High
CVE-2025-48144
Cross-Site Request Forgery (CSRF) vulnerability in sidngr Import Export For WooCommerce import-export-for-woocommerce allows Stored XSS.This issue affects Import Export For WooCommerce: from n/a thro…
Tag: Cross-Site Request Forgery (CSRF)
All CVEs associated with "Cross-Site Request Forgery (CSRF)". Page 13/80 • 9568 CVEs.
Subscribe CVEs: RSS for “Cross-Site Request Forgery (CSRF)” · RSS (High+Critical only)
About “Cross-Site Request Forgery (CSRF)”
A curated feed of “Cross-Site Request Forgery (CSRF)”-related CVEs appears below. We currently track 9568 CVEs for this tag (all time). In the last 365 days, 1403 were published. Average CVSS is 6.4 (all time; 5.6 over 365d), and 37% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-352 - Cross-Site Request Forgery (CSRF), CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-862 - Missing Authorization.
In our taxonomy this topic maps to a MODERATE impact class. Common exploitation patterns for this weakness can lead to moderate. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2025-05-16
Medium
CVE-2025-48115
Cross-Site Request Forgery (CSRF) vulnerability in Javier Revilla ValidateCertify validar-certificados-de-cursos allows Cross Site Request Forgery.This issue affects ValidateCertify: from n/a through…
High
CVE-2025-48114
Cross-Site Request Forgery (CSRF) vulnerability in Shayan Farhang Pazhooh ShayanWeb Admin FontChanger shayanweb-admin-fontchanger allows Stored XSS.This issue affects ShayanWeb Admin FontChanger: fro…
High
CVE-2025-32310
Cross-Site Request Forgery (CSRF) vulnerability in ThemeMove QuickCal - Appointment Booking Calendar for WordPress quickcal allows Privilege Escalation.This issue affects QuickCal - Appointment Booki…
Medium
CVE-2025-32245
Cross-Site Request Forgery (CSRF) vulnerability in Chaser324 Featured Posts Scroll featured-posts-scroll allows Stored XSS.This issue affects Featured Posts Scroll: from n/a through <= 1.25.
High
CVE-2025-31922
Cross-Site Request Forgery (CSRF) vulnerability in QuanticaLabs CSS3 Accordions for WordPress css3_accordions allows Stored XSS.This issue affects CSS3 Accordions for WordPress: from n/a through <= 3…
Medium
CVE-2025-31921
Cross-Site Request Forgery (CSRF) vulnerability in loopus WP Ultimate Tours Builder WP_UltimateToursBuilder allows Cross Site Request Forgery.This issue affects WP Ultimate Tours Builder: from n/a th…
Medium
CVE-2025-31915
Cross-Site Request Forgery (CSRF) vulnerability in kamleshyadav Pixel WordPress Form BuilderPlugin & Autoresponder pixel-formbuilder allows Cross Site Request Forgery.This issue affects Pixel WordPre…
Medium
CVE-2025-31639
Cross-Site Request Forgery (CSRF) vulnerability in themeton Spare allows Cross Site Request Forgery. This issue affects Spare: from n/a through 1.7.
Medium
CVE-2025-31068
Cross-Site Request Forgery (CSRF) vulnerability in themeton Seven Stars allows Cross Site Request Forgery. This issue affects Seven Stars: from n/a through 1.4.4.
