CWE-352: Cross-Site Request Forgery (CSRF)

This CVE describes an authenticated CSRF vulnerability in the web management interface of Shenzhen C-Data Technology Co. FD602GW-DX-R410 routers. An a...

This CSRF vulnerability in the BP Disable Activation Reloaded WordPress plugin allows attackers to trick authenticated administrators into performing ...

This CSRF vulnerability in the RIS Version Switcher WordPress plugin allows attackers to trick authenticated administrators into performing unintended...

This CSRF vulnerability in the Woocommerce Gifts Product WordPress plugin allows attackers to trick authenticated administrators into performing unint...

A Cross-Site Request Forgery (CSRF) vulnerability in the Simasicher SimaCookie WordPress plugin allows attackers to perform stored cross-site scriptin...

A Cross-Site Request Forgery (CSRF) vulnerability in the Woocommerce Notify Updated Product WordPress plugin allows attackers to perform stored cross-...

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in the Bevy Event service that allows attackers to trick authenticated users into...

This CSRF vulnerability in Liferay Portal and DXP allows remote attackers to perform unauthorized actions on behalf of authenticated users by exploiti...

This CSRF vulnerability in the Build App Online WordPress plugin allows attackers to trick authenticated administrators into performing unintended act...

A Cross-Site Request Forgery (CSRF) vulnerability in CS Cart 4.18.3 allows attackers to manipulate user sessions by adding products to comparison list...

StudentManage v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability that allows attackers to trick authenticated users into performing unint...

This CSRF vulnerability in the BlocksWP Theme Builder For Elementor WordPress plugin allows attackers to trick authenticated administrators into perfo...

A Cross-Site Request Forgery vulnerability in PHPGurukul Medical Card Generation System 1.0 allows attackers to trick authenticated administrators int...

This Cross-Site Request Forgery (CSRF) vulnerability in the WebToffee GDPR Cookie Consent WordPress plugin allows attackers to trick logged-in adminis...

This CSRF vulnerability in WP Trio Conditional Payments for WooCommerce allows attackers to trick authenticated administrators into performing uninten...

A Cross-Site Request Forgery (CSRF) vulnerability in the Breaking News WP WordPress plugin allows attackers to trick authenticated administrators into...

A Cross-Site Request Forgery (CSRF) vulnerability in Splunk Enterprise and Splunk Cloud Platform allows low-privileged users without admin or power ro...

This CSRF vulnerability in lollms-webui allows attackers to cause denial of service by exploiting file upload endpoints. Attackers can append extra ch...

A Cross-Site Request Forgery (CSRF) vulnerability in ComfyUI versions up to v0.2.2 allows attackers to create malicious websites that, when visited by...

IBM Security Verify Access Appliance and Container versions 10.0.0 through 10.0.8 contain a cross-site request forgery (CSRF) vulnerability. This allo...

The Altra Side Menu WordPress plugin through version 2.0 lacks Cross-Site Request Forgery (CSRF) protection on certain endpoints, allowing attackers t...

This CSRF vulnerability in the Smartsupp WordPress plugin allows attackers to trick authenticated administrators into performing unintended actions. I...

This CSRF vulnerability in the Posti Shipping WordPress plugin allows attackers to trick authenticated administrators into performing unintended actio...

IBM Cognos Controller versions 11.0.0 and 11.0.1 contain a cross-site request forgery (CSRF) vulnerability that allows attackers to trick authenticate...

This CSRF vulnerability in Zimbra's GraphQL endpoint allows attackers to trick authenticated users into executing malicious GraphQL queries via crafte...

This CSRF vulnerability in wallabag allows attackers to trick authenticated users into unknowingly submitting requests to delete their own accounts. A...

CVE-2021-27704 is an incorrect access control vulnerability in Appspace 6.2.4 that allows attackers to bypass authentication via the password reset pa...

IBM CICS TX Standard 11.1 has a cross-site request forgery (CSRF) vulnerability that allows attackers to trick authenticated users into performing una...

This CSRF vulnerability in the Sumit Surai Featured Posts with Multiple Custom Groups WordPress plugin allows attackers to trick authenticated adminis...

The Visual Sound WordPress plugin through version 1.06 lacks CSRF protection in its settings update functionality. This allows attackers to trick logg...

The Misiek Photo Album WordPress plugin through version 1.4.3 lacks CSRF protection on certain album deletion functions, allowing attackers to trick a...

The ILC Thickbox WordPress plugin through version 1.0 lacks CSRF protection when updating settings, allowing attackers to trick logged-in administrato...

The Visual Sound WordPress plugin through version 1.03 lacks CSRF protection in its settings update functionality. This allows attackers to trick logg...

This CSRF vulnerability in Cisco ISE's web management interface allows unauthenticated remote attackers to trick authenticated users into executing ma...

This CVE describes a CSRF vulnerability in the OAuth library for Nim programming language. When compiled with certain compiler flags like -d:danger or...

The Light Poll WordPress plugin through version 1.0.0 lacks Cross-Site Request Forgery (CSRF) protection when deleting polls. This allows attackers to...

This vulnerability in the WooCommerce Customers Manager WordPress plugin allows any authenticated user, even with low privileges like subscriber, to p...

The HTML Forms WordPress plugin before version 1.3.34 lacks Cross-Site Request Forgery (CSRF) protection on certain endpoints, allowing attackers to t...

IBM Aspera Orchestrator 4.0.1 has a cross-site request forgery (CSRF) vulnerability that allows attackers to trick authenticated users into performing...

This CSRF vulnerability in the Master Slider WordPress plugin allows attackers to trick authenticated administrators into unknowingly submitting malic...

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in the MediaWikiChat extension for MediaWiki. Attackers can trick authenticated u...

This Cross-Site Request Forgery (CSRF) vulnerability in Eskooly Free Online School Management Software allows attackers to trick authenticated users i...

This CSRF vulnerability in TruDesk Help Desk/Ticketing Solution v1.1.11 allows attackers to force privileged users to restart the server via a crafted...

This CSRF vulnerability in the CB (legacy) WordPress plugin allows attackers to trick logged-in administrators into performing unauthorized bulk actio...

Emlog Pro 2.3 contains a Cross-Site Request Forgery (CSRF) vulnerability in twitter.php that can be combined with Cross-Site Scripting (XSS) to access...

This CSRF vulnerability in idccms v1.35 allows attackers to trick authenticated administrators into performing unauthorized actions via the banner man...

The OoohBoi Steroids for Elementor WordPress plugin before version 2.1.5 contains CSRF and broken access control vulnerabilities. These allow attacker...

This CSRF vulnerability in Cisco SD-WAN vManage allows unauthenticated attackers to trick authenticated users into performing malicious actions via ma...

This CVE describes a cross-site request forgery (CSRF) vulnerability in IBM Db2U database software. An attacker could trick authenticated users into p...

This vulnerability allows cross-site request forgery (CSRF) attacks against GitLab instances configured to use JWT as an OmniAuth provider. Attackers ...