Medium
CVE-2026-1075
The ZT Captcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to improper nonce validation on the save_ztcpt_captcha_setting…
Tag: Cross-Site Request Forgery (CSRF)
All CVEs associated with "Cross-Site Request Forgery (CSRF)". Page 5/80 • 9568 CVEs.
Subscribe CVEs: RSS for “Cross-Site Request Forgery (CSRF)” · RSS (High+Critical only)
About “Cross-Site Request Forgery (CSRF)”
A curated feed of “Cross-Site Request Forgery (CSRF)”-related CVEs appears below. We currently track 9568 CVEs for this tag (all time). In the last 365 days, 1403 were published. Average CVSS is 6.4 (all time; 5.6 over 365d), and 37% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-352 - Cross-Site Request Forgery (CSRF), CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-862 - Missing Authorization.
In our taxonomy this topic maps to a MODERATE impact class. Common exploitation patterns for this weakness can lead to moderate. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2026-01-24
Medium
CVE-2026-1070
The Alex User Counter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.0. This is due to missing nonce validation on the alex_user_counter_func…
Medium
CVE-2025-14906
The WP Youtube Video Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce verification on the wpYTVideoGall…
Medium
CVE-2025-14903
The Simple Crypto Shortcodes plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.2. This is due to missing nonce validation on the scs_backend funct…
2026-01-23
Medium
CVE-2026-24596
Cross-Site Request Forgery (CSRF) vulnerability in marynixie Related Posts Thumbnails Plugin for WordPress related-posts-thumbnails allows Cross Site Request Forgery.This issue affects Related Posts…
Medium
CVE-2026-24549
Cross-Site Request Forgery (CSRF) vulnerability in Paolo GeoDirectory geodirectory allows Cross Site Request Forgery.This issue affects GeoDirectory: from n/a through <= 2.8.149.
Medium
CVE-2026-24542
Cross-Site Request Forgery (CSRF) vulnerability in John James Jacoby WP Term Order wp-term-order allows Cross Site Request Forgery.This issue affects WP Term Order: from n/a through <= 2.1.0.
Medium
CVE-2026-24521
Cross-Site Request Forgery (CSRF) vulnerability in Timur Kamaev Kama Thumbnail kama-thumbnail allows Cross Site Request Forgery.This issue affects Kama Thumbnail: from n/a through <= 3.5.1.
2026-01-22
Medium
CVE-2026-24384
Cross-Site Request Forgery (CSRF) vulnerability in launchinteractive Merge + Minify + Refresh merge-minify-refresh allows Cross Site Request Forgery.This issue affects Merge + Minify + Refresh: from…
Medium
CVE-2026-24374
Cross-Site Request Forgery (CSRF) vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Cross Site Request Forgery.This issue affects Registrati…
Medium
CVE-2026-24365
Cross-Site Request Forgery (CSRF) vulnerability in storeapps Stock Manager for WooCommerce woocommerce-stock-manager allows Cross Site Request Forgery.This issue affects Stock Manager for WooCommerce…
Medium
CVE-2026-22483
Cross-Site Request Forgery (CSRF) vulnerability in winkm89 teachPress teachpress allows Cross Site Request Forgery.This issue affects teachPress: from n/a through <= 9.0.12.
Medium
CVE-2026-22462
Cross-Site Request Forgery (CSRF) vulnerability in richardevcom Add Polylang support for Customizer add-polylang-support-for-customizer allows Cross Site Request Forgery.This issue affects Add Polyla…
Medium
CVE-2026-22382
Cross-Site Request Forgery (CSRF) vulnerability in Mikado-Themes PawFriends - Pet Shop and Veterinary WordPress Theme pawfriends allows Cross Site Request Forgery.This issue affects PawFriends - Pet…
Medium
CVE-2026-22360
Cross-Site Request Forgery (CSRF) vulnerability in AA-Team SearchAzon searchazon allows Cross Site Request Forgery.This issue affects SearchAzon: from n/a through <= 1.4.