2025-05-15
Medium
CVE-2025-2247
The WP-PManager WordPress plugin through 1.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
Medium
CVE-2025-1288
The WOOEXIM WordPress plugin through 5.0.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make an unauthenticated user vulne…
Medium
CVE-2024-9711
The EKC Tournament Manager WordPress plugin before 2.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF att…
Medium
CVE-2024-9709
The EKC Tournament Manager WordPress plugin before 2.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF att…
Medium
CVE-2024-9450
The Free Booking Plugin for Hotels, Restaurants and Car Rentals WordPress plugin before 1.3.15 does not have CSRF check in place when updating its settings, which could allow attackers to make a log…
Medium
CVE-2024-9233
The Logo Slider WordPress plugin before 3.7.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
Medium
CVE-2024-8398
The Simple Nav Archives WordPress plugin through 2.1.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
Medium
CVE-2024-8286
The webtoffee-gdpr-cookie-consent WordPress plugin before 2.6.1 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as…
Medium
CVE-2024-8245
The GamiPress WordPress plugin before 1.0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
Medium
CVE-2024-8095
The BabelZ WordPress plugin through 1.1.5 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS…
Medium
CVE-2024-8094
The Ntz Antispam WordPress plugin through 2.0e does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
Medium
CVE-2024-8090
The JavaScript Logic WordPress plugin through 0.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Sto…
Medium
CVE-2024-8085
The PeoplePond WordPress plugin through 1.1.9 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored…
Medium
CVE-2024-8082
The Widgets Reset WordPress plugin through 0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
Medium
CVE-2024-8050
The Custom Author Base WordPress plugin through 1.1.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
Medium
CVE-2024-8032
The Smooth Gallery Replacement WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in adm…
Medium
CVE-2024-7984
The Joy Of Text Lite WordPress plugin through 2.3.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
High
CVE-2024-6719
The Offload Videos WordPress plugin before 1.0.1 does not have CSRF check in place when updating its settings, which could allow low privilege users to update them via a CSRF attack
Medium
CVE-2024-6712
The MapFig Studio WordPress plugin through 0.2.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stor…
Medium
CVE-2024-12750
The Competition Form WordPress plugin through 2.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
Medium
CVE-2024-12301
The JSP Store Locator WordPress plugin through 1.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks.
Medium
CVE-2024-12282
The WordPress连接微博 WordPress plugin through 2.5.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stor…
Medium
CVE-2024-11719
The tarteaucitron-wp WordPress plugin before 0.3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add St…
Medium
CVE-2024-11373
The Connexion Logs WordPress plugin through 3.0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
Medium
CVE-2024-11141
The Sailthru Triggermail WordPress plugin through 1.1 does not sanitise and escape some of its settings and is missing CSRF protection which could allow subscribers to perform Stored Cross-Site Scrip…
Medium
CVE-2024-10677
The BTEV WordPress plugin through 2.0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
Medium
CVE-2024-10634
The Nokaut Offers Box WordPress plugin through 1.4.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin reset the Nokaut Offers Box Wo…
Low
CVE-2023-7297
The TwitterPosts WordPress plugin through 1.0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
Medium
CVE-2023-7229
The illi Link Party! WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.
High
CVE-2023-7197
The Marketing Twitter Bot WordPress plugin through 1.11 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin a…
Medium
CVE-2023-7196
The Ultimate Noindex Nofollow Tool WordPress plugin through 1.1.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a…
Medium
CVE-2023-7195
The WP-Reply Notify WordPress plugin through 1.1 does not have a CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack.
High
CVE-2023-7174
The aBitGone CommentSafe WordPress plugin through 1.0.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin a…
High
CVE-2023-5934
The Travelpayouts: All Travel Brands in One Place WordPress plugin before 1.1.13 does not have CSRF check in place when importing settings from the v1, which could allow attackers to make a logged in…
Medium
CVE-2023-2334
The edd-google-sheet-connector-pro WordPress plugin before 1.4, Easy Digital Downloads Google Sheet Connector WordPress plugin before 1.6.6 does not have CSRF check when updating its Access Code, whi…
High
CVE-2025-32922
Cross-Site Request Forgery (CSRF) vulnerability in Saleswonder Team: Tobias WP2LEADS wp2leads allows Stored XSS.This issue affects WP2LEADS: from n/a through <= 3.5.0.
Medium
CVE-2025-44185
SourceCodester Best Employee Management System V1.0 is vulnerable to Cross Site Request Forgery (CSRF) in /admin/change_pass.php via the password parameter.
