CWE-352: Cross-Site Request Forgery (CSRF)

FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the email template update endpoint. This allows attackers to trick authentic...

FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the group update functionality. This allows attackers to trick authenticated...

FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the score deletion endpoint (/system/score/del). This allows attackers to tr...

FlyCms v1.0 contains a CSRF vulnerability in the user group update endpoint that allows attackers to trick authenticated administrators into performin...

Stupid Simple CMS versions up to 1.2.4 contain a Cross-Site Request Forgery (CSRF) vulnerability in the admin-edit.php component. This allows attacker...

FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the /system/site/userconfig_updagte component. This allows attackers to tric...

FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the web configuration update component. This allows attackers to trick authe...

This vulnerability in the WP Blogs' Planetarium WordPress plugin allows attackers to trick logged-in administrators into changing plugin settings with...

The CommentTweets WordPress plugin through version 0.6 lacks CSRF protection on certain endpoints, allowing attackers to trick logged-in administrator...

A Cross-Site Request Forgery (CSRF) vulnerability in ioLogik E1200 Series firmware allows attackers to trick authenticated users into performing unint...

This vulnerability in WordPress export plugins allows attackers to bypass CSRF protection and trick logged-in users into performing unauthorized actio...

A CSRF vulnerability in Jenkins PaaSLane Estimate Plugin allows attackers to trick authenticated users into making unauthorized requests to attacker-c...

This CSRF vulnerability in Jenkins Nexus Platform Plugin allows attackers to trick authenticated users into making unintended HTTP requests to attacke...

This CSRF vulnerability in Jenkins Nexus Platform Plugin allows attackers to trick authenticated users into connecting Jenkins to malicious HTTP serve...

This CSRF vulnerability in Silverpeas Core allows attackers to escalate privileges by tricking authenticated administrators into visiting malicious UR...

Silverpeas Core 6.3.1 has a CSRF vulnerability in its Domain SQL Create function that allows attackers to trick authenticated users into executing una...

JFinalCMS v5.0.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the /admin/form/save endpoint that allows attackers to trick authentica...

JFinalCMS v5.0.0 contains a CSRF vulnerability in the friend link deletion endpoint (/admin/friend_link/delete) that allows attackers to trick authent...

JFinalCMS v5.0.0 contains a CSRF vulnerability in the custom table deletion endpoint (/admin/div/delete). This allows attackers to trick authenticated...

JFinalCMS v5.0.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the column management modification endpoint (/admin/category/update). T...

JFinalCMS v5.0.0 contains a CSRF vulnerability in the category status update endpoint (/admin/category/updateStatus) that allows attackers to trick au...

JFinalCMS v5.0.0 contains a CSRF vulnerability in the navigation management area that allows attackers to trick authenticated administrators into perf...

JFinalCMS v5.0.0 contains a CSRF vulnerability in the navigation management delete endpoint. This allows attackers to trick authenticated administrato...

JFinalCMS v5.0.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the slide management endpoint (/admin/slide/save). This allows attacker...

JFinalCMS v5.0.0 contains a CSRF vulnerability in the rotation image editing functionality at /admin/slide/update. This allows attackers to trick auth...

JFinalCMS v5.0.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the tag deletion endpoint (/admin/tag/delete). This allows attackers to...

This CSRF vulnerability in Connectize AC21000 G6 routers allows attackers to change the administrator password via a crafted GET request to /man_passw...

Dreamer CMS v4.1.3 contains a CSRF vulnerability in the article deletion function that allows attackers to trick authenticated administrators into per...

This CSRF vulnerability in Thrive Theme Builder allows attackers to trick authenticated WordPress administrators into performing unintended actions. I...

The UserPro WordPress plugin up to version 5.1.1 has a Cross-Site Request Forgery vulnerability that allows unauthenticated attackers to trick adminis...

This vulnerability in the WooHoo Newspaper Magazine WordPress theme allows attackers to trick logged-in administrators into changing theme settings wi...

This CSRF vulnerability in XWiki Admin Tools allows attackers to execute arbitrary database queries when an admin user views malicious content. It aff...

This Cross-Site Request Forgery (CSRF) vulnerability in Prefect allows attackers to trick authenticated users into performing unintended actions on th...

Dreamer CMS v4.1.3 contains a CSRF vulnerability in the task management execution endpoint (/admin/task/run) that allows attackers to trick authentica...

This vulnerability allows attackers to trick authenticated WordPress administrators into performing unintended actions via Cross-Site Request Forgery ...

This CSRF vulnerability in the WPIndeed Debug Assistant WordPress plugin allows attackers to trick authenticated administrators into performing uninte...

This Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Spreadshop plugin allows attackers to trick authenticated administrators into pe...

This CSRF vulnerability in the Simple Job Board WordPress plugin allows attackers to trick authenticated administrators into performing unintended act...

This CSRF vulnerability in the Export WP Page to Static HTML/CSS WordPress plugin allows attackers to trick authenticated administrators into performi...

This CSRF vulnerability in the Simple Giveaways WordPress plugin allows attackers to trick authenticated administrators into performing unintended act...

This CSRF vulnerability in the Chronosly Events Calendar WordPress plugin allows attackers to trick authenticated administrators into performing unint...

This CSRF vulnerability in the PeepSo WordPress plugin allows attackers to trick authenticated users into performing unintended actions on their behal...

This Cross-Site Request Forgery (CSRF) vulnerability in the Daniel Powney Multi Rating WordPress plugin allows attackers to trick authenticated admini...

This CSRF vulnerability in VikBooking Hotel Booking Engine & PMS plugin allows attackers to trick authenticated WordPress administrators into performi...

This CSRF vulnerability in the WordPress Forget About Shortcode Buttons plugin allows attackers to trick authenticated administrators into performing ...

This Cross-Site Request Forgery (CSRF) vulnerability in the Sunny Search WordPress plugin allows attackers to trick authenticated administrators into ...

This CSRF vulnerability in the WordPress Hyphenator plugin allows attackers to trick authenticated administrators into performing unintended actions. ...

This CSRF vulnerability in the WordPress WP Custom Cursors plugin allows attackers to trick authenticated administrators into performing unintended ac...

This CSRF vulnerability in the WooCommerce AutomateWoo plugin allows attackers to trick authenticated administrators into performing unintended action...

This CSRF vulnerability in the WP Full Auto Tags Manager WordPress plugin allows attackers to trick authenticated administrators into performing unint...