Filtered by CWE-352
Total 7923 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2025-5732 1 Carmelogarcia 1 Traffic Offense Reporting System 2025-06-10 4.3 Medium
A vulnerability, which was classified as problematic, was found in code-projects Traffic Offense Reporting System 1.0. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2023-47655 1 Wpgov 1 Anac Xml Bandi Di Gara 2025-06-10 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi ANAC XML Bandi di Gara.This issue affects ANAC XML Bandi di Gara: from n/a through 7.5.
CVE-2023-32514 1 Himanshuparashar 1 Google Site Verification Plugin Using Meta Tag 2025-06-10 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Himanshu Parashar Google Site Verification plugin using Meta Tag.This issue affects Google Site Verification plugin using Meta Tag: from n/a through 1.2.
CVE-2023-27633 1 Pixelgrade 1 Customify 2025-06-10 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade Customify – Intuitive Website Styling plugin <= 2.10.4 versions.
CVE-2023-27453 1 Lws 1 Lws Tools 2025-06-10 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in LWS LWS Tools plugin <= 2.3.1 versions.
CVE-2023-5383 1 Funnelforms 1 Funnelforms 2025-06-10 4.3 Medium
The Funnelforms Free plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4. This is due to missing or incorrect nonce validation on the fnsf_copy_posts function. This makes it possible for unauthenticated attackers to create copies of arbitrary posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVE-2023-2416 1 Vcita 1 Online Booking \& Scheduling Calendar 2025-06-10 5.4 Medium
The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the vcita_logout_callback function in versions up to, and including, 4.2.10. This makes it possible for unauthenticated to logout a vctia connected account which would cause a denial of service on the appointment scheduler, via a forged request granted they can trick a site user into performing an action such as clicking on a link.
CVE-2024-5081 2 Tipsandtricks-hq, Wp Emember 2 Wp Emember, Wp Emember 2025-06-09 6.1 Medium
The wp-eMember WordPress plugin before v10.7.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack
CVE-2024-6496 1 Dmytropopov 1 Light Poll 2025-06-09 6.5 Medium
The Light Poll WordPress plugin through 1.0.0 does not have CSRF checks when deleting polls, which could allow attackers to make logged in users perform such action via a CSRF attack
CVE-2024-22818 1 Flycms Project 1 Flycms 2025-06-09 8.8 High
FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerbility via /system/site/filterKeyword_save
CVE-2024-30526 1 Easysocialfeed 1 Easy Social Feed 2025-06-09 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Easy Social Feed.This issue affects Easy Social Feed: from n/a through 6.5.6.
CVE-2025-2797 2025-06-09 5.4 Medium
The Woffice Core plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.4.21. This is due to missing or incorrect nonce validation on the 'woffice_handle_user_approval_actions' function. This makes it possible for unauthenticated attackers to approve registration for any user via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVE-2025-24546 1 Rstheme 1 Ultimate Coming Soon \& Maintenance 2025-06-09 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in RSTheme Ultimate Coming Soon & Maintenance allows Cross Site Request Forgery. This issue affects Ultimate Coming Soon & Maintenance: from n/a through 1.0.9.
CVE-2025-24543 1 Rstheme 1 Ultimate Coming Soon \& Maintenance 2025-06-09 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in RSTheme Ultimate Coming Soon & Maintenance allows Cross Site Request Forgery. This issue affects Ultimate Coming Soon & Maintenance: from n/a through 1.0.9.
CVE-2024-12750 1 Raiserweb 1 Competition Form 2025-06-09 4.3 Medium
The Competition Form WordPress plugin through 2.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVE-2025-24715 1 Wow-company 1 Counter Box 2025-06-09 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Counter Box allows Cross Site Request Forgery. This issue affects Counter Box: from n/a through 2.0.5.
CVE-2025-24698 1 G5plus 1 Essential Real Estate 2025-06-09 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in G5Theme Essential Real Estate allows Cross Site Request Forgery. This issue affects Essential Real Estate: from n/a through 5.1.8.
CVE-2024-11373 1 Floriansimunek 1 Connexion Logs 2025-06-09 4.3 Medium
The Connexion Logs WordPress plugin through 3.0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVE-2024-11719 1 Couleurcitron 1 Tarteaucitron-wp 2025-06-09 6.1 Medium
The tarteaucitron-wp WordPress plugin before 0.3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
CVE-2024-12301 1 Joomlaserviceprovider 1 Jsp Store Locator 2025-06-09 6.5 Medium
The JSP Store Locator WordPress plugin through 1.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks.