress plugin allows attackers to inject malicious code when adm...

Aim version 3.22.0 has overly permissive CORS settings that allow cross-origin requests from any domain, enabling CSRF attacks on all tracking server ...

A Cross-Site Request Forgery (CSRF) vulnerability in 07FLYCMS v1.3.9 allows remote attackers to trick authenticated users into executing unauthorized ...

A Cross-Site Request Forgery (CSRF) vulnerability in the FancyWP Starter Templates WordPress plugin allows attackers to trick authenticated administra...

A Cross-Site Request Forgery (CSRF) vulnerability in the MetricThemes Munk Sites WordPress plugin allows attackers to trick authenticated administrato...

A Cross-Site Request Forgery (CSRF) vulnerability in the Sourov Amin Insertify WordPress plugin allows attackers to trick authenticated administrators...

This CSRF vulnerability in Hacklog DownloadManager WordPress plugin allows attackers to trick authenticated administrators into uploading malicious we...

This CSRF vulnerability in Liferay's Script Console allows attackers to execute arbitrary Groovy code on affected servers by tricking authenticated ad...

This CSRF vulnerability in the Favicon Generator WordPress plugin allows unauthenticated attackers to delete arbitrary files on the server by tricking...

Spina CMS v2.18.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the /admin/layout endpoint that allows attackers to trick authenticate...

ALCASAR versions before 3.6.1 contain a Cross-Site Request Forgery (CSRF) vulnerability in activity.php that allows remote code execution. Attackers c...

This CSRF vulnerability in the Xserver Migrator WordPress plugin allows attackers to trick authenticated administrators into uploading arbitrary files...

This CSRF vulnerability in the DX-Watermark WordPress plugin allows attackers to trick authenticated administrators into performing unintended actions...

This vulnerability allows remote code execution in XWiki Platform when the realtime editor is installed. An attacker can craft a malicious URL or imag...

Multiple CSRF vulnerabilities in Cisco Expressway Series and TelePresence VCS allow unauthenticated remote attackers to trick authenticated users into...

This CSRF vulnerability in pyLoad allows unauthenticated attackers to make arbitrary API calls via malicious GET requests. It affects all pyLoad insta...

This vulnerability in the ARMember WordPress plugin allows attackers to perform Cross-Site Request Forgery (CSRF) attacks that lead to PHP object inje...

This vulnerability in the WordPress Job Manager & Career plugin allows attackers to perform Cross-Site Request Forgery (CSRF) attacks that lead to PHP...

This is a critical CSRF vulnerability in XWiki Admin Tools that allows attackers to execute arbitrary shell commands on the server by tricking adminis...

This CSRF vulnerability in the Thumbnail Slider With Lightbox WordPress plugin allows attackers to upload arbitrary files by tricking administrators i...