High
CVE-2025-30550
Cross-Site Request Forgery (CSRF) vulnerability in WPShop.ru CallPhone'r callphoner allows Stored XSS.This issue affects CallPhone'r: from n/a through <= 1.1.1.
Tag: Cross-Site Request Forgery (CSRF)
All CVEs associated with "Cross-Site Request Forgery (CSRF)". Page 17/80 • 9568 CVEs.
Subscribe CVEs: RSS for “Cross-Site Request Forgery (CSRF)” · RSS (High+Critical only)
About “Cross-Site Request Forgery (CSRF)”
A curated feed of “Cross-Site Request Forgery (CSRF)”-related CVEs appears below. We currently track 9568 CVEs for this tag (all time). In the last 365 days, 1403 were published. Average CVSS is 6.4 (all time; 5.6 over 365d), and 37% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-352 - Cross-Site Request Forgery (CSRF), CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-862 - Missing Authorization.
In our taxonomy this topic maps to a MODERATE impact class. Common exploitation patterns for this weakness can lead to moderate. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2025-03-24
Medium
CVE-2025-30549
Cross-Site Request Forgery (CSRF) vulnerability in Yummly Yummly Rich Recipes yummly-rich-recipes allows Cross Site Request Forgery.This issue affects Yummly Rich Recipes: from n/a through <= 4.2.
Medium
CVE-2025-30546
Cross-Site Request Forgery (CSRF) vulnerability in boroV Cackle cackle allows Cross Site Request Forgery.This issue affects Cackle: from n/a through <= 4.33.
Medium
CVE-2025-30542
Cross-Site Request Forgery (CSRF) vulnerability in wpsolutions SoundCloud Ultimate soundcloud-ultimate allows Cross Site Request Forgery.This issue affects SoundCloud Ultimate: from n/a through <= 1.…
Medium
CVE-2025-30541
Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes Info Boxes Shortcode and Widget info-boxes-shortcode-and-widget allows Cross Site Request Forgery.This issue affects Info Boxes Shortcode…
Medium
CVE-2025-30538
Cross-Site Request Forgery (CSRF) vulnerability in ChrisHurst Simple Optimizer simple-optimizer allows Cross Site Request Forgery.This issue affects Simple Optimizer: from n/a through <= 1.2.7.
Medium
CVE-2025-30535
Cross-Site Request Forgery (CSRF) vulnerability in muro External image replace external-image-replace allows Cross Site Request Forgery.This issue affects External image replace: from n/a through <=…
Medium
CVE-2025-30534
Cross-Site Request Forgery (CSRF) vulnerability in captcha.soft Image Captcha image-captcha allows Cross Site Request Forgery.This issue affects Image Captcha: from n/a through <= 1.2.
Medium
CVE-2025-30531
Cross-Site Request Forgery (CSRF) vulnerability in GBS Developer WP Ride Booking wp-ride-booking allows Cross Site Request Forgery.This issue affects WP Ride Booking: from n/a through <= 2.4.
Medium
CVE-2025-30529
Cross-Site Request Forgery (CSRF) vulnerability in Sébastien Dumont Auto Load Next Post auto-load-next-post allows Cross Site Request Forgery.This issue affects Auto Load Next Post: from n/a through…
Critical
CVE-2025-30528
Cross-Site Request Forgery (CSRF) vulnerability in wpshopee Awesome Logos awesome-logos allows SQL Injection.This issue affects Awesome Logos: from n/a through <= 1.2.
Medium
CVE-2025-30526
Cross-Site Request Forgery (CSRF) vulnerability in lucksy Typekit plugin for WordPress typekit allows Cross Site Request Forgery.This issue affects Typekit plugin for WordPress: from n/a through <= 1…
High
CVE-2025-30522
Cross-Site Request Forgery (CSRF) vulnerability in Damian Orzol Contact Form 7 Material Design cf7-material-design allows Stored XSS.This issue affects Contact Form 7 Material Design: from n/a throug…
Medium
CVE-2025-30521
Cross-Site Request Forgery (CSRF) vulnerability in giangmd93 GP Back To Top gp-back-to-top allows Cross Site Request Forgery.This issue affects GP Back To Top: from n/a through <= 3.0.