Medium
CVE-2026-22359
Cross-Site Request Forgery (CSRF) vulnerability in AA-Team Wordpress Movies Bulk Importer movies importer allows Cross Site Request Forgery.This issue affects Wordpress Movies Bulk Importer: from n/a…
High
CVE-2026-22355
Cross-Site Request Forgery (CSRF) vulnerability in gregmolnar Simple XML Sitemap simple-xml-sitemap allows Stored XSS.This issue affects Simple XML Sitemap: from n/a through <= 1.3.
Medium
CVE-2025-70899
PHPgurukul Online Course Registration v3.1 lacks Cross-Site Request Forgery (CSRF) protection on all administrative forms. An attacker can perform unauthorized actions on behalf of authenticated admi…
Medium
CVE-2025-67626
Cross-Site Request Forgery (CSRF) vulnerability in Angel Costa WP SEO Search wp-seo-search allows Cross Site Request Forgery.This issue affects WP SEO Search: from n/a through <= 1.1.
Medium
CVE-2025-31413
Cross-Site Request Forgery (CSRF) vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Cross Site Request Forgery.This issue affects Element Pack Elementor Addons…
Medium
CVE-2026-24037
Horilla is a free and open source Human Resource Management System (HRMS). In version 1.4.0, the has_xss() function attempts to block XSS by matching input against a set of regex patterns. However, t…
2026-01-21
Medium
CVE-2021-47860
GetSimple CMS Custom JS 0.1 plugin contains a cross-site request forgery vulnerability that allows unauthenticated attackers to inject arbitrary client-side code into administrator browsers. Attacker…
Medium
CVE-2021-47830
GetSimple CMS My SMTP Contact Plugin 1.1.1 contains a cross-site request forgery (CSRF) vulnerability. Attackers can craft a malicious webpage that, when visited by an authenticated administrator, ca…
2026-01-20
Low
CVE-2025-36411
IBM ApplinX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
Medium
CVE-2026-1051
The Newsletter – Send awesome emails from WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.1.0. This is due to missing or incorrect n…
2026-01-19
Medium
CVE-2026-1169
A security vulnerability has been detected in birkir prime up to 0.4.0.beta.0. This vulnerability affects unknown code. Such manipulation leads to cross-site request forgery. The attack can be launch…
Medium
CVE-2026-1153
A vulnerability was detected in technical-laohu mpay up to 1.2.4. This affects an unknown function. Performing a manipulation results in cross-site request forgery. Remote exploitation of the attack…
Medium
CVE-2026-1148
A vulnerability was determined in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. This vulnerability affects unknown code. Executing a manipulation can lead to cross-s…
Medium
CVE-2026-1142
A security flaw has been discovered in PHPGurukul News Portal 1.0. The impacted element is an unknown function. Performing a manipulation results in cross-site request forgery. The attack may be init…
2026-01-18
Medium
CVE-2026-23626
Kimai is a web-based multi-user time-tracking application. Prior to version 2.46.0, Kimai's export functionality uses a Twig sandbox with an overly permissive security policy (`DefaultPolicy`) that a…
2026-01-16
Medium
CVE-2021-47820
Ubee EVW327 contains a cross-site request forgery vulnerability that allows attackers to enable remote access without user interaction. Attackers can craft a malicious webpage that automatically subm…
Medium
CVE-2025-14853
The LEAV Last Email Address Validator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions <= 1.7.1. This is due to missing or incorrect nonce validation on the display_settin…
Medium
CVE-2021-47800
b2evolution 7.2.2 contains a cross-site request forgery vulnerability that allows attackers to modify admin account details without authentication. Attackers can craft a malicious HTML form to submit…
2026-01-15
High
CVE-2026-23622
Easy!Appointments is a self hosted appointment scheduler. In 1.5.2 and earlier, application/core/EA_Security.php::csrf_verify() only enforces CSRF for POST requests and returns early for non-POST met…
Medium
CVE-2021-47754
Arunna 1.0.0 contains a cross-site request forgery vulnerability that allows attackers to manipulate user profile settings without authentication. Attackers can craft a malicious form to change user…
2026-01-14
Medium
CVE-2025-15376
The Stopwords for comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing nonce validation on the 'set_stopwords_fo…
Medium
CVE-2025-14846
The SocialChamp with WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.5. This is due to missing nonce validation on the wpsc_settin…
Medium
CVE-2025-15377
The Sosh Share Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing nonce validation on the 'admin_page_content…
High
CVE-2025-14615
The DASHBOARD BUILDER – WordPress plugin for Charts and Graphs plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.7. This is due to missing non…
Medium
CVE-2025-14389