2025-05-14
Medium
CVE-2025-47886
A cross-site request forgery (CSRF) vulnerability in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a_740b_a_48 and earlier allows attackers to connect to an attacker-specified URL using attacker-spe…
High
CVE-2025-47708
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Cross Site Request Forgery.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.7.0…
High
CVE-2025-47701
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Restrict route by IP allows Cross Site Request Forgery.This issue affects Restrict route by IP: from 0.0.0 before 1.3.0.
Medium
CVE-2025-44186
SourceCodester Best Employee Management System 1.0 is vulnerable to Cross Site Request Forgery (CSRF) in /admin/Operation/User.php page.
2025-05-13
Medium
CVE-2025-47204
An issue was discovered in post.php in bootstrap-multiselect (aka Bootstrap Multiselect) 1.1.2. A PHP script in the source code echoes arbitrary POST data. If a developer adopts this structure wholes…
Medium
CVE-2025-46721
nosurf is cross-site request forgery (CSRF) protection middleware for Go. A vulnerability in versions prior to 1.2.0 allows an attacker who controls content on the target site, or on a subdomain of t…
2025-05-12
High
CVE-2025-46610
ARTEC EMA Mail 6.92 allows CSRF.
2025-05-09
Medium
CVE-2025-4375
Cross-Site Request Forgery (CSRF) vulnerability in Sparx Systems Pro Cloud Server allows Cross-Site Request Forgery to perform Session Hijacking. Cross-Site Request Forgery is present at the whole ap…
2025-05-07
Medium
CVE-2025-20195
A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a CSRF attack and execute commands on the CLI of an affected…
High
CVE-2025-47685
Cross-Site Request Forgery (CSRF) vulnerability in Moloni Contribuinte Checkout contribuinte-checkout allows Stored XSS.This issue affects Contribuinte Checkout: from n/a through <= 2.0.03.
Medium
CVE-2025-47684
Cross-Site Request Forgery (CSRF) vulnerability in Smaily Smaily for WP smaily-for-wp allows Cross Site Request Forgery.This issue affects Smaily for WP: from n/a through <= 3.1.7.
Medium
CVE-2025-47681
Cross-Site Request Forgery (CSRF) vulnerability in Ability, Inc Web Accessibility with Max Access accessibility-toolbar allows Cross Site Request Forgery.This issue affects Web Accessibility with Max…
Medium
CVE-2025-47674
Cross-Site Request Forgery (CSRF) vulnerability in Credova Financial Credova_Financial credova-financial allows Cross Site Request Forgery.This issue affects Credova_Financial: from n/a through <= 2.…
Medium
CVE-2025-47667
Cross-Site Request Forgery (CSRF) vulnerability in qusupport LiveAgent liveagent allows Cross Site Request Forgery.This issue affects LiveAgent: from n/a through <= 4.4.7.
Medium
CVE-2025-47661
Cross-Site Request Forgery (CSRF) vulnerability in codemstory 워드프레스 결제 심플페이 pgall-for-woocommerce allows Cross Site Request Forgery.This issue affects 워드프레스 결제 심플페이: from n/a through <= 5.2.11.
High
CVE-2025-47655
Cross-Site Request Forgery (CSRF) vulnerability in themarketer2023 theMarketer themarketer allows Stored XSS.This issue affects theMarketer: from n/a through <= 1.4.7.