2025-03-22
Medium
CVE-2025-0807
The CITS Support svg, webp Media and TTF,OTF File Upload, Use Custom Fonts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2. This is due to m…
Medium
CVE-2024-13768
The CITS Support svg, webp Media and TTF,OTF File Upload, Use Custom Fonts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2. This is due to m…
2025-03-20
High
CVE-2025-1473
A Cross-Site Request Forgery (CSRF) vulnerability exists in the Signup feature of mlflow/mlflow versions 2.17.0 to 2.20.1. This vulnerability allows an attacker to create a new account, which may be…
High
CVE-2024-9847
FlatPress CMS version latest is vulnerable to Cross-Site Request Forgery (CSRF) attacks that allow an attacker to enable or disable plugins on behalf of a victim user. The attacker can craft a malici…
Medium
CVE-2024-9365
A Cross-Site Request Forgery (CSRF) vulnerability in polyaxon/polyaxon v2.4.0 allows attackers to perform unauthorized actions in the context of the victim's browser. This includes creating projects,…
Medium
CVE-2024-9311
A Cross-Site Request Forgery (CSRF) vulnerability in haotian-liu/llava v1.2.0 (LLaVA-1.6) allows an attacker to upload files with malicious content without authentication or user interaction. The upl…
Medium
CVE-2024-8736
A Denial of Service (DoS) vulnerability exists in multiple file upload endpoints of parisneo/lollms-webui version V12 (Strawberry). The vulnerability can be exploited remotely via Cross-Site Request…
High
CVE-2024-8489
A vulnerability in modelscope/agentscope, specifically in the AgentScope Studio backend server, allows for Cross-Site Request Forgery (CSRF) due to overly permissive CORS headers. This issue affects…
High
CVE-2024-8065
A Cross-Site Request Forgery (CSRF) vulnerability in version v1.4.1 of danswer-ai/danswer allows attackers to perform unauthorized actions in the context of the victim's browser. This includes connec…
High
CVE-2024-8026
A Cross-Site Request Forgery (CSRF) vulnerability exists in the backend API of netease-youdao/qanything, as of commit d9ab8bc. The backend server has overly permissive CORS headers, allowing all cros…
High
CVE-2024-7806
A vulnerability in open-webui/open-webui versions <= 0.3.8 allows remote code execution by non-admin users via Cross-Site Request Forgery (CSRF). The application uses cookies with the SameSite attrib…
Critical
CVE-2024-7760
aimhubio/aim version 3.22.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the tracking server. The vulnerability is due to overly permissive CORS settings, allowing cross-origin reque…
Medium
CVE-2024-7035
In version v0.3.8 of open-webui/open-webui, sensitive actions such as deleting and resetting are performed using the GET method. This vulnerability allows an attacker to perform Cross-Site Request Fo…
Medium
CVE-2024-6841
A Cross-Site Request Forgery (CSRF) vulnerability exists in the latest commit (56b782bcefd2e59b19cd7ba7878b95f54884f502) of the vanna-ai/vanna repository. Two endpoints in the built-in web app that p…
High
CVE-2024-10906
In version 0.6.0 of eosphoros-ai/db-gpt, the `uvicorn` app created by `dbgpt_server` uses an overly permissive instance of `CORSMiddleware` which sets the `Access-Control-Allow-Origin` to `*` for all…
High
CVE-2024-10819
A Cross-Site Request Forgery (CSRF) vulnerability in version 3.83 of binary-husky/gpt_academic allows an attacker to trick a user into uploading files without their consent, exploiting their session.…
Medium
CVE-2024-10481
A CSRF vulnerability exists in comfyanonymous/comfyui versions up to v0.2.2. This vulnerability allows attackers to host malicious websites that, when visited by authenticated ComfyUI users, can perf…
Medium
CVE-2025-1314
The Custom Twitter Feeds – A Tweets Widget or X Feed Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.5. This is due to missing or inc…
2025-03-19
High
CVE-2024-13933
The FoodBakery | Delivery Restaurant Directory WordPress Theme theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.7. This is due to missing or inc…
2025-03-17
Medium
CVE-2025-2420