The WPBlogSyn plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0. This is due to missing or incorrect nonce validation. This makes it possible for…
2026-01-13
Medium
CVE-2026-0493
Due to a Cross-Site Request Forgery (CSRF) vulnerability in SAP Fiori App Intercompany Balance Reconciliation an attacker could execute state?changing actions using an inappropriate request type, thi…
2026-01-12
Low
CVE-2026-22800
PILOS (Platform for Interactive Live-Online Seminars) is a frontend for BigBlueButton. Prior to 4.10.0, Cross-Site Request Forgery (CSRF) vulnerability exists in an administrative API endpoint respon…
Medium
CVE-2021-41074
A CSRF issue in index.php in QloApps hotel eCommerce 1.5.1 allows an attacker to change the admin's email address via a crafted HTML document.
Medium
CVE-2026-22033
Label Studio is a multi-type data labeling and annotation tool. In 1.22.0 and earlier, a persistent stored cross-site scripting (XSS) vulnerability exists in the custom_hotkeys functionality of the a…
2026-01-10
Medium
CVE-2025-14976
The User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Cross-Site Reques…
Medium
CVE-2026-22030
React Router is a router for React. In @remix-run/server-runtime version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, React Router (or Remix v2) is vulnerable to CSRF attacks on document P…
2026-01-09
High
CVE-2026-22194
GestSup versions up to and including 3.2.60 contain a cross-site request forgery (CSRF) vulnerability where the application does not verify the authenticity of client requests. An attacker can induce…
Medium
CVE-2025-13749
The Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.0. This is d…
2026-01-08
Medium
CVE-2025-68158
Authlib is a Python library which builds OAuth and OpenID Connect servers. In versions 1.0.0 through 1.6.5, cache-backed state/request-token storage is not tied to the initiating user session, so CSR…
Medium
CVE-2025-61547
Cross-Site Request Forgery (CSRF) is present on all functions in edu Business Solutions Print Shop Pro WebDesk version 18.34 (fixed in 19.76). The application does not implement proper CSRF tokens or…
Medium
CVE-2019-25259
Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers ca…
2026-01-07
Low
CVE-2025-31963
Improper authentication and missing CSRF protection in the local setup interface component in HCL BigFix IVR version 4.2 allows a local attacker to perform unauthorized configuration changes via unau…
Medium
CVE-2025-14999
The Latest Tabs plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the settings update…
Medium
CVE-2025-14904
The Newsletter Email Subscribe plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4. This is due to incorrect nonce validation on the nels_settings_p…
Medium
CVE-2025-14845
The NS IE Compatibility Fixer plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in all versions up to, and including, 2.1.5. This is due to missing nonce validation on the setti…
Medium
CVE-2025-14468
The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.9. This is due to inverted nonce verification logic in…
Medium
CVE-2025-14465
The Sticky Action Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the sabs_…
Medium
CVE-2025-14077
The Simcast plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the settingsPage func…
Medium
CVE-2025-13990
The Mamurjor Employee Info plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing nonce validation on multiple administra…
Medium
CVE-2025-13657
The HelpDesk contact form plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.5. This is due to missing or incorrect nonce validation on the han…
Medium
CVE-2025-13527
The xShare plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing nonce validation on the 'xshare_plugin_reset()' functio…
Medium
CVE-2025-13521
The WP Status Notifier plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the settings…
Medium
CVE-2025-13520
The MTCaptcha WordPress Plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.2. This is due to missing or incorrect nonce validation on the setti…
Medium
CVE-2025-13519
The SVG Map Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on multiple AJAX…
2026-01-06
Medium
CVE-2020-36918
iDS6 DSSPro Digital Signage System 6.2 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can craft mali…
Medium
CVE-2020-36913
All-Dynamics Software enlogic:show 2.0.2 contains a session fixation vulnerability that allows attackers to set a predefined PHP session identifier during the login process. Attackers can forge HTTP…
Medium
CVE-2020-36908
SnapGear Management Console SG560 version 3.1.5 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft a…
Medium
CVE-2020-36906
P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web page…
2026-01-05
Medium
CVE-2025-53344
Cross-Site Request Forgery (CSRF) vulnerability in ThimPress Thim Core allows Cross Site Request Forgery.This issue affects Thim Core: from n/a through 2.3.3.
