CWE-352: Cross-Site Request Forgery (CSRF)

This vulnerability in XWiki allows attackers to determine whether an email address has an associated user account and identify the corresponding usern...

This Cross-Site Request Forgery (CSRF) vulnerability in GitLab allows attackers to trick authenticated users into unknowingly importing GitHub project...

The Directorist WordPress plugin before version 7.0.6.2 contains a Cross-Site Request Forgery (CSRF) vulnerability that allows attackers to trick auth...

This vulnerability affects F5 BIG-IP Advanced WAF, ASM, and NGINX App Protect when configured with CSRF-enabled policies. An attacker can send special...

Apache MyFaces Core uses cryptographically weak CSRF tokens in default configurations, allowing attackers to potentially predict future token values a...

This CSRF vulnerability in the POEditor WordPress plugin allows attackers to trick authenticated administrators into performing unintended actions, sp...

A Cross-Site Request Forgery (CSRF) vulnerability in the wphobby Backwp WordPress plugin allows attackers to trick authenticated administrators into p...

A Cross-Site Request Forgery (CSRF) vulnerability in the Vladimir Prelovac Plugin Central WordPress plugin allows attackers to trick authenticated adm...

This CSRF vulnerability in Bill Minozzi WP Tools WordPress plugin allows attackers to trick authenticated administrators into performing unintended ac...

CVE-2024-26153 is a CSRF vulnerability in ETIC Telecom Remote Access Server (RAS) that allows attackers to trick authenticated users into submitting m...

This CSRF vulnerability in Cisco Expressway Series and TelePresence VCS REST API allows unauthenticated remote attackers to trick authenticated users ...

This CSRF vulnerability in Seraphinite Accelerator WordPress plugin allows attackers to trick authenticated administrators into performing unintended ...

FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the /system/share/ztree_category_edit endpoint. This allows attackers to tri...

CVE-2022-0088 is a Cross-Site Request Forgery (CSRF) vulnerability in YOURLS URL shortener software versions prior to 1.8.3. This allows attackers to ...

This vulnerability in Flask-Security-Too allows attackers to steal authentication tokens via CSRF attacks on unprotected GET requests to /login and /c...

CVE-2020-5745 is a cross-site request forgery (CSRF) vulnerability in TCExam that allows attackers to trick authenticated users into performing uninte...

This vulnerability allows authenticated users in Traccar GPS tracking systems to steal OAuth 2.0 authorization codes via open redirect in OIDC endpoin...

This CSRF vulnerability in the Travelpayouts WordPress plugin allows attackers to trick logged-in administrators into unknowingly changing plugin sett...

This CSRF vulnerability in Code Astro Internet Banking System 2.0.0 allows attackers to execute arbitrary JavaScript on the admin page by tricking adm...

EmbedAI applications are vulnerable to data poisoning attacks via CSRF due to insecure session management and weak CORS policies. Attackers can trick ...

The Bulgarisation for WooCommerce WordPress plugin has a CSRF vulnerability that allows unauthenticated attackers to trick administrators into perform...

This critical CSRF vulnerability in Navetti PricePoint 4.6.0.0 allows attackers to trick authenticated users into performing unintended actions by sen...

The UberMenu WordPress plugin is vulnerable to Cross-Site Request Forgery (CSRF) in versions up to 3.8.3. This allows unauthenticated attackers to del...

OpenClaw versions before 2026.2.14 have an OAuth state validation bypass in the manual Chutes login flow that allows attackers to bypass CSRF protecti...

This vulnerability in the Simple XML Sitemap WordPress plugin allows attackers to perform Cross-Site Request Forgery (CSRF) attacks that lead to Store...

This CSRF vulnerability in the DASHBOARD BUILDER WordPress plugin allows unauthenticated attackers to trick administrators into modifying SQL queries ...

A Cross-Site Request Forgery (CSRF) vulnerability in the Themefy Bloggie WordPress theme allows attackers to inject malicious scripts via reflected XS...

A Cross-Site Request Forgery (CSRF) vulnerability in Zoho ZeptoMail WordPress plugin allows attackers to inject malicious scripts that become stored X...

This CSRF vulnerability in the WordPress Noindex by Path plugin allows attackers to trick authenticated administrators into performing unintended acti...

A Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Recent Posts From Each Category plugin allows attackers to inject malicious scripts...

A Cross-Site Request Forgery (CSRF) vulnerability in the Page Carbajal Custom Post Status WordPress plugin allows attackers to perform stored cross-si...

This CSRF vulnerability in the Wolfgang Häfelinger Custom Style WordPress plugin allows attackers to trick authenticated administrators into performi...

A Cross-Site Request Forgery (CSRF) vulnerability in Socialprofilr Social Profilr WordPress plugin allows attackers to inject malicious scripts that e...

A Cross-Site Request Forgery (CSRF) vulnerability in the WordPress SensitiveTagCloud plugin allows attackers to inject malicious scripts that execute ...

A Cross-Site Request Forgery (CSRF) vulnerability in the WP-EasyArchives WordPress plugin allows attackers to inject malicious scripts that execute wh...

A Cross-Site Request Forgery (CSRF) vulnerability in the eLEOPARD Behance Portfolio Manager WordPress plugin allows attackers to inject malicious scri...

A Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Simple Archive Generator plugin allows attackers to trick authenticated administrat...

A Cross-Site Request Forgery (CSRF) vulnerability in the Hoernerfranz WP-CalDav2ICS WordPress plugin allows attackers to perform unauthorized actions ...

This CSRF vulnerability in Restajet Online Food Delivery System allows attackers to trick authenticated users into performing unintended actions on th...

KeePassXC-Browser versions through 1.9.9.2 automatically fill or prompt to fill stored credentials into documents rendered under browser-enforced CSP ...

This CSRF vulnerability in 1Panel allows attackers to change the web service port when authenticated users visit malicious pages. Affected users are t...

This CSRF vulnerability in 1Panel allows attackers to change authenticated users' usernames without consent via malicious webpages. When exploited, vi...

A Cross-Site Request Forgery (CSRF) vulnerability in the Jacques Malgrange Rencontre WordPress plugin allows attackers to perform stored cross-site sc...

This CSRF vulnerability in the WordPress New User Approve plugin allows attackers to trick administrators into performing unintended actions. Attacker...

This Cross-Site Request Forgery (CSRF) vulnerability in PDF Creator Lite WordPress plugin allows attackers to trick authenticated administrators into ...

This CSRF vulnerability in the WP sIFR WordPress plugin allows attackers to trick authenticated administrators into executing malicious actions, leadi...

This CSRF vulnerability in the WordPress Create Posts & Terms plugin allows attackers to trick authenticated administrators into performing unintended...

This vulnerability allows attackers to perform Cross-Site Request Forgery (CSRF) attacks that lead to Reflected Cross-Site Scripting (XSS) in the Alle...

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in the FanBridge WordPress plugin that allows attackers to inject malicious scrip...

This CSRF vulnerability in SUMO Memberships for WooCommerce allows attackers to trick authenticated administrators into performing unintended actions....