A vulnerability classified as problematic was found in 猫宁i Morning up to bc782730c74ff080494f145cc363a0b4f43f7d3e. Affected by this vulnerability is an unknown functionality. The manipulation leads t…
2025-03-15
Medium
CVE-2025-26899
Cross-Site Request Forgery (CSRF) vulnerability in Recapture Cart Recovery and Email Marketing Recapture for WooCommerce recapture-for-woocommerce allows Cross Site Request Forgery.This issue affects…
Medium
CVE-2025-1530
The Tripetto plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.0.9. This is due to missing nonce validation. This makes it possible for unauthen…
Medium
CVE-2025-2163
The Zoorum Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9. This is due to missing or incorrect nonce validation on the zoorum_set…
2025-03-14
Medium
CVE-2025-25873
Cross Site Request Forgery vulnerability in Open Panel OpenAdmin v.0.3.4 allows a remote attacker to escalate privileges via the Change Root Password function
High
CVE-2025-1764
The LoginPress | wp-login Custom Login Page Customizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.1. This is due to missing or incorrec…
High
CVE-2024-13913
The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1.0.83. This is due to missing or incorre…
2025-03-13
High
CVE-2025-1436
The Limit Bio WordPress plugin through 1.0 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin ad…
2025-03-11
High
CVE-2025-27792
Opal is OBiBa’s core database application for biobanks or epidemiological studies. Prior to version 5.1.1, the protections against cross-site request forgery (CSRF) were insufficient application-wide…
Medium
CVE-2025-28941
Cross-Site Request Forgery (CSRF) vulnerability in ohtan Spam Byebye spam-byebye allows Cross Site Request Forgery.This issue affects Spam Byebye: from n/a through <= 2.2.4.
Medium
CVE-2025-28940
Cross-Site Request Forgery (CSRF) vulnerability in arkapravamajumder Back To Top backtotop allows Cross Site Request Forgery.This issue affects Back To Top: from n/a through <= 2.0.
High
CVE-2025-28933
Cross-Site Request Forgery (CSRF) vulnerability in maxfoundry MaxA/B maxab allows Stored XSS.This issue affects MaxA/B: from n/a through <= 2.2.2.
High
CVE-2025-28932
Cross-Site Request Forgery (CSRF) vulnerability in BCS Website Solutions Insert Code insert-code allows Stored XSS.This issue affects Insert Code: from n/a through <= 2.4.
High
CVE-2025-28931
Cross-Site Request Forgery (CSRF) vulnerability in DevriX Hashtags wp-hashtags allows Stored XSS.This issue affects Hashtags: from n/a through <= 0.3.2.
Medium
CVE-2025-28927
Cross-Site Request Forgery (CSRF) vulnerability in A. Chappard Display Template Name display-template-name allows Cross Site Request Forgery.This issue affects Display Template Name: from n/a through…
High
CVE-2025-28925
Cross-Site Request Forgery (CSRF) vulnerability in Hieu Nguyen WATI Chat and Notification wati-chat-and-notification allows Stored XSS.This issue affects WATI Chat and Notification: from n/a through…
High
CVE-2025-28923
Cross-Site Request Forgery (CSRF) vulnerability in philippe No Disposable Email no-disposable-email allows Stored XSS.This issue affects No Disposable Email: from n/a through <= 2.5.1.
High
CVE-2025-28922
Cross-Site Request Forgery (CSRF) vulnerability in Terence D. Go To Top go-to-top allows Stored XSS.This issue affects Go To Top: from n/a through <= 0.0.8.
Medium
CVE-2025-28913
Cross-Site Request Forgery (CSRF) vulnerability in Aftab Ali Muni WP Add Active Class To Menu Item wp-add-active-class-to-menu-item allows Cross Site Request Forgery.This issue affects WP Add Active…
Medium
CVE-2025-28912
Cross-Site Request Forgery (CSRF) vulnerability in Muntasir Rahman Custom Dashboard Page custom-dashboard-page allows Cross Site Request Forgery.This issue affects Custom Dashboard Page: from n/a thr…
Medium
CVE-2025-28910
Cross-Site Request Forgery (CSRF) vulnerability in Ravinder Khurana WP Hide Admin Bar wp-hide-admin-bar allows Cross Site Request Forgery.This issue affects WP Hide Admin Bar: from n/a through <= 2.0.