Medium
CVE-2025-67315
Cross Site Request Forgery vulnerability in Employee Leave Management System v.2.1 allows a remote attacker to escalate privileges via the manage-employee.php component
Medium
CVE-2023-52212
Cross-Site Request Forgery (CSRF) vulnerability in Automattic WP Job Manager allows Cross Site Request Forgery.This issue affects WP Job Manager: from n/a through 2.0.0.
2026-01-02
Critical
CVE-2026-21430
Emlog is an open source website building system. In version 2.5.23, article creation functionality is vulnerable to cross-site request forgery (CSRF). This can lead to a user being forced to post an…
Medium
CVE-2025-12685
The WPBookit WordPress plugin through 1.0.7 lacks a CSRF check when deleting customers. This could allow an unauthenticated attacker to delete any customer through a CSRF attack.
2026-01-01
Medium
CVE-2025-15405
A vulnerability was detected in PHPEMS up to 11.0. The impacted element is an unknown function. The manipulation results in cross-site request forgery. The attack may be launched remotely.
2025-12-31
High
CVE-2025-31054
Cross-Site Request Forgery (CSRF) vulnerability in Themefy Bloggie allows Reflected XSS.This issue affects Bloggie: from n/a through 2.0.8.
Medium
CVE-2025-62123
Cross-Site Request Forgery (CSRF) vulnerability in inkthemes WP Gmail SMTP wp-gmail-smtp allows Cross Site Request Forgery.This issue affects WP Gmail SMTP: from n/a through <= 1.0.7.
Medium
CVE-2025-62113
Cross-Site Request Forgery (CSRF) vulnerability in emendo_seb Co-marquage service-public.fr co-marquage-service-public allows Cross Site Request Forgery.This issue affects Co-marquage service-public.…
Medium
CVE-2025-62101
Cross-Site Request Forgery (CSRF) vulnerability in Omid Shamloo Pardakht Delkhah pardakht-delkhah allows Cross Site Request Forgery.This issue affects Pardakht Delkhah: from n/a through <= 3.0.0.
Medium
CVE-2025-63040
Cross-Site Request Forgery (CSRF) vulnerability in Saad Iqbal Post Snippets post-snippets allows Cross Site Request Forgery.This issue affects Post Snippets: from n/a through <= 4.0.11.
Medium
CVE-2025-63014
Cross-Site Request Forgery (CSRF) vulnerability in Serhii Pasyuk Gmedia Photo Gallery grand-media allows Cross Site Request Forgery.This issue affects Gmedia Photo Gallery: from n/a through <= 1.25.0.
Medium
CVE-2025-62148
Cross-Site Request Forgery (CSRF) vulnerability in Eugen Bobrowski Robots.txt rewrite robotstxt-rewrite allows Cross Site Request Forgery.This issue affects Robots.txt rewrite: from n/a through <= 1.…
Medium
CVE-2025-62133
Cross-Site Request Forgery (CSRF) vulnerability in manidoraisamy FormFacade formfacade allows Cross Site Request Forgery.This issue affects FormFacade: from n/a through <= 1.4.1.