High
CVE-2025-47648
Cross-Site Request Forgery (CSRF) vulnerability in axima Pays – WooCommerce Payment Gateway axima-payment-gateway allows Stored XSS.This issue affects Pays – WooCommerce Payment Gateway: from n/a thr…
Medium
CVE-2025-47647
Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes Sidebar Manager Light sidebar-manager-light allows Cross Site Request Forgery.This issue affects Sidebar Manager Light: from n/a through <…
High
CVE-2025-47639
Cross-Site Request Forgery (CSRF) vulnerability in Supertext Supertext Translation and Proofreading polylang-supertext allows Stored XSS.This issue affects Supertext Translation and Proofreading: fro…
Medium
CVE-2025-47633
Cross-Site Request Forgery (CSRF) vulnerability in Awin Awin – Advertiser Tracking for WooCommerce awin-advertiser-tracking allows Cross Site Request Forgery.This issue affects Awin – Advertiser Trac…
Medium
CVE-2025-47624
Cross-Site Request Forgery (CSRF) vulnerability in apasionados DoFollow Case by Case dofollow-case-by-case allows Cross Site Request Forgery.This issue affects DoFollow Case by Case: from n/a through…
High
CVE-2025-47620
Cross-Site Request Forgery (CSRF) vulnerability in bundgaard Martins Free Monetized Ad Exchange Network martins-free-and-easy-ad-network-get-more-visitors allows Reflected XSS.This issue affects Mart…
Medium
CVE-2025-47614
Cross-Site Request Forgery (CSRF) vulnerability in Chris Clark LessButtons Social Sharing and Statistics lessbuttons allows Cross Site Request Forgery.This issue affects LessButtons Social Sharing an…
Medium
CVE-2025-47609
Cross-Site Request Forgery (CSRF) vulnerability in easymebiz EasyMe Connect easyme-connect allows Cross Site Request Forgery.This issue affects EasyMe Connect: from n/a through <= 3.0.3.
Medium
CVE-2025-47606
Cross-Site Request Forgery (CSRF) vulnerability in Igor Benic Simple Giveaways giveasap allows Cross Site Request Forgery.This issue affects Simple Giveaways: from n/a through <= 2.49.0.
Medium
CVE-2025-47597
Cross-Site Request Forgery (CSRF) vulnerability in Maulik Vora WP Podcasts Manager wp-podcasts-manager allows Cross Site Request Forgery.This issue affects WP Podcasts Manager: from n/a through <= 1.…
Medium
CVE-2025-47596
Cross-Site Request Forgery (CSRF) vulnerability in Syed Balkhi Beacon Lead Magnets and Lead Capture beacon-by allows Cross Site Request Forgery.This issue affects Beacon Lead Magnets and Lead Capture…
Medium
CVE-2025-47594
Cross-Site Request Forgery (CSRF) vulnerability in DAEXT Soccer Live Scores allows Cross Site Request Forgery. This issue affects Soccer Live Scores: from n/a through 1.0.5.
Medium
CVE-2025-47590
Cross-Site Request Forgery (CSRF) vulnerability in JExtensions Store WPSpeed wpspeed allows Cross Site Request Forgery.This issue affects WPSpeed: from n/a through <= 2.6.5.
Medium
CVE-2025-47551
Cross-Site Request Forgery (CSRF) vulnerability in ctltwp Wiki Embed wiki-embed allows Cross Site Request Forgery.This issue affects Wiki Embed: from n/a through <= 1.4.6.
High
CVE-2025-47546
Cross-Site Request Forgery (CSRF) vulnerability in AresIT WP Compress wp-compress-image-optimizer allows Cross Site Request Forgery.This issue affects WP Compress: from n/a through <= 6.30.30.
Medium
CVE-2025-47543
Cross-Site Request Forgery (CSRF) vulnerability in themetechmount TrueBooker truebooker-appointment-booking allows Cross Site Request Forgery.This issue affects TrueBooker: from n/a through <= 1.0.7.
Medium
CVE-2025-47542
Cross-Site Request Forgery (CSRF) vulnerability in Michael Simple calendar for Elementor simple-calendar-for-elementor allows Cross Site Request Forgery.This issue affects Simple calendar for Element…
High
CVE-2025-47533
Cross-Site Request Forgery (CSRF) vulnerability in Iqonic Design Graphina graphina-elementor-charts-and-graphs allows PHP Local File Inclusion.This issue affects Graphina: from n/a through <= 3.0.4.
