Total
7950 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-2449 | 1 Resmush.it | 1 Resmush.it Image Optimizer | 2025-04-30 | 6.5 Medium |
| The reSmush.it : the only free Image Optimizer & compress plugin WordPress plugin before 0.4.4 does not perform CSRF checks for any of its AJAX actions, allowing an attackers to trick logged in users to perform various actions on their behalf on the site. | ||||
| CVE-2022-44389 | 1 Eyoucms | 1 Eyoucms | 2025-04-30 | 6.5 Medium |
| EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Edit Admin Profile module. This vulnerability allows attackers to arbitrarily change Administrator account information. | ||||
| CVE-2022-44387 | 1 Eyoucms | 1 Eyoucms | 2025-04-30 | 8.8 High |
| EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Basic Information component under the