Medium
CVE-2025-62089
Cross-Site Request Forgery (CSRF) vulnerability in MERGADO Mergado Pack mergado-marketing-pack allows Cross Site Request Forgery.This issue affects Mergado Pack: from n/a through <= 4.2.1.
Medium
CVE-2025-62084
Cross-Site Request Forgery (CSRF) vulnerability in Imdad Next Web iNext Woo Pincode Checker inext-woo-pincode-checker allows Cross Site Request Forgery.This issue affects iNext Woo Pincode Checker: f…
Medium
CVE-2025-62080
Cross-Site Request Forgery (CSRF) vulnerability in Channelize.io Team Live Shopping & Shoppable Videos For WooCommerce live-shopping-video-streams allows Cross Site Request Forgery.This issue affects…
Medium
CVE-2025-59130
Cross-Site Request Forgery (CSRF) vulnerability in appointify Appointify appointify allows Cross Site Request Forgery.This issue affects Appointify: from n/a through <= 1.0.8.
Medium
CVE-2025-62134
Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Contact Form Widget new-contact-form-widget allows Cross Site Request Forgery.This issue affects Contact Form Widget: from n/a through <=…
Medium
CVE-2025-62120
Cross-Site Request Forgery (CSRF) vulnerability in Rick Beckman OpenHook thesis-openhook allows Cross Site Request Forgery.This issue affects OpenHook: from n/a through <= 4.3.1.
Medium
CVE-2025-62117
Cross-Site Request Forgery (CSRF) vulnerability in Jayce53 EasyIndex easyindex allows Cross Site Request Forgery.This issue affects EasyIndex: from n/a through <= 1.1.1704.
Medium
CVE-2025-62992
Cross-Site Request Forgery (CSRF) vulnerability in everestthemes Everest Backup everest-backup allows Path Traversal.This issue affects Everest Backup: from n/a through <= 2.3.11.
High
CVE-2025-49028
Cross-Site Request Forgery (CSRF) vulnerability in Zoho Mail Zoho ZeptoMail transmail allows Stored XSS.This issue affects Zoho ZeptoMail: from n/a through <= 3.3.1.
High
CVE-2025-68885
Cross-Site Request Forgery (CSRF) vulnerability in page-carbajal Custom Post Status custom-post-status allows Stored XSS.This issue affects Custom Post Status: from n/a through <= 1.1.0.
High
CVE-2025-49354
Cross-Site Request Forgery (CSRF) vulnerability in Mindstien Technologies Recent Posts From Each Category recent-posts-from-each-category allows Stored XSS.This issue affects Recent Posts From Each C…
High
CVE-2025-49353
Cross-Site Request Forgery (CSRF) vulnerability in Marcin Kijak Noindex by Path noindex-by-path allows Stored XSS.This issue affects Noindex by Path: from n/a through <= 1.0.
High
CVE-2025-49345
Cross-Site Request Forgery (CSRF) vulnerability in mg12 WP-EasyArchives wp-easyarchives allows Stored XSS.This issue affects WP-EasyArchives: from n/a through <= 3.1.2.
High
CVE-2025-49344
Cross-Site Request Forgery (CSRF) vulnerability in reneade SensitiveTagCloud sensitive-tag-cloud allows Stored XSS.This issue affects SensitiveTagCloud: from n/a through <= 1.4.1.
High
CVE-2025-49343
Cross-Site Request Forgery (CSRF) vulnerability in socialprofilr Social Profilr social-profilr-display-social-network-profile allows Stored XSS.This issue affects Social Profilr: from n/a through <=…
High
CVE-2025-49342
Cross-Site Request Forgery (CSRF) vulnerability in merzedes Custom Style custom-style allows Stored XSS.This issue affects Custom Style: from n/a through <= 1.0.
High
CVE-2025-59137
Cross-Site Request Forgery (CSRF) vulnerability in eleopard Behance Portfolio Manager portfolio-manager-powered-by-behance allows Stored XSS.This issue affects Behance Portfolio Manager: from n/a thr…
High
CVE-2025-49346
Cross-Site Request Forgery (CSRF) vulnerability in peterwsterling Simple Archive Generator simple-archive-generator allows Stored XSS.This issue affects Simple Archive Generator: from n/a through <=…
2025-12-30
High
CVE-2025-59131
Cross-Site Request Forgery (CSRF) vulnerability in hoernerfranz WP-CalDav2ICS wp-caldav2ics allows Stored XSS.This issue affects WP-CalDav2ICS: from n/a through <= 1.3.4.