Medium
CVE-2025-47523
Cross-Site Request Forgery (CSRF) vulnerability in Lukáš Hartmann Seznam Webmaster seznam-webmaster allows Cross Site Request Forgery.This issue affects Seznam Webmaster: from n/a through <= 1.4.7.
Medium
CVE-2025-47519
Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Easy PayPal Events easy-paypal-events-tickets allows Cross Site Request Forgery.This issue affects Easy PayPal Events: from n/a throu…
High
CVE-2025-47517
Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Accept Donations with PayPal & Stripe easy-paypal-donation allows Stored XSS.This issue affects Accept Donations with PayPal & Stripe…
High
CVE-2025-47514
Cross-Site Request Forgery (CSRF) vulnerability in Eli ELI's Related Posts Footer Links and Widget spostarbust allows Stored XSS.This issue affects ELI's Related Posts Footer Links and Widget: from n…
High
CVE-2025-47491
Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Contact Form Widget new-contact-form-widget allows Cross Site Request Forgery.This issue affects Contact Form Widget: from n/a through <=…
Medium
CVE-2025-47473
Cross-Site Request Forgery (CSRF) vulnerability in pimwick PW WooCommerce Bulk Edit pw-bulk-edit allows Cross Site Request Forgery.This issue affects PW WooCommerce Bulk Edit: from n/a through <= 2.1…
Medium
CVE-2025-47470
Cross-Site Request Forgery (CSRF) vulnerability in senols GPT3 AI Content Writer gpt3-ai-content-generator allows Cross Site Request Forgery.This issue affects GPT3 AI Content Writer: from n/a throug…
Medium
CVE-2025-47468
Cross-Site Request Forgery (CSRF) vulnerability in hashthemes Hash Form hash-form allows Cross Site Request Forgery.This issue affects Hash Form: from n/a through <= 1.2.8.
Medium
CVE-2025-47466
Cross-Site Request Forgery (CSRF) vulnerability in Rustaurius Ultimate WP Mail ultimate-wp-mail allows Cross Site Request Forgery.This issue affects Ultimate WP Mail: from n/a through <= 1.3.4.
High
CVE-2025-47462
Cross-Site Request Forgery (CSRF) vulnerability in WebAppick Challan webappick-pdf-invoice-for-woocommerce allows Privilege Escalation.This issue affects Challan: from n/a through <= 3.7.58.
Medium
CVE-2025-47459
Cross-Site Request Forgery (CSRF) vulnerability in Roxnor FundEngine wp-fundraising-donation allows Cross Site Request Forgery.This issue affects FundEngine: from n/a through <= 1.7.3.
Medium
CVE-2025-47451
Cross-Site Request Forgery (CSRF) vulnerability in silverplugins217 Product Quantity Dropdown For Woocommerce product-quantity-dropdown-for-woocommerce allows Cross Site Request Forgery.This issue af…
Medium
CVE-2025-47448
Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows Cross Site Request Forgery.This issue affects WP Hotel Booking: from n/a through <= 2.1.9.
Medium
CVE-2025-47447
Cross-Site Request Forgery (CSRF) vulnerability in Hossni Mubarak Cool Author Box hm-cool-author-box-widget allows Cross Site Request Forgery.This issue affects Cool Author Box: from n/a through <= 3…
Medium
CVE-2025-47446
Cross-Site Request Forgery (CSRF) vulnerability in listamester Listamester listamester allows Cross Site Request Forgery.This issue affects Listamester: from n/a through <= 2.3.6.
High
CVE-2025-0669
Cross-Site Request Forgery (CSRF) vulnerability in BOINC Server allows Cross Site Request Forgery.This issue affects BOINC Server: before 1.4.3.
