CWE-352: Cross-Site Request Forgery (CSRF)

This CSRF vulnerability in WSO2 products allows attackers to trick authenticated users into performing unintended administrative actions by clicking m...

A Cross-Site Request Forgery (CSRF) vulnerability in Simple-Faucet-Script v1.07 allows attackers to execute arbitrary code via crafted POST requests t...

A cross-site request forgery (CSRF) vulnerability in QuLog Center allows attackers to trick authenticated users into performing unintended actions. Th...

This CSRF vulnerability in the WP GDPR Cookie Consent WordPress plugin allows attackers to trick authenticated administrators into executing malicious...

This vulnerability in the WordPress Block Country plugin allows attackers to perform Cross-Site Request Forgery (CSRF) attacks that lead to Stored Cro...

This vulnerability in the Slick Google Map WordPress plugin allows attackers to perform Cross-Site Request Forgery (CSRF) attacks that lead to Stored ...

This vulnerability in the WordPress wpNamedUsers plugin allows attackers to perform Cross-Site Request Forgery (CSRF) attacks that lead to Stored Cros...

This vulnerability in the ZIPANG Simple Stripe WordPress plugin allows attackers to perform Cross-Site Request Forgery (CSRF) attacks that lead to Sto...

This vulnerability allows attackers to perform unauthorized actions on behalf of authenticated users by exploiting the lack of CSRF protection in BLU-...

A Cross-Site Request Forgery (CSRF) vulnerability in the NikanWP WooCommerce Reporting plugin allows attackers to perform stored cross-site scripting ...

This CSRF vulnerability in Simple Content Templates for WordPress allows attackers to trick authenticated administrators into performing unintended ac...

This Cross-Site Request Forgery (CSRF) vulnerability in the Awesome Testimonials WordPress plugin allows attackers to inject malicious scripts that ex...

This CSRF vulnerability in the WP Business Hours WordPress plugin allows attackers to trick authenticated administrators into performing unintended ac...

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in the wpdevart Pricing Table builder WordPress plugin that leads to Stored Cross...

A Cross-Site Request Forgery (CSRF) vulnerability in Premmerce Brands for WooCommerce allows attackers to trick authenticated administrators into perf...

This CSRF vulnerability in the Simple Registration for WooCommerce WordPress plugin allows unauthenticated attackers to trick administrators into appr...

This CSRF vulnerability in the IndieAuth WordPress plugin allows attackers to trick authenticated users into approving malicious OAuth authorization r...

Apache Geode's Management and Monitoring REST API is vulnerable to Cross-Site Request Forgery (CSRF) attacks via GET requests. An attacker who obtains...

The Theme Editor WordPress plugin has a Cross-Site Request Forgery vulnerability that allows unauthenticated attackers to execute arbitrary code remot...

The TextBuilder WordPress plugin (versions 1.0.0 to 1.1.1) has a CSRF vulnerability that allows unauthenticated attackers to trick administrators into...

This CSRF vulnerability in LXD-UI allows attackers to create and start container instances without user consent by tricking authenticated users into s...

A Cross-Site Request Forgery (CSRF) vulnerability in javothemes Javo Core WordPress plugin allows attackers to bypass authentication and perform unaut...

A Cross-Site Request Forgery (CSRF) vulnerability in the Anps Constructo WordPress theme allows attackers to trick authenticated users into performing...

A Cross-Site Request Forgery (CSRF) vulnerability in the ApusTheme Findgo WordPress theme allows attackers to trick authenticated users into performin...

A Cross-Site Request Forgery (CSRF) vulnerability in the CouponXxL WordPress theme allows attackers to trick authenticated users into performing unint...

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in multiple Ivanti security products that allows an unauthenticated remote attack...

This Cross-Site Request Forgery (CSRF) vulnerability in the INVELITY MyGLS connect WordPress plugin allows attackers to trick authenticated administra...

This CSRF vulnerability in the Video Share VOD WordPress plugin allows attackers to trick administrators into executing malicious actions. When exploi...

This CSRF vulnerability in old-peanut Open-Shop allows attackers to trick authenticated users into submitting malicious POST requests, potentially exp...

This CSRF vulnerability in Basix NEX-Forms WordPress plugin allows attackers to trick authenticated administrators into performing unintended actions....

A Cross-Site Request Forgery (CSRF) vulnerability in iThemes ServerBuddy WordPress plugin allows attackers to perform PHP object injection attacks. Th...

A Cross-Site Request Forgery (CSRF) vulnerability in the ApusTheme Findgo WordPress theme allows attackers to trick authenticated administrators into ...

This CSRF vulnerability in MediaWiki's SecurePoll extension allows attackers to trick administrators into performing unauthorized sensitive actions li...

A Cross-Site Request Forgery (CSRF) vulnerability in Infigo Software's IS-theme-companion WordPress plugin allows attackers to trick authenticated adm...

A Cross-Site Request Forgery (CSRF) vulnerability in Rameez Iqbal Real Estate Manager WordPress plugin allows attackers to trick authenticated adminis...

CVE-2025-41661 allows unauthenticated remote attackers to execute arbitrary commands with root privileges on affected devices due to missing CSRF prot...

A Cross-Site Request Forgery (CSRF) vulnerability in Drupal's Restrict route by IP module allows attackers to trick authenticated administrators into ...

A Cross-Site Request Forgery (CSRF) vulnerability in Gosoft Software Proticaret E-Commerce allows attackers to trick authenticated users into performi...

This CSRF vulnerability in the NewsBlogger WordPress theme allows unauthenticated attackers to trick administrators into executing malicious actions. ...

A Cross-Site Request Forgery vulnerability in Zimbra Collaboration's GraphQL endpoint allows attackers to perform unauthorized operations when authent...

This CSRF vulnerability in Moodle's Brickfield tool allows attackers to trick authenticated users into unknowingly submitting analysis requests. Any M...

A Cross-Site Request Forgery (CSRF) vulnerability in WPSolr free WordPress plugin allows attackers to trick authenticated administrators into performi...

A Cross-Site Request Forgery (CSRF) vulnerability in the Purab Seo Meta Tags WordPress plugin allows attackers to trick authenticated administrators i...

The WPFront User Role Editor WordPress plugin has a CSRF vulnerability in all versions up to 4.2.1 that allows unauthenticated attackers to change def...

This CSRF vulnerability in Drupal Cache Utility allows attackers to trick authenticated users into performing unintended actions on their behalf. It a...

This CSRF vulnerability in Drupal AI allows attackers to trick authenticated users into performing unintended actions on the Drupal site. It affects D...

The Booknetic WordPress plugin before version 4.1.5 lacks CSRF protection when creating Staff accounts, allowing attackers to trick logged-in administ...

This CSRF vulnerability in the EZ SQL Reports Shortcode Widget and DB Backup WordPress plugin allows attackers to execute arbitrary code on the server...

This vulnerability allows non-admin users to execute arbitrary code remotely via CSRF attacks in open-webui versions up to 0.3.8. Attackers can craft ...

A CSRF vulnerability in binary-husky/gpt_academic version 3.83 allows attackers to trick authenticated users into uploading malicious files without th...