CWE-352: Cross-Site Request Forgery (CSRF)

This vulnerability in the IP2Location Country Blocker WordPress plugin allows attackers to trick logged-in administrators into blocking arbitrary coun...

The IP2Location Country Blocker WordPress plugin before version 2.26.5 lacks proper authorization and CSRF protection in its AJAX endpoint, allowing a...

This CSRF vulnerability in GitLab's GraphQL API allows attackers to execute mutations as authenticated users without their consent. It affects GitLab ...

CVE-2020-10771 is a CSRF vulnerability in Infinispan 10 that allows attackers to perform unauthorized actions via GET requests. This affects systems r...

This CSRF vulnerability in Jenkins Xray plugin allows attackers to trick authenticated users into unknowingly connecting Jenkins to attacker-controlle...

This CSRF vulnerability in Jenkins P4 Plugin allows attackers to trick authenticated users into connecting Jenkins to a malicious Perforce server with...

This CSRF vulnerability in PyroCMS allows attackers to trick authenticated admin users into unknowingly deleting arbitrary plugins via a malicious lin...

This CSRF vulnerability in SourceCodester Stock Management System v1.0 allows attackers to change authenticated users' usernames without their consent...

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in Rumpus FTP Web File Manager's web settings interface. Attackers can trick auth...

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in McAfee Endpoint Security's ePO extension that allows attackers to execute arbi...

This CSRF vulnerability in open-webui/open-webui v0.3.8 allows attackers to trick authenticated users into performing sensitive actions like deleting ...

This vulnerability in the Newsletter Popup WordPress plugin allows attackers to trick logged-in administrators into deleting subscribers without their...

This CSRF vulnerability in edu Business Solutions Print Shop Pro WebDesk allows attackers to trick authenticated users into performing unintended acti...

This CSRF vulnerability in RiteCMS v3.1.0 allows attackers to create or edit website pages without authorization by tricking authenticated administrat...

This Cross-Site Request Forgery (CSRF) vulnerability in Kiteworks MFT allows attackers to trick administrators into browsing malicious pages, potentia...

A Cross-Site Request Forgery (CSRF) vulnerability in HCL Glovius Cloud allows attackers to trick authenticated users into performing unintended action...

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability affecting omni-administrator users in Liferay Portal and DXP. Attackers can trick...

This CSRF vulnerability in Drupal Google Tag allows attackers to trick authenticated administrators into performing unauthorized actions, such as modi...

Wangmarket v4.10 to v5.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the AgencyUserController component. This allows attackers to tr...

SAP Commerce sets authentication cookies with SameSite=None by default, making them vulnerable to cross-site request forgery (CSRF) attacks. This affe...

PwnDoc lacks CSRF protection, allowing attackers to perform actions on behalf of logged-in users without their consent. This affects all PwnDoc instan...

The Favicon Generator WordPress plugin before version 2.1 contains two critical vulnerabilities: missing file upload validation and missing CSRF prote...

CVE-2024-45172 is a cross-site request forgery (CSRF) vulnerability in za-internet C-MOR Video Surveillance web interface that allows attackers to tri...

A Cross-Site Request Forgery (CSRF) vulnerability in Kashipara Hotel Management System v1.0 allows attackers to trick authenticated administrators int...

Parse Dashboard versions 7.3.0-alpha.42 through 9.0.0-alpha.7 lack CSRF protection on the AI Agent API endpoint. This allows attackers to craft malici...

IBM DB2 Recovery Expert for Linux, UNIX and Windows version 5.5 Interim Fix 002 is vulnerable to cross-site request forgery (CSRF). This allows attack...

This CSRF vulnerability in Open eClass allows attackers to trick authenticated teachers into performing unauthorized actions like modifying assignment...

CVE-2025-70899 is a Cross-Site Request Forgery vulnerability in PHPgurukul Online Course Registration v3.1 that allows attackers to perform unauthoriz...

CVE-2021-47830 is a CSRF vulnerability in GetSimple CMS My SMTP Contact Plugin 1.1.1 that allows attackers to trick authenticated administrators into ...

CVE-2021-47754 is a cross-site request forgery (CSRF) vulnerability in Arunna 1.0.0 that allows attackers to manipulate authenticated users into submi...

A Cross-Site Request Forgery (CSRF) vulnerability in Everest Backup WordPress plugin allows attackers to trick authenticated administrators into perfo...

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in ETL Systems Ltd DEXTRA Series Digital L-Band Distribution System web managemen...

This cross-site request forgery vulnerability in Sony SNC-CX600W IP cameras allows attackers to trick authenticated users into performing unintended o...

This CSRF vulnerability in Magewell Pro Convert allows attackers to create arbitrary user accounts without authorization by tricking authenticated adm...

A cross-site request forgery (CSRF) vulnerability in LogStare Collector allows attackers to trick authenticated users into performing unintended opera...

This CSRF vulnerability in HasThemes WP Plugin Manager allows attackers to trick authenticated WordPress administrators into performing unintended act...

This CSRF vulnerability in the WordPress Auto Prune Posts plugin allows attackers to trick authenticated administrators into performing unintended act...

A Cross-Site Request Forgery (CSRF) vulnerability in xxl-api v1.3.0 allows attackers to trick authenticated administrators into executing unauthorized...

This CSRF vulnerability in Pet Grooming Management Software allows attackers to trick authenticated administrators into changing their passwords witho...

CVE-2025-63716 is a Cross-Site Request Forgery vulnerability in SourceCodester Leads Manager Tool v1.0 that allows attackers to trick authenticated us...

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in Liferay Portal's Headless API that allows attackers to execute any Headless AP...

This CVE describes a cross-site request forgery vulnerability in Rockwell Automation products where missing CSRF checks allow attackers to modify conf...

IBM Storage TS4500 Library versions 1.11.0.0 and 2.11.0.0 contain a cross-site request forgery (CSRF) vulnerability that allows attackers to trick aut...

This CVE describes an authenticated CSRF vulnerability in the web management interface of Shenzhen C-Data Technology Co. FD602GW-DX-R410 routers. An a...

This CSRF vulnerability in the BP Disable Activation Reloaded WordPress plugin allows attackers to trick authenticated administrators into performing ...

This CSRF vulnerability in the RIS Version Switcher WordPress plugin allows attackers to trick authenticated administrators into performing unintended...

This CSRF vulnerability in the Woocommerce Gifts Product WordPress plugin allows attackers to trick authenticated administrators into performing unint...

A Cross-Site Request Forgery (CSRF) vulnerability in the Simasicher SimaCookie WordPress plugin allows attackers to perform stored cross-site scriptin...

A Cross-Site Request Forgery (CSRF) vulnerability in the Woocommerce Notify Updated Product WordPress plugin allows attackers to perform stored cross-...

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in the Bevy Event service that allows attackers to trick authenticated users into...