CWE-352: Cross-Site Request Forgery (CSRF)

This CSRF vulnerability in the WPMK Ajax Finder WordPress plugin allows attackers to inject malicious scripts into WordPress admin settings pages. Att...

This CSRF vulnerability in the Mobile browser color select WordPress plugin allows attackers to inject malicious scripts by tricking administrators in...

The Copify WordPress plugin up to version 1.3.0 has a CSRF vulnerability that allows attackers to trick administrators into changing plugin settings a...

This vulnerability in the Genki Pre-Publish Reminder WordPress plugin allows attackers to trick logged-in administrators into changing plugin settings...

The Hot Linked Image Cacher WordPress plugin through version 1.16 is vulnerable to Cross-Site Request Forgery (CSRF). This allows attackers to trick a...

This CSRF vulnerability in IBM Spectrum Copy Data Management allows attackers to trick authenticated users into performing unauthorized actions on the...

Delta Controls enteliTOUCH building automation controllers have a cross-site request forgery (CSRF) vulnerability that allows attackers to execute arb...

This CSRF vulnerability in MCMS 5.2.7 allows attackers to create unauthorized administrator accounts by tricking authenticated users into visiting mal...

CVE-2022-30014 is a Cross-Site Request Forgery (CSRF) vulnerability in Lumidek Associates Simple Food Website 1.0 that allows attackers to perform una...

This CSRF vulnerability in Online Banquet Booking System v1.0 allows attackers to trick authenticated administrators into unknowingly changing their o...

This CSRF vulnerability in TIBCO BusinessConnect Trading Community Management allows unauthenticated attackers to trick authenticated users into perfo...

This vulnerability allows attackers to execute arbitrary code on WordPress sites running the Code Snippets Extended plugin version 1.4.7 or earlier. A...

A CSRF vulnerability in Jenkins Autocomplete Parameter Plugin allows attackers to trick authenticated administrators into executing arbitrary code wit...

This CSRF vulnerability in Jenkins SSH Plugin allows attackers to trick authenticated users into unknowingly connecting to attacker-controlled SSH ser...

This vulnerability allows attackers to trick logged-in WordPress administrators into uploading malicious files via Cross-Site Request Forgery (CSRF). ...

This CSRF vulnerability in Mahara allows attackers to trick authenticated users into performing unintended actions by exploiting easily guessable rand...

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in IBM Cognos Analytics versions 11.1.7 and 11.2.0. An attacker could trick authe...

This CSRF vulnerability in the MicroPayments WordPress plugin allows unauthenticated attackers to trick administrators into performing unintended acti...

This vulnerability allows remote attackers to execute arbitrary code on Selenium Grid/Standalone Server instances via DNS rebinding attacks. Attackers...

This CSRF vulnerability in Jenkins Publish Over FTP Plugin allows attackers to trick authenticated users into connecting to attacker-controlled FTP se...

This is a Cross-Site Request Forgery (CSRF) vulnerability in Siemens SCALANCE industrial network switches. Attackers can trick authenticated users int...

This CSRF vulnerability in Webmin 1.973 allows attackers to trick authenticated administrators into performing unauthorized file uploads or downloads ...

This CSRF vulnerability in Webmin's File Manager allows attackers to trick authenticated administrators into performing unauthorized file operations. ...

This CSRF vulnerability in qdPM 9.2 allows attackers to trick authenticated users into performing unintended actions via the myAccount/update endpoint...

This CSRF vulnerability in Firmware Analysis and Comparison Tool v3.2 allows attackers to perform unauthorized actions as logged-in administrators by ...

This CSRF vulnerability in Pluck CMS v4.7.15 allows attackers to trick authenticated users into unknowingly changing their passwords via malicious req...

This CSRF vulnerability in Jenkins Job and Node ownership Plugin allows attackers to change job owners and permissions without authentication. It affe...

This CSRF vulnerability in Jenkins JiraTestResultReporter Plugin allows attackers to trick authenticated users into connecting Jenkins to attacker-con...

This vulnerability in the Sermon Browser WordPress plugin allows attackers to trick logged-in administrators into uploading malicious files like PHP s...

This vulnerability in the Translate WordPress with GTranslate plugin allows attackers to steal admin session cookies via CSRF attacks. Attackers can t...

TypesetterCMS v5.1 contains a Cross-Site Request Forgery (CSRF) vulnerability that allows attackers to trick authenticated users into performing unint...

This CSRF vulnerability in xiaohuanxiong CMS allows attackers to create unauthorized administrator accounts by tricking legitimate administrators into...

This CSRF vulnerability in Chamilo LMS allows attackers to trick authenticated users into executing arbitrary commands on the server by clicking a mal...

BigAnt Server v5.6.06 contains a Cross-Site Request Forgery (CSRF) vulnerability that allows attackers to trick authenticated users into performing un...

A cross-site request forgery (CSRF) vulnerability in Jenkins Extended Choice Parameter Plugin allows attackers to trick authenticated users into makin...

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in IBM Spectrum Protect Operations Center versions 8.1.0.000 through 8.1.13.xxx. ...

PONTON X/P Messenger versions before 3.11.2 have globally valid anti-CSRF tokens, allowing attackers to use low-privileged user tokens to perform acti...

This CSRF vulnerability in Subrion CMS allows remote attackers to create arbitrary administrator accounts without authentication by tricking authentic...

The Core Tweaks WP Setup WordPress plugin through version 4.1 contains a Cross-Site Request Forgery (CSRF) vulnerability that allows attackers to chan...

This vulnerability in JetBrains TeamCity allows attackers to inject malicious URLs that can lead to Cross-Site Request Forgery (CSRF) attacks. It affe...

This CSRF vulnerability in FileCloud's CSV user import functionality allows attackers to trick authenticated administrators into unknowingly creating ...

This CSRF vulnerability in Jenkins dbCharts Plugin allows attackers to trick authenticated users into making unauthorized database connections via JDB...

This CSRF vulnerability in Jenkins Chef Sinatra Plugin allows attackers to trick authenticated Jenkins users into making unauthorized HTTP requests to...

The Jenkins Snow Commander Plugin contains a CSRF vulnerability that allows attackers to trick authenticated users into unknowingly connecting Jenkins...

This CSRF vulnerability in Jenkins autonomiq Plugin allows attackers to trick authenticated users into unknowingly connecting Jenkins to attacker-cont...

This CSRF vulnerability in Jenkins SCP publisher Plugin allows attackers to trick authenticated users into unknowingly connecting Jenkins to attacker-...

This CSRF vulnerability in Jenkins Checkmarx Plugin allows attackers to trick authenticated users into connecting to malicious servers using stolen cr...

This vulnerability in the SupportCandy WordPress plugin allows attackers to perform Cross-Site Request Forgery (CSRF) attacks that can set malicious f...

This CSRF vulnerability in Schneider Electric Modicon PLCs allows attackers to trick authenticated users into performing unauthorized actions or leaki...

IBM Financial Transaction Manager 3.2.4 contains a cross-site request forgery (CSRF) vulnerability that allows attackers to trick authenticated users ...