2025-05-06
Medium
CVE-2025-4327
A vulnerability was found in MRCMS 3.1.2. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the at…
Medium
CVE-2025-4337
The AHAthat Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6. This is due to missing or incorrect nonce validation on the aha_plugin_p…
2025-05-05
Medium
CVE-2024-42212
HCL BigFix Compliance is affected by an improper or missing SameSite attribute. This can lead to Cross-Site Request Forgery (CSRF) attacks, where a malicious site could trick a user's browser into m…
Medium
CVE-2025-4282
A vulnerability has been found in SourceCodester/oretnom23 Stock Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /classes/Users.php?f=save. Th…
High
CVE-2025-28062
A Cross-Site Request Forgery (CSRF) vulnerability was discovered in ERPNEXT 14.82.1 and 14.74.3. The vulnerability allows an attacker to perform unauthorized actions such as user deletion, password r…
2025-05-03
High
CVE-2025-47244
Inedo ProGet through 2024.22 allows remote attackers to reach restricted functionality through the C# reflection layer, as demonstrated by causing a denial of service (when an attacker executes a loo…
Medium
CVE-2025-4199
The Abundatrade Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.02. This is due to missing or incorrect nonce validation on the 'abun…
Medium
CVE-2025-4198
The Alink Tap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.1. This is due to missing or incorrect nonce validation on the 'alink-tap' pag…
Medium
CVE-2025-4188
The Advanced Reorder Image Text Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation…
2025-05-02
High
CVE-2024-11142
Cross-Site Request Forgery (CSRF) vulnerability in Gosoft Software Proticaret E-Commerce allows Cross Site Request Forgery. This issue affects Proticaret E-Commerce: before v6.0 NOTE: According t…
2025-05-01
Medium
CVE-2025-2168
The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin for WordPress is vulnerable to Cross-Site Re…
High
CVE-2025-1305
The NewsBlogger theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2.5.4. This is due to missing or incorrect nonce validation on the newsblogger_…
2025-04-29
High
CVE-2025-32354
In Zimbra Collaboration (ZCS) 9.0 through 10.1, a Cross-Site Request Forgery (CSRF) vulnerability exists in the GraphQL endpoint (/service/extension/graphql) of Zimbra webmail due to a lack of CSRF t…
Medium
CVE-2025-4088
A security vulnerability in Thunderbird allowed malicious sites to use redirects to send credentialed requests to arbitrary endpoints on any site that had invoked the Storage Access API. This enabled…
2025-04-28
Medium
CVE-2025-3997
A vulnerability classified as problematic has been found in dazhouda lecms 3.0.3. This affects an unknown part of the file /index.php?my-profile-ajax-1 of the component Personal Information Page. The…
2025-04-27
Medium
CVE-2025-3979
A vulnerability classified as problematic has been found in dazhouda lecms 3.0.3. This affects an unknown part of the file /index.php?my-password-ajax-1 of the component Password Change Handler. The…
Medium
CVE-2025-3964
A vulnerability, which was classified as problematic, was found in withstars Books-Management-System 1.0. Affected is an unknown function of the file /api/article/del of the component Article Handler…
Medium
CVE-2025-3959
A vulnerability was found in withstars Books-Management-System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /reader_delete.html. Th…
2025-04-26
Critical
CVE-2025-2907
The Order Delivery Date WordPress plugin before 12.3.1 does not have authorization and CSRF checks when importing settings. Furthermore it also lacks proper checks to only update options relevant to…
2025-04-25
High
CVE-2025-3638
A flaw was found in Moodle. The analysis request action in the Brickfield tool did not include the necessary token to prevent a Cross-site request forgery (CSRF) risk.
Low
CVE-2025-3637
A security vulnerability was found in Moodle where confidential information that prevents cross-site request forgery (CSRF) attacks was shared publicly through the site's URL. This vulnerability occu…
Low
CVE-2025-3635
A security vulnerability was discovered in Moodle that allows anyone to duplicate existing tours without needing to log in due to a lack of protection against cross-site request forgery (CSRF) attack…
Medium
CVE-2025-3870
The 1 Decembrie 1918 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.dec.2012. This is due to missing or incorrect nonce validation on the 1-d…