CWE-352: Cross-Site Request Forgery (CSRF)

This CSRF vulnerability in the InstaWP Connect WordPress plugin allows unauthenticated attackers to execute arbitrary PHP code on affected servers by ...

CVE-2025-25907 is a Cross-Site Request Forgery vulnerability in tianti v2.3 that allows attackers to trick authenticated users into performing uninten...

The VikRentCar WordPress plugin has a CSRF vulnerability that allows attackers to escalate privileges and upload arbitrary files. Attackers can trick ...

This CSRF vulnerability in Ampache allows attackers to trick authenticated users into performing unintended actions by sending malicious requests. It ...

This CSRF vulnerability in the Newscrunch WordPress theme allows unauthenticated attackers to upload arbitrary files by tricking administrators into c...

Acora CMS version 10.1.1 has a Cross-Site Request Forgery (CSRF) vulnerability that allows attackers to trick authenticated users into performing unau...

This CSRF vulnerability in the Cardealer WordPress theme allows unauthenticated attackers to trick administrators into clicking malicious links that c...

A Cross-Site Request Forgery (CSRF) vulnerability in the lizeipe Photo Gallery (Responsive) WordPress plugin allows attackers to trick authenticated a...

This CSRF vulnerability in the Shopwarden WordPress plugin allows attackers to trick administrators into clicking malicious links that can change plug...

The Option Editor WordPress plugin version 1.0 has a CSRF vulnerability that allows unauthenticated attackers to trick administrators into clicking ma...

This CSRF vulnerability in Geovision GV-ASWeb allows attackers to create administrator accounts without authentication by tricking authenticated users...

This CSRF vulnerability in WP Image Uploader plugin allows unauthenticated attackers to delete arbitrary files on WordPress sites by tricking administ...

The WP Image Uploader WordPress plugin allows unauthenticated attackers to delete arbitrary files on the server due to insufficient file path validati...

Teedy versions up to 1.12 lack CSRF protection, allowing attackers to trick authenticated users into performing unintended actions. This affects all T...

This vulnerability allows authenticated attackers to execute arbitrary shell commands on Edimax AC1200 routers by injecting special characters into DD...

This CSRF vulnerability in the VikBooking WordPress plugin allows attackers to trick administrators into performing actions that change plugin access ...

The Jenkins Bitbucket Server Integration Plugin has a CSRF bypass vulnerability that allows attackers to craft malicious URLs that circumvent CSRF pro...

A Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Custom Post Type Lockdown plugin allows attackers to trick authenticated administra...

A Cross-Site Request Forgery (CSRF) vulnerability in the Regios MyAnime Widget WordPress plugin allows attackers to trick authenticated administrators...

GestioIP v3.5.7 contains CSRF vulnerabilities in multiple endpoints that allow attackers to trick authenticated administrators into performing unautho...

This CSRF vulnerability in Drupal Gutenberg allows attackers to trick authenticated users into performing unintended actions on the Drupal site. It af...

A Cross-Site Request Forgery (CSRF) vulnerability in Drupal Migrate Tools allows attackers to trick authenticated administrators into performing unaut...

This Cross-Site Request Forgery (CSRF) vulnerability in Drupal Symfony Mailer Lite allows attackers to trick authenticated users into performing unint...

This CSRF vulnerability in ThePerfectWedding.nl Widget plugin for WordPress allows attackers to inject malicious scripts into the plugin's configurati...

A Cross-Site Request Forgery (CSRF) vulnerability in the ListingPro WordPress theme allows attackers to bypass authentication and potentially take ove...

A Cross-Site Request Forgery (CSRF) vulnerability in the Wayne Audio Player WordPress plugin allows attackers to trick authenticated administrators in...

This CSRF vulnerability in the Amarjeet Amar gap-hub-user-role WordPress plugin allows attackers to bypass authentication by tricking authenticated us...

REDCap versions through 14.9.6 have a CSRF vulnerability in Project Dashboards that allows attackers to force user logout by tricking users into click...

This vulnerability allows authenticated attackers to escalate privileges in Digiteam v4.21.0.0 by exploiting improper access control in the /RoleMenuM...

A Cross-Site Request Forgery vulnerability in Amiro.CMS allows attackers to create administrator accounts without authorization. This affects all Amir...

GetSimple CMS CE 3.3.19 contains a Server-Side Request Forgery (SSRF) vulnerability in its backend plugin module. This allows authenticated attackers ...

The User Role Editor WordPress plugin has a CSRF vulnerability that allows unauthenticated attackers to modify user roles, including granting administ...

This CSRF vulnerability in the eewee admin custom WordPress plugin allows attackers to trick authenticated administrators into performing unintended a...

The HQ Rental Software WordPress plugin has a CSRF vulnerability that allows unauthenticated attackers to trick administrators into performing actions...

This CSRF vulnerability in Siemens RUGGEDCOM ROX devices allows attackers to trick authenticated users into executing unauthorized configuration chang...

WeGIA v3.2.0 contains a Cross-Site Request Forgery (CSRF) vulnerability that allows attackers to trick authenticated users into performing unintended ...

This CSRF vulnerability in pyspider allows attackers to trick authenticated users into performing unintended actions via malicious web requests. It af...

The WP-Orphanage Extended WordPress plugin has a CSRF vulnerability that allows unauthenticated attackers to escalate privileges for all orphan accoun...

This CSRF vulnerability in Combodo iTop allows attackers to trick authenticated users into performing unintended actions by visiting malicious web pag...

This CSRF vulnerability in the WordPress Crypto plugin allows unauthenticated attackers to log in as any existing user, including administrators, by t...

OvalEdge versions 5.2.8.0 and earlier contain an authentication-required CSRF vulnerability that allows attackers to take over user accounts by manipu...

This CSRF vulnerability in the AMP for WordPress plugin allows attackers to steal logged-in users' cookies by tricking administrators into clicking ma...

This CSRF vulnerability in Liferay Portal/DXP allows attackers to trick authenticated users into performing unauthorized actions by clicking malicious...

A CSRF vulnerability in Liferay Portal and DXP allows attackers to trick authenticated administrators into performing unauthorized actions. Attackers ...

The WP Fastest Cache WordPress plugin allows authenticated users with minimal permissions to delete arbitrary files from the server due to missing cap...

PLANET Technology switches have a CSRF vulnerability in their web interface that allows unauthenticated remote attackers to trick authenticated users ...

The BA Book Everything WordPress plugin has a CSRF vulnerability that allows unauthenticated attackers to trick administrators into clicking malicious...

This CSRF vulnerability in FrogCMS allows attackers to trick authenticated administrators into performing unauthorized file deletion actions. Attacker...

FrogCMS V0.9.5 contains a Cross-Site Request Forgery (CSRF) vulnerability in the file manager rename functionality. This allows attackers to trick aut...

This CSRF vulnerability in the PropertyHive WordPress plugin allows unauthenticated attackers to change administrator account details (name, email, pa...