CWE-352: Cross-Site Request Forgery (CSRF)

This CSRF vulnerability in idccms V1.35 allows attackers to trick authenticated administrators into performing unauthorized actions via crafted reques...

This CSRF vulnerability in MFA logout allows attackers to forcibly log out authenticated users by tricking them into clicking malicious links. It affe...

The KKProgressbar2 Free WordPress plugin versions through 1.1.4.2 lack CSRF protection on certain endpoints, allowing attackers to trick authenticated...

This CSRF vulnerability in idccms v1.35 allows attackers to trick authenticated administrators into performing unauthorized actions via crafted reques...

This CSRF vulnerability in idccms v1.35 allows attackers to trick authenticated administrators into performing unauthorized actions via crafted reques...

This CSRF vulnerability in idccms v1.35 allows attackers to trick authenticated administrators into performing unauthorized actions via malicious requ...

This Cross-Site WebSocket Hijacking vulnerability in SysReptor allows attackers to hijack WebSocket connections when a logged-in user visits a malicio...

This vulnerability in the Newsletter Popup WordPress plugin allows attackers to trick logged-in administrators into deleting newsletter lists via Cros...

This CSRF vulnerability in idccms v1.35 allows attackers to trick authenticated administrators into performing unauthorized actions via crafted reques...

This CSRF vulnerability in idccms v1.35 allows attackers to trick authenticated administrators into performing unauthorized actions, specifically dele...

This vulnerability allows attackers to trick logged-in WordPress administrators into unknowingly changing the reCAPTCHA Jetpack plugin settings via a ...

The Wow Skype Buttons WordPress plugin before version 4.0.4 lacks CSRF protection on some bulk actions, allowing attackers to trick logged-in administ...

The Side Menu Lite WordPress plugin before version 4.2.1 lacks CSRF protection on certain bulk actions, allowing attackers to trick logged-in administ...

This Cross-Site Request Forgery (CSRF) vulnerability in the WordPress 'Login with phone number' plugin allows attackers to trick authenticated adminis...

This CSRF vulnerability in Ninja Forms WordPress plugin allows attackers to trick authenticated administrators into performing unintended actions on t...

This CSRF vulnerability in aimhubio/aim allows attackers to trick authenticated users into executing unauthorized actions like deleting runs, updating...

This CSRF vulnerability in the EnvíaloSimple WordPress plugin allows unauthenticated attackers to upload malicious files by tricking administrators i...

DedeCMS v5.7 contains a CSRF vulnerability in the member_scores.php component that allows attackers to trick authenticated administrators into perform...

A Cross-Site Request Forgery (CSRF) vulnerability in the parisneo/lollms-webui project allows remote attackers to execute arbitrary OS commands on a v...

This CSRF vulnerability in CM Download Manager WordPress plugin allows attackers to trick authenticated administrators into unknowingly modifying down...

This CSRF vulnerability in the WordPress File Manager plugin allows unauthenticated attackers to trick administrators into executing malicious JavaScr...

This vulnerability in the Appointment Booking Calendar WordPress plugin allows attackers to perform Cross-Site Request Forgery (CSRF) attacks against ...

The Enjoy Social Feed WordPress plugin through version 6.2.2 lacks proper authorization and CSRF protection on admin_init functions, allowing unauthen...

The Innovs HR WordPress plugin through version 1.0.3.4 lacks Cross-Site Request Forgery (CSRF) protection on certain endpoints, allowing attackers to ...

This CSRF vulnerability in the TerraClassifieds WordPress plugin allows attackers to trick authenticated users into performing unauthorized actions. I...

DedeCMS v5.7 contains a CSRF vulnerability in the mychannel_edit.php component that allows attackers to trick authenticated administrators into perfor...

DedeCMS v5.7 contains a CSRF vulnerability in the /dede/diy_edit.php endpoint that allows attackers to trick authenticated administrators into perform...

DedeCMS v5.7 contains a Cross-Site Request Forgery (CSRF) vulnerability in the article_add.php component that allows attackers to trick authenticated ...

DedeCMS v5.7 contains a CSRF vulnerability in the catalog_del.php component that allows attackers to trick authenticated administrators into performin...

The Digits WordPress plugin has a CSRF vulnerability that allows attackers to change user roles to administrator by tricking an admin into clicking a ...

Stupid Simple CMS v1.2.4 contains a CSRF vulnerability in the /update-article.php endpoint that allows attackers to trick authenticated administrators...

This Cross-Site Request Forgery (CSRF) vulnerability in FlyCms v1.0 allows attackers to trick authenticated users into performing unintended actions, ...

A cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN routers and repeaters allows remote unauthenticated attackers to trick admini...

This CSRF vulnerability in Dedecms v5.7.112 allows attackers to trick authenticated administrators into performing unauthorized actions via the file m...

This Cross-Site Request Forgery (CSRF) vulnerability in Bagisto e-commerce platform allows attackers to trick authenticated users into executing malic...

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in SMA Cluster Controller version 01.05.01.R. An attacker can trick authenticated...

Flusity-CMS v2.33 contains a Cross-Site Request Forgery vulnerability in the contact form settings update component. This allows attackers to trick au...

Flusity-CMS v2.33 contains a CSRF vulnerability in the /core/tools/add_places.php component that allows attackers to trick authenticated administrator...

This CSRF vulnerability in Liferay Portal allows attackers to trick authenticated users into accepting terms of use without their consent by visiting ...

Flusity-CMS v2.33 contains a CSRF vulnerability in the translation management component that allows attackers to trick authenticated administrators in...

Flusity-CMS v2.33 contains a CSRF vulnerability in the update_menu.php component that allows attackers to trick authenticated administrators into perf...

This vulnerability in NCR Terminal Handler v1.5.1 allows attackers to chain multiple CSRF attacks to create new user accounts and add them to administ...

A Cross-Site Request Forgery (CSRF) vulnerability in flusity-CMS v2.33 allows remote attackers to execute arbitrary code via the add_customblock.php e...

This CSRF vulnerability in flusity-CMS v2.33 allows attackers to trick authenticated administrators into executing arbitrary code by visiting maliciou...

This CSRF vulnerability in Profile Builder Pro WordPress plugin allows attackers to trick authenticated administrators into performing unintended acti...

This vulnerability in the WordPress Users plugin allows attackers to trick logged-in administrators into changing plugin settings without their consen...

This vulnerability in the Autotitle for WordPress plugin allows attackers to trick logged-in administrators into changing plugin settings without thei...

This CSRF vulnerability in NCR Terminal Handler v1.5.1 allows attackers to perform one-click account takeover by exploiting weak security controls in ...

FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the /system/score/scorerule_save endpoint. This allows attackers to trick au...

FlyCms v1.0 contains a CSRF vulnerability in the email configuration update endpoint that allows attackers to trick authenticated administrators into ...