High
CVE-2022-50804
JM-DATA ONU JF511-TV version 1.0.67 is vulnerable to cross-site request forgery (CSRF) attacks, allowing attackers to perform administrative actions on behalf of authenticated users without their kno…
Medium
CVE-2025-62112
Cross-Site Request Forgery (CSRF) vulnerability in Merv Barrett Import into Easy Property Listings easy-property-listings-xml-csv-import allows Cross Site Request Forgery.This issue affects Import in…
Critical
CVE-2025-52835
Cross-Site Request Forgery (CSRF) vulnerability in ConoHa by GMO WING WordPress Migrator wing-migrator allows Upload a Web Shell to a Web Server.This issue affects WING WordPress Migrator: from n/a t…
Medium
CVE-2025-69021
Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Popup box ays-popup-box allows Cross Site Request Forgery.This issue affects Popup box: from n/a through <= 6.0.7.
Medium
CVE-2025-68998
Cross-Site Request Forgery (CSRF) vulnerability in Heateor Support Heateor Social Login heateor-social-login allows Cross Site Request Forgery.This issue affects Heateor Social Login: from n/a throug…
2025-12-29
High
CVE-2024-30855
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /src/dede/makehtml_list_action.php.
2025-12-27
Medium
CVE-2025-68927
Libredesk is a self-hosted customer support desk. Prior to version 0.8.6-beta, LibreDesk is vulnerable to stored HTML injection in the contact notes feature. When adding notes via POST /api/v1/contac…
2025-12-26
Medium
CVE-2025-67013
The web management interface in ETL Systems Ltd DEXTRA Series ' Digital L-Band Distribution System v1.8 does not implement Cross-Site Request Forgery (CSRF) protection mechanisms (no tokens, no Origi…
2025-12-24
Medium
CVE-2019-25255
VideoFlow Digital Video Protection DVP 2.10 contains an authenticated remote code execution vulnerability that allows attackers to execute system commands with root privileges. Attackers can exploit…
High
CVE-2019-25254
KYOCERA Net Admin 3.4.0906 contains a cross-site request forgery vulnerability that allows attackers to create administrative users without proper request validation. Attackers can craft malicious we…
Medium
CVE-2019-25252
Teradek VidiU Pro 3.0.3 contains a cross-site request forgery vulnerability that allows attackers to change administrative passwords without proper request validation. Attackers can craft malicious w…
Medium
CVE-2019-25250
Devolo dLAN 500 AV Wireless+ 3.1.0-1 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft…
Medium
CVE-2019-25247
Beward N100 H.264 VGA IP Camera M2.1.6 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can cra…
Medium
CVE-2019-25244
Legrand BTicino Driver Manager F454 1.0.51 contains multiple web vulnerabilities that allow attackers to perform administrative actions without proper request validation. Attackers can exploit cross-…
Medium
CVE-2019-25242
FaceSentry Access Control System 6.4.8 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious…
Medium
CVE-2019-25238
V-SOL GPON/EPON OLT Platform 2.03 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web p…
Medium
CVE-2019-25234
SmartHouse Webapp 6.5.33 contains multiple cross-site request forgery and cross-site scripting vulnerabilities that allow attackers to perform unauthorized actions. Attackers can exploit these vulner…
Medium
CVE-2019-25233
AVE DOMINAplus 1.10.x contains cross-site request forgery and cross-site scripting vulnerabilities that allow attackers to perform administrative actions without user consent. Attackers can craft mal…
Medium
CVE-2018-25156
Teradek Cube 7.3.6 contains a cross-site request forgery vulnerability that allows attackers to change administrative passwords without proper request validation. Attackers can craft a malicious web…