CWE-352: Cross-Site Request Forgery (CSRF)

This CSRF vulnerability in Archer Platform allows authenticated attackers to execute arbitrary code via crafted requests. It affects Archer Platform v...

A Cross-Site Request Forgery (CSRF) vulnerability in Issabel PBX v4.0.0-6 allows remote attackers to delete user groups via forged requests, causing d...

This CSRF vulnerability in the WPLMS WordPress theme allows attackers to trick authenticated administrators into performing unintended actions. It aff...

This CVE describes a cross-site request forgery (CSRF) vulnerability in OpenNMS Meridian and Horizon monitoring platforms. Attackers can manipulate fo...

This vulnerability in NextAuth.js allows attackers to bypass authentication and log in as victims by intercepting and tampering with OAuth authorizati...

The HTML2WP WordPress plugin through version 1.0.0 contains an authorization bypass vulnerability in an AJAX endpoint that allows any authenticated us...

This CSRF vulnerability in MiniCMS v1.11 allows attackers to trick authenticated users into clicking malicious links that delete local .dat files. Any...

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in the One Click Plugin Updater WordPress plugin. Attackers can trick logged-in a...

This Cross-Site Request Forgery (CSRF) vulnerability in the Access Demo Importer WordPress plugin allows attackers to trick authenticated administrato...

This CSRF vulnerability in the Visual Form Builder WordPress plugin allows attackers to trick logged-in administrators or editors into performing unau...

This vulnerability in the miniOrange Google Authenticator WordPress plugin allows unauthenticated attackers to delete arbitrary WordPress options via ...

The Support Board WordPress plugin before version 3.3.6 lacks CSRF protection in its AJAX handlers, allowing attackers to trick logged-in administrato...

The Images to WebP WordPress plugin before version 1.9 lacks CSRF protection for administrative actions, allowing attackers to trick authenticated adm...

This CSRF vulnerability in PiranhaCMS allows attackers to trick authenticated administrators into performing unauthorized actions like deleting users,...

This CSRF vulnerability in the Print My Blog WordPress plugin allows attackers to trick logged-in administrators into deactivating the plugin and dele...

This CSRF vulnerability in the Nested Pages WordPress plugin allows attackers to trick authenticated administrators into performing unauthorized actio...

This CSRF vulnerability in Ponzu CMS 0.11.0 allows attackers to trick authenticated users into performing unauthorized actions through malicious reque...

This Cross-Site Request Forgery (CSRF) vulnerability in the Patreon WordPress plugin allows attackers to trick logged-in users into executing unauthor...

This vulnerability in the Database Backups WordPress plugin allows attackers to perform Cross-Site Request Forgery (CSRF) attacks, enabling them to tr...

This CSRF vulnerability in Cisco NX-OS NX-API allows unauthenticated remote attackers to trick authenticated users into executing malicious requests, ...

OpenPLC_V3 lacks CSRF protection, allowing attackers to trick logged-in administrators into clicking malicious links that modify PLC settings or uploa...

This is a cross-site request forgery (CSRF) vulnerability in Apple's WebKit browser engine that could allow memory corruption when processing maliciou...

FlatPress CMS has a CSRF vulnerability that allows attackers to enable or disable plugins on behalf of authenticated users. Attackers can craft malici...

This CSRF vulnerability in OpenMRS 2.4.3 allows attackers to perform unauthorized administrative actions by tricking authenticated users into submitti...

This CSRF vulnerability in tianti v2.3 allows attackers to trick authenticated users into performing unintended actions via malicious requests to /use...

This CSRF vulnerability in Wangmarket v4.10 to v5.0 allows attackers to trick authenticated users into performing unintended actions via malicious req...

This CSRF vulnerability in TYPO3's backend allows attackers to trick authenticated backend users into executing unauthorized actions via malicious lin...

This CSRF vulnerability in Sunbird DCIM dcTrack v9.1.2 allows authenticated attackers to trick administrators into performing privileged actions, pote...

CVE-2020-11919 is a Cross-Site Request Forgery (CSRF) vulnerability in Siime Eye 14.1.00000001.3.330.0.0.3.14 that allows attackers to trick authentic...

Apache CloudStack has a Cross-Site Request Forgery (CSRF) vulnerability that allows attackers to trick authenticated users into performing unauthorize...

Advantech ADAM-5630 industrial controllers contain a CSRF vulnerability that allows attackers to trick authenticated users into performing unauthorize...

A Cross-Site Request Forgery (CSRF) vulnerability in Kashipara Music Management System v1.0 allows attackers to trick authenticated users into perform...

This vulnerability involves predictable CSRF tokens that allow attackers to craft malicious requests. When victims unknowingly trigger these requests,...

A Cross-Site Request Forgery (CSRF) vulnerability in ePolicy Orchestrator (ePO) allows low-privileged remote users to add new administrator accounts b...

This is a Cross-Site Request Forgery (CSRF) vulnerability in Jenkins where insufficient URL escaping allows attackers to trick authenticated users int...

A CSRF vulnerability in Jenkins Google Cloud Backup Plugin 0.6 and earlier allows attackers to trick authenticated users into performing unauthorized ...

This CSRF vulnerability in Jenkins Recipe Plugin allows attackers to trick authenticated users into making unintended HTTP requests to attacker-contro...

A CSRF vulnerability in Jenkins CloudBees AWS Credentials Plugin allows attackers with Overall/Read permission to trick authenticated users into conne...

A cross-site request forgery (CSRF) vulnerability in Zyxel ARMOR Z1/Z2 router firmware allows attackers to execute arbitrary commands by tricking auth...

This vulnerability in the WP Extra File Types WordPress plugin allows attackers to trick logged-in administrators into changing plugin settings withou...

This CSRF vulnerability in Rockoa v1.9.8 allows authenticated attackers to create unauthorized administrator accounts by tricking legitimate users int...

CVE-2021-42097 is a Cross-Site Request Forgery (CSRF) vulnerability in GNU Mailman that allows privilege escalation. An attacker can obtain a CSRF tok...

This is a Cross-Site Request Forgery (CSRF) vulnerability in Dada Mail that allows attackers to perform unauthorized actions as authenticated users. W...

This CSRF vulnerability in Cybozu Garoon allows authenticated attackers to trick administrators into performing unintended actions by exploiting their...

This CSRF vulnerability in DamiCMS v6.0.6 allows attackers to create unauthorized admin accounts by tricking authenticated administrators into visitin...

CVE-2021-21407 is a Cross-Site Request Forgery (CSRF) vulnerability in Combodo iTop that allows attackers to bypass CSRF token validation through a tr...

A Cross-Site Request Forgery (CSRF) vulnerability in Star Practice Management Web allows attackers to change user privileges, including granting thems...

This CSRF vulnerability in EgavilanMedia User Registration & Login System 1.0 allows attackers to trick authenticated users into submitting malicious ...

This CSRF vulnerability in Smartvista BackOffice allows attackers to trick authenticated users into performing unintended actions via crafted GET requ...

A CSRF vulnerability in saTECH BCU firmware version 2.1.3 allows attackers to trick authenticated administrators into executing unauthorized actions. ...