Medium
CVE-2025-28909
Cross-Site Request Forgery (CSRF) vulnerability in edwardw WP No-Bot Question wp-no-bot-question allows Cross Site Request Forgery.This issue affects WP No-Bot Question: from n/a through <= 0.1.7.
Medium
CVE-2025-28902
Cross-Site Request Forgery (CSRF) vulnerability in Benjamin Pick Contact Form 7 Select Box Editor Button contact-form-7-select-box-editor-button allows Cross Site Request Forgery.This issue affects C…
High
CVE-2025-28901
Cross-Site Request Forgery (CSRF) vulnerability in Naren Members page only for logged in users members-page-only-for-logged-in-users allows Stored XSS.This issue affects Members page only for logged…
High
CVE-2025-28900
Cross-Site Request Forgery (CSRF) vulnerability in webgarb TabGarb Pro tabgarb allows Stored XSS.This issue affects TabGarb Pro: from n/a through <= 2.6.
High
CVE-2025-28897
Cross-Site Request Forgery (CSRF) vulnerability in Steveorevo Domain Theme domain-theme allows Stored XSS.This issue affects Domain Theme: from n/a through <= 1.3.
High
CVE-2025-28894
Cross-Site Request Forgery (CSRF) vulnerability in frucomerci List of Posts from each Category plugin for WordPress list-posts-by-category allows Stored XSS.This issue affects List of Posts from each…
High
CVE-2025-28892
Cross-Site Request Forgery (CSRF) vulnerability in a2rocklobster FTP Sync ftp-sync allows Stored XSS.This issue affects FTP Sync: from n/a through <= 1.1.6.
High
CVE-2025-28891
Cross-Site Request Forgery (CSRF) vulnerability in jazzigor price-calc price-calc allows Stored XSS.This issue affects price-calc: from n/a through <= 0.6.3.
Medium
CVE-2025-28887
Cross-Site Request Forgery (CSRF) vulnerability in Fastmover Plugins Last Updated Column plugins-last-updated-column allows Cross Site Request Forgery.This issue affects Plugins Last Updated Column:…
Medium
CVE-2025-28886
Cross-Site Request Forgery (CSRF) vulnerability in xjb REST API TO MiniProgram rest-api-to-miniprogram allows Cross Site Request Forgery.This issue affects REST API TO MiniProgram: from n/a through <…
Medium
CVE-2025-28884
Cross-Site Request Forgery (CSRF) vulnerability in Rajesh Kumar WP Bulk Post Duplicator wp-bulk-post-duplicator allows Cross Site Request Forgery.This issue affects WP Bulk Post Duplicator: from n/a…
High
CVE-2025-28883
Cross-Site Request Forgery (CSRF) vulnerability in Martin WP Compare Tables wp-compare-tables allows Stored XSS.This issue affects WP Compare Tables: from n/a through <= 1.0.5.
Medium
CVE-2025-28881
Cross-Site Request Forgery (CSRF) vulnerability in mg12 Mobile Themes wp-mobile-themes allows Cross Site Request Forgery.This issue affects Mobile Themes: from n/a through <= 1.1.1.
Medium
CVE-2025-28876
Cross-Site Request Forgery (CSRF) vulnerability in Skrill_Team Skrill Official official-skrill-woocommerce allows Cross Site Request Forgery.This issue affects Skrill Official: from n/a through <= 1.…
Medium
CVE-2025-28868
Cross-Site Request Forgery (CSRF) vulnerability in ZipList ZipList Recipe ziplist-recipe-plugin allows Cross Site Request Forgery.This issue affects ZipList Recipe: from n/a through <= 3.1.
Medium
CVE-2025-28867
Cross-Site Request Forgery (CSRF) vulnerability in stesvis Frontpage category filter frontpage-category-filter allows Cross Site Request Forgery.This issue affects Frontpage category filter: from n/a…
Medium
CVE-2025-28866
Cross-Site Request Forgery (CSRF) vulnerability in smerriman Login Logger login-logger allows Cross Site Request Forgery.This issue affects Login Logger: from n/a through <= 1.2.1.
