CWE-352: Cross-Site Request Forgery (CSRF)

CVE-2022-23888 is a Cross-Site Request Forgery (CSRF) vulnerability in YzmCMS v6.3 that allows attackers to trick authenticated users into performing ...

This CSRF vulnerability in Schneider Electric EVlink charging stations allows attackers to perform unauthorized actions by tricking authenticated user...

SPIP 4.0.0 has a CSRF vulnerability in multiple PHP files that allows authenticated attackers to execute malicious actions without user consent. Attac...

This Cross-Site Request Forgery (CSRF) vulnerability in Moodle allows attackers to trick authenticated users into unknowingly deleting badge alignment...

The Simple Download Monitor WordPress plugin before version 3.9.9 lacks proper nonce validation, enabling Cross-Site Request Forgery (CSRF) attacks. A...

This CSRF vulnerability in XootiX WordPress plugins allows attackers to trick authenticated administrators into unknowingly executing malicious action...

This CSRF vulnerability in Quiz And Survey Master WordPress plugin allows attackers to trick administrators into performing unintended actions by visi...

CVE-2022-0197 is a Cross-Site Request Forgery (CSRF) vulnerability in phoronix-test-suite that allows attackers to trick authenticated users into perf...

The Modal Window WordPress plugin before version 5.2.2 contains a Cross-Site Request Forgery (CSRF) vulnerability that allows authenticated attackers ...

This vulnerability in the WP Coder WordPress plugin allows attackers to include arbitrary files with PHP extensions or via data:// and http:// protoco...

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in MediaWiki's MassEditRegex extension. It allows attackers to trick authenticate...

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in Ultimaker 3D printer web APIs. Attackers can trick authenticated users into ex...

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in Trendnet AC2600 TEW-827DRU routers. Attackers can trick authenticated users in...

CVE-2021-4168 is a Cross-Site Request Forgery (CSRF) vulnerability in showdoc, a documentation tool. It allows attackers to trick authenticated users ...

CVE-2021-4131 is a Cross-Site Request Forgery (CSRF) vulnerability in Live Helper Chat that allows attackers to trick authenticated users into perform...

This CSRF vulnerability in IBM Cognos Analytics allows attackers to trick authenticated users into performing unauthorized actions on the My Inbox pag...

CVE-2021-44227 is a Cross-Site Request Forgery (CSRF) vulnerability in GNU Mailman that allows authenticated list members or moderators to obtain CSRF...

CVE-2021-4017 is a Cross-Site Request Forgery (CSRF) vulnerability in showdoc, a documentation tool. It allows attackers to trick authenticated users ...

This CSRF vulnerability in the Browser and Operating System Finder WordPress plugin allows attackers to trick administrators into performing unintende...

This vulnerability in the Stetic WordPress plugin allows attackers to perform Cross-Site Request Forgery (CSRF) attacks due to missing nonce validatio...

This CSRF vulnerability in Unlimited Sitemap Generator allows attackers to trick authenticated administrators into performing unintended actions by vi...

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in Moodle's badge deletion functionality. Attackers can trick authenticated users...

Team Password Manager versions before 10.135.236 have a Cross-Site Request Forgery (CSRF) vulnerability during import operations. This allows attacker...

This vulnerability allows attackers to perform Cross-Site Request Forgery (CSRF) attacks against WordPress sites using the Easy Registration Forms plu...

This CSRF vulnerability in WP Reset PRO plugin allows attackers to trick authenticated administrators into performing unintended actions, specifically...

This vulnerability in the Simple JWT Login WordPress plugin allows attackers to change plugin settings without proper authentication checks. Attackers...

Calibre-web versions 0.6.0 to 0.6.13 contain a CSRF vulnerability that allows attackers to create admin accounts with attacker-controlled credentials....

CVE-2021-41426 is a Cross-Site Request Forgery (CSRF) vulnerability in Beeline Smart Box 2.0.38 routers that allows attackers to trick authenticated u...

This CSRF vulnerability in the BP Better Messages WordPress plugin allows attackers to trick logged-in users into performing unwanted actions in chat ...

CVE-2021-3901 is a Cross-Site Request Forgery (CSRF) vulnerability in Firefly III personal finance software that allows attackers to trick authenticat...

This CVE describes a cross-site request forgery (CSRF) vulnerability in the Arris Surfboard SB8200 cable modem administration interface. Attackers can...

CVE-2021-3858 is a Cross-Site Request Forgery (CSRF) vulnerability in Snipe-IT that allows attackers to trick authenticated users into performing unin...

This CSRF vulnerability in KindEditor 4.1.x allows attackers to trick authenticated users into performing unintended file uploads via malicious reques...

This CSRF vulnerability in Cybozu Remote Service management screens allows attackers to trick authenticated administrators into performing unintended ...

This CSRF vulnerability in the Software License Manager WordPress plugin allows attackers to trick authenticated administrators into performing unauth...

A CSRF vulnerability in webTareas version 2.4 and earlier allows attackers to trick authenticated administrators into unknowingly creating new adminis...

IBM Sterling File Gateway versions 2.2.0.0 through 6.1.1.0 contain a cross-site request forgery (CSRF) vulnerability that allows attackers to trick au...

This CSRF vulnerability in IBM Sterling B2B Integrator allows attackers to trick authenticated users into performing unauthorized actions by sending m...

This CSRF vulnerability in the Countdown and CountUp WordPress plugin allows attackers to trick authenticated administrators into executing malicious ...

This CSRF vulnerability in Concrete CMS allows attackers to trick authenticated users into unknowingly adding malicious calendar events. Attackers can...

CVE-2021-3819 is a Cross-Site Request Forgery (CSRF) vulnerability in firefly-iii personal finance software. It allows attackers to trick authenticate...

This CSRF vulnerability in YzmCMS v5.5 allows attackers to trick authenticated users into performing unintended actions by submitting malicious reques...

This CSRF vulnerability in TinyFileManager allows attackers to trick authenticated administrators into executing malicious requests, leading to arbitr...

This CSRF vulnerability in MetInfo 7.0.0 allows attackers to trick authenticated administrators into performing unauthorized actions by visiting a mal...

The Fileviewer WordPress plugin through version 2.2 lacks CSRF protection for file upload and delete operations. This allows attackers to trick logged...

This CSRF vulnerability in MipCMS v5.0.1 allows attackers to trick authenticated users into performing unauthorized privilege escalation actions. By c...

CVE-2021-38705 is a Cross-Site Request Forgery vulnerability in ClinicCases 7.3.3 that allows attackers to trick authenticated users into performing u...

This CSRF vulnerability in iWebShop v5.3 allows attackers to trick authenticated administrators into executing arbitrary code via a malicious POST req...

This vulnerability in Jenkins Azure AD Plugin allows attackers to bypass Cross-Site Request Forgery (CSRF) protection by crafting malicious URLs. Atta...

This vulnerability allows attackers to perform Cross-Site Request Forgery (CSRF) attacks against Zoho ManageEngine Log360 proxy settings. Attackers ca...