CWE-352: Cross-Site Request Forgery (CSRF)

This CSRF vulnerability in the bbPress Toolkit WordPress plugin allows attackers to trick authenticated administrators into performing unintended acti...

This CSRF vulnerability in the Malinky Ajax Pagination and Infinite Scroll WordPress plugin allows attackers to trick authenticated administrators int...

This CSRF vulnerability in the WP Report Post WordPress plugin allows attackers to trick authenticated users into performing unintended actions, such ...

This CSRF vulnerability in the Groundhogg WordPress plugin allows attackers to trick authenticated administrators into performing unintended actions. ...

This CSRF vulnerability in the LH Password Changer WordPress plugin allows attackers to trick authenticated administrators into performing unauthorize...

This CSRF vulnerability in the Auto Publish for Google My Business WordPress plugin allows attackers to trick authenticated administrators into perfor...

This Cross-Site Request Forgery (CSRF) vulnerability in the JoomSky JS Job Manager WordPress plugin allows attackers to trick authenticated administra...

This CSRF vulnerability in WPC Smart Wishlist for WooCommerce allows attackers to trick authenticated users into performing unintended actions on thei...

This CSRF vulnerability in the Publish to Schedule WordPress plugin allows attackers to trick authenticated administrators into performing unintended ...

This CSRF vulnerability in the Email Templates Customizer and Designer WordPress plugin allows attackers to trick authenticated administrators into pe...

This CSRF vulnerability in the Serena Villa Auto Excerpt Everywhere WordPress plugin allows attackers to trick authenticated administrators into perfo...

This CSRF vulnerability in the Auto Limit Posts Reloaded WordPress plugin allows attackers to trick authenticated administrators into performing unint...

This Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Alter plugin allows attackers to trick authenticated administrators into perform...

This CSRF vulnerability in the Kadence WooCommerce Email Designer WordPress plugin allows attackers to trick authenticated administrators into perform...

This Cross-Site Request Forgery (CSRF) vulnerability in the Djo Original texts Yandex WebMaster WordPress plugin allows attackers to trick authenticat...

This vulnerability allows attackers to perform Cross-Site Request Forgery (CSRF) attacks that lead to Stored Cross-Site Scripting (XSS) in the Nazmul ...

This CSRF vulnerability in PKP-Lib allows attackers to trick authenticated users into performing unintended actions by submitting malicious requests. ...

This CSRF vulnerability in DouHaocms v3.3 allows attackers to trick authenticated administrators into executing arbitrary code by submitting forged re...

ZenTao Biz version 4.1.3 and earlier contains a Cross-Site Request Forgery (CSRF) vulnerability that allows attackers to trick authenticated users int...

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in an application interface that fails to validate HTTP requests. Attackers can t...

This Cross-Site Request Forgery (CSRF) vulnerability in Modoboa email management platform allows attackers to trick authenticated users into performin...

This CSRF vulnerability in mosparo allows attackers to trick authenticated users into performing unintended actions on their behalf. It affects all us...

The ImageMagick Engine WordPress plugin up to version 1.7.5 contains a Cross-Site Request Forgery (CSRF) vulnerability in the 'cli_path' parameter tha...

This Cross-Site Request Forgery (CSRF) vulnerability in PKP Open Journal Systems (OJS) allows attackers to trick authenticated users into performing u...

Dreamer CMS v4.1.3 contains a Cross-Site Request Forgery (CSRF) vulnerability in the attachment deletion function. This allows attackers to trick auth...

Dreamer CMS v4.1.3 contains a CSRF vulnerability in the variable management modification function at /variable/update. This allows attackers to trick ...

Dreamer CMS v4.1.3 contains a CSRF vulnerability in the user addition function at /admin/user/add. This allows attackers to trick authenticated admini...

A Cross-Site Request Forgery (CSRF) vulnerability in the Chalet application of Extreme Networks Switch Engine (EXOS) allows attackers to execute arbit...

SPA-Cart 1.9.0.3 has a CSRF vulnerability that allows attackers to create admin accounts with full privileges by tricking authenticated administrators...

This CSRF vulnerability in Snipe-IT allows attackers to trick authenticated users into performing unintended actions without their consent. It affects...

SmodBIP is vulnerable to Cross-Site Request Forgery (CSRF) that allows attackers to trick authenticated users into performing unintended actions. This...

This CSRF vulnerability in FURUNO SYSTEMS wireless LAN access point devices allows attackers to perform unauthorized operations when authenticated use...

This CSRF vulnerability in phpkobo AjaxNewTicker v1.0.5 allows attackers to trick authenticated users into executing arbitrary code by submitting mali...

This CSRF vulnerability in Cassia Access Controller allows attackers to trick authenticated users into performing unauthorized web SSH actions to gate...

This CSRF vulnerability in Seacms allows attackers to create unauthorized admin accounts by tricking authenticated administrators into visiting malici...

This CSRF vulnerability in iCMSv.7.0.16 allows attackers to trick authenticated administrators into executing arbitrary code through malicious request...

This CSRF vulnerability in Jenkins Build Failure Analyzer Plugin allows attackers to trick authenticated users into making unauthorized connections to...

This CSRF vulnerability in the memos application allows attackers to trick authenticated users into performing unintended actions by crafting maliciou...

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in Grocy versions up to 4.0.2. Attackers can trick authenticated users into perfo...

CVE-2023-40953 is a Cross-Site Request Forgery (CSRF) vulnerability in icms 7.0.16 that allows attackers to trick authenticated users into performing ...

CVE-2015-1391 is a Cross-Site Request Forgery (CSRF) vulnerability in Aruba AirWave network management software that allows attackers to bypass CSRF p...

A Cross-Site Request Forgery (CSRF) vulnerability in yzmcms version 5.6 allows attackers to trick authenticated administrators into performing unautho...

This CSRF vulnerability in xxl-job-admin allows attackers to create admin users via crafted HTML files, leading to privilege escalation and potential ...

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in Benno MailArchiv web application. Attackers can trick authenticated users into...

A CSRF token bypass vulnerability in PRTG Network Monitor versions 23.2.84.1566 and earlier allows attackers to trick authenticated users into perform...

This CSRF vulnerability in wger Workout Manager allows attackers to trick authenticated users into performing unintended actions, such as resetting pa...

This vulnerability allows attackers to manipulate popup notification timing in Firefox browsers, tricking users into granting unintended permissions. ...

This CSRF vulnerability in Guanzhou Tozed Kangwei Intelligent Technology ZLTS10G software allows attackers to take over user accounts by tricking auth...

This CSRF vulnerability in GX Software XperienCentral's Interactive Forms allows attackers to trick authenticated users into performing unintended act...

This CSRF vulnerability in Nokia NetAct allows attackers to create users with arbitrary privileges, including administrative accounts, by tricking aut...