Medium
CVE-2025-28864
Cross-Site Request Forgery (CSRF) vulnerability in planetstudio Builder for Contact Form 7 by Webconstruct cf7-builder allows Cross Site Request Forgery.This issue affects Builder for Contact Form 7…
Medium
CVE-2025-28863
Cross-Site Request Forgery (CSRF) vulnerability in Carlos Minatti Delete Original Image delete-original-image allows Cross Site Request Forgery.This issue affects Delete Original Image: from n/a thro…
Medium
CVE-2025-28862
Cross-Site Request Forgery (CSRF) vulnerability in Venugopal Comment Date and Gravatar remover remove-date-and-gravatar-under-comment allows Cross Site Request Forgery.This issue affects Comment Date…
High
CVE-2025-28861
Cross-Site Request Forgery (CSRF) vulnerability in bhzad WP jQuery Persian Datepicker wpjqp-datepicker allows Stored XSS.This issue affects WP jQuery Persian Datepicker: from n/a through <= 0.1.0.
High
CVE-2025-28860
Cross-Site Request Forgery (CSRF) vulnerability in PPDPurveyor Google News Editors Picks Feed Generator google-news-editors-picks-news-feeds allows Stored XSS.This issue affects Google News Editors P…
Medium
CVE-2025-28859
Cross-Site Request Forgery (CSRF) vulnerability in CodeVibrant Maintenance Notice maintenance-notice allows Cross Site Request Forgery.This issue affects Maintenance Notice: from n/a through <= 1.0.6.
High
CVE-2025-28857
Cross-Site Request Forgery (CSRF) vulnerability in rankchecker Rankchecker.io Integration rankchecker-io-integration allows Stored XSS.This issue affects Rankchecker.io Integration: from n/a through…
Medium
CVE-2025-28856
Cross-Site Request Forgery (CSRF) vulnerability in dangrossman W3Counter Free Real-Time Web Stats blog-stats-by-w3counter allows Cross Site Request Forgery.This issue affects W3Counter Free Real-Time…
High
CVE-2025-25928
A Cross-Site Request Forgery (CSRF) in the component /admin/users/user.form of Openmrs 2.4.3 Build 0ff0ed allows attackers to execute arbitrary operations via a crafted request. In this case, an atta…
Medium
CVE-2025-25927
A Cross-Site Request Forgery (CSRF) in Openmrs 2.4.3 Build 0ff0ed allows attackers to execute arbitrary operations via a crafted GET request.
High
CVE-2025-25748
A CSRF vulnerability in the gestione_utenti.php endpoint of HotelDruid 3.0.7 allows attackers to perform unauthorized actions (e.g., modifying user passwords) on behalf of authenticated users by expl…
High
CVE-2023-48790
A cross site request forgery vulnerability [CWE-352] in Fortinet FortiNDR version 7.4.0, 7.2.0 through 7.2.1 and 7.1.0 through 7.1.1 and before 7.0.5 may allow a remote unauthenticated attacker to ex…
High
CVE-2025-27912
An issue was discovered in Datalust Seq before 2024.3.13545. Missing Content-Type validation can lead to CSRF when (1) Entra ID or OpenID Connect authentication is in use and a user visits a compromi…
Medium
CVE-2024-13580
The XV Random Quotes WordPress plugin through 1.40 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack
Medium
CVE-2024-13436
The Appsero Helper plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.2. This is due to missing or incorrect nonce validation on the 'appsero_h…
2025-03-10
High
CVE-2025-27910
tianti v2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /user/ajax/upd/status. This vulnerability allows attackers to execute arbitrary operations via a crafted GE…
High
CVE-2025-25907
tianti v2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /user/ajax/save. This vulnerability allows attackers to execute arbitrary operations via a crafted GET or P…
High
CVE-2025-26910
Cross-Site Request Forgery (CSRF) vulnerability in Iqonic Design WPBookit wpbookit allows Stored XSS.This issue affects WPBookit: from n/a through <= 1.0.1.
