CWE-352: Cross-Site Request Forgery (CSRF)

This vulnerability in eDoc Intelligence LLC's eDoc Easy Tables WordPress plugin allows attackers to perform Cross-Site Request Forgery (CSRF) attacks ...

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Post Ideas plugin that can lead to SQL injection. Attackers can ...

This vulnerability in the Back Link Tracker WordPress plugin allows attackers to perform Cross-Site Request Forgery (CSRF) attacks that lead to Blind ...

A Cross-Site Request Forgery (CSRF) vulnerability in the SafetyForms WordPress plugin allows attackers to trick authenticated administrators into perf...

A Cross-Site Request Forgery (CSRF) vulnerability in the Apa Banner Slider WordPress plugin allows attackers to trick authenticated administrators int...

This CVE describes a Cross-Origin Resource Sharing (CORS) misconfiguration vulnerability in Owncast versions 0.1.2 and prior. Attackers can exploit th...

An unauthenticated CSRF vulnerability in Cisco Expressway Series and TelePresence VCS SOAP API allows attackers to trick authenticated users into exec...

CVE-2021-41260 is a Cross-Site Request Forgery (CSRF) vulnerability in Galette, a membership management web application for non-profit organizations. ...

FastAPI versions below 0.65.2 are vulnerable to CSRF attacks when using cookie-based authentication with JSON payloads. The vulnerability allows attac...

This CSRF vulnerability in Chamilo LMS allows attackers to trick authenticated trainers into deleting projects within courses without their consent. T...

PolarLearn's OAuth 2.0 implementation for GitHub and Google login is vulnerable to Login CSRF due to missing state parameter validation. This allows a...

This CSRF vulnerability in Drupal Acquia Content Hub allows attackers to trick authenticated administrators into performing unintended actions by craf...

A Cross-Site Request Forgery (CSRF) vulnerability in the Drupal Login Time Restriction module allows attackers to trick authenticated users into perfo...

This CVE describes a cross-site request forgery (CSRF) vulnerability in Medical Informatics Engineering Enterprise Health software. Unauthenticated at...

This CSRF vulnerability in the WordPress Restrict File Access plugin allows unauthenticated attackers to delete arbitrary files on the server by trick...

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in GitLab's GraphQL API that allows attackers to trick authenticated users into e...

This vulnerability in the Offload Videos WordPress plugin allows attackers to change plugin settings without the administrator's consent via Cross-Sit...

A Cross-Site Request Forgery vulnerability in ERPNEXT allows attackers to trick authenticated users into performing unauthorized actions like deleting...

This CSRF vulnerability in Drupal's GDPR module allows attackers to trick authenticated users into performing unintended actions without their consent...

A Cross-Site Request Forgery (CSRF) vulnerability in Danswer AI version 1.4.1 allows attackers to trick authenticated users into performing unauthoriz...

This CSRF vulnerability in netease-youdao/qanything's backend API allows attackers to trick authenticated users into performing unauthorized actions v...

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in eosphoros-ai/db-gpt version 0.6.0 where the server's CORS middleware allows al...

This CSRF vulnerability in the Ultimate Classified Listings WordPress plugin allows unauthenticated attackers to change victim email addresses by tric...

This Cross-Site Request Forgery (CSRF) vulnerability in Lexmark devices allows attackers to trick authenticated users into submitting malicious reques...

The Reset plugin for WordPress has a CSRF vulnerability that allows unauthenticated attackers to trick administrators into clicking malicious links th...

This vulnerability in Geovision GV-ASWeb allows attackers to modify POST requests to GET requests against critical account management functions. When ...

Grocy versions through 4.3.0 lack Cross-Site Request Forgery (CSRF) protection, allowing attackers to trick authenticated users into performing uninte...

Ampache versions before 7.0.1 have a CSRF vulnerability in token parsing when activating/deactivating controllers, allowing attackers to trick authent...

Ampache versions before 7.0.1 have a CSRF vulnerability in catalog activation/deactivation functions. Attackers can trick authenticated administrators...

This CSRF vulnerability in lunary-ai/lunary version 1.2.34 allows attackers to perform unauthorized actions like creating projects by exploiting overl...

The WooCommerce Customers Manager WordPress plugin before version 30.1 lacks CSRF protection on certain bulk actions, allowing attackers to trick logg...

This vulnerability in the CM Email Registration Blacklist and Whitelist WordPress plugin allows attackers to trick logged-in administrators into addin...

A cross-site request forgery (CSRF) vulnerability in Sola Testimonials WordPress plugin versions before 3.0.0 allows attackers to trick authenticated ...

A Cross-Site Request Forgery (CSRF) vulnerability in the stitionai/devika application allows attackers to trick authenticated users into performing un...

This CSRF vulnerability in parisneo/lollms-webui allows attackers to trick authenticated users into unknowingly clearing personality files via malicio...

CVE-2024-33830 is a Cross-Site Request Forgery vulnerability in idccms v1.35 that allows attackers to trick authenticated administrators into performi...

This CSRF vulnerability in ESPHome's dashboard component allows attackers to perform unauthorized configuration file operations (create, edit, delete)...

CVE-2024-28195 is a Cross-Site Request Forgery (CSRF) vulnerability in your_spotify, an open-source self-hosted Spotify tracking dashboard. Attackers ...

This CSRF vulnerability in the 3dprint WordPress plugin allows attackers to delete arbitrary files and directories on the server by tricking an authen...

This CSRF vulnerability in Jenkins HTMLResource Plugin allows attackers to trick authenticated users into executing malicious requests that delete arb...

A cross-site request forgery (CSRF) vulnerability in CubeCart e-commerce software allows unauthenticated remote attackers to delete data from the syst...

SPA-Cart 1.9.0.3 contains a Cross-Site Request Forgery (CSRF) vulnerability that allows attackers to trick authenticated administrators into unknowing...

This CSRF vulnerability in Archer Platform allows authenticated attackers to execute arbitrary code via crafted requests. It affects Archer Platform v...

A Cross-Site Request Forgery (CSRF) vulnerability in Issabel PBX v4.0.0-6 allows remote attackers to delete user groups via forged requests, causing d...

This CSRF vulnerability in the WPLMS WordPress theme allows attackers to trick authenticated administrators into performing unintended actions. It aff...

This CVE describes a cross-site request forgery (CSRF) vulnerability in OpenNMS Meridian and Horizon monitoring platforms. Attackers can manipulate fo...

This vulnerability in NextAuth.js allows attackers to bypass authentication and log in as victims by intercepting and tampering with OAuth authorizati...

The HTML2WP WordPress plugin through version 1.0.0 contains an authorization bypass vulnerability in an AJAX endpoint that allows any authenticated us...

This CSRF vulnerability in MiniCMS v1.11 allows attackers to trick authenticated users into clicking malicious links that delete local .dat files. Any...

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in the One Click Plugin Updater WordPress plugin. Attackers can trick logged-in a...