Medium
CVE-2025-1926
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.8. This is due to missing or inc…
2025-03-09
Medium
CVE-2025-1382
The Contact Us By Lord Linus WordPress plugin through 2.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin…
Medium
CVE-2025-1362
The URL Shortener | Conversion Tracking | AB Testing | WooCommerce WordPress plugin through 9.0.2 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admin…
2025-03-08
High
CVE-2024-11640
The VikRentCar Car Rental Management System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.2. This is due to missing or incorrect nonce val…
Medium
CVE-2024-13826
The Email Keep WordPress plugin through 1.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
Medium
CVE-2024-13774
The Wishlist for WooCommerce: Multi Wishlists Per Customer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.7. This is due to missing or inco…
2025-03-07
Medium
CVE-2024-12634
The Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including…
Medium
CVE-2025-0748
The Homey theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.3. This is due to missing or incorrect nonce validation on the 'homey_verify_user_manua…
2025-03-06
Medium
CVE-2025-2042
A vulnerability has been found in huang-yk student-manage 1.0 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack…
Medium
CVE-2025-1383
The Podlove Podcast Publisher plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.2. This is due to missing or incorrect nonce validation on the…
2025-03-05
Medium
CVE-2025-27624
A cross-site request forgery (CSRF) vulnerability in Jenkins 2.499 and earlier, LTS 2.492.1 and earlier allows attackers to have users toggle their collapsed/expanded status of sidepanel widgets (e.g…
High
CVE-2024-51144
Cross Site Request Forgery (CSRF) vulnerability exists in the 'pvmsg.php?action=add_message', pvmsg.php?action=confirm_delete , and ajax.server.php?page=user&action=flip_follow endpoints in Ampache <…
Medium
CVE-2025-1463
The Spreadsheet Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.2. This is due to improper nonce validation within the class-wpg…
Medium
CVE-2025-1435
The bbPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.11. This is due to missing or incorrect nonce validation on the bbp_user_add_rol…
Medium
CVE-2025-0990
The I Am Gloria plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.4. This is due to missing or incorrect nonce validation on the iamgloria23_g…
High
CVE-2025-27664
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Insufficient CSRF Protection OVE-20230524-0008.
2025-03-04
Medium
CVE-2025-27402
Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap is missing CSRF protections on tracker fields administrative operations. An attacker could use…
Medium
CVE-2024-13682
The Wallet System for WooCommerce – Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and i…
High
CVE-2025-1306
The Newscrunch theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.4. This is due to missing or incorrect nonce validation on the newscrunch_inst…
Medium
CVE-2025-1891
A vulnerability was found in shishuocms 1.1 and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiate…
2025-03-03
Critical
CVE-2025-26206
Cross Site Request Forgery vulnerability in sell done storefront v.1.0 allows a remote attacker to escalate privileges via the index.html component
High
CVE-2025-25967
Acora CMS version 10.1.1 is vulnerable to Cross-Site Request Forgery (CSRF). This flaw enables attackers to trick authenticated users into performing unauthorized actions, such as account deletion or…
Medium
CVE-2024-30154
HCL SX is vulnerable to cross-site request forgery vulnerability which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
Medium
CVE-2025-25137
Cross-Site Request Forgery (CSRF) vulnerability in kareemsultan Social Links social-links allows Stored XSS.This issue affects Social Links: from n/a through <= 1.0.11.
High
CVE-2025-25121
Cross-Site Request Forgery (CSRF) vulnerability in shyammakwana Theme Options Z theme-options-z allows Cross Site Request Forgery.This issue affects Theme Options Z: from n/a through <= 1.4.
High
CVE-2025-23502
Cross-Site Request Forgery (CSRF) vulnerability in Ned Curated Search curated-search allows Stored XSS.This issue affects Curated Search: from n/a through <= 1.2.
High
CVE-2025-23446
Cross-Site Request Forgery (CSRF) vulnerability in KokoenDE WP SpaceContent wp-spacecontent allows Stored XSS.This issue affects WP SpaceContent: from n/a through <= 0.4.5.
Medium
CVE-2025-27579
In Bitaxe ESP-Miner before 2.5.0 with AxeOS, one can use an /api/system CSRF attack to update the payout address (aka stratumUser) for a Bitaxe Bitcoin miner, or change the frequency and voltage sett…
2025-03-02
Medium
CVE-2025-1813
A vulnerability classified as problematic was found in zj1983 zz up to 2024-08. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. The a…
2025-03-01
High
CVE-2024-12544
The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to arbitrary file deletion due to a missing capability…
Medium
CVE-2024-13518
The Simple:Press Forum plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.10.12. This is due to missing or incorrect nonce validation on the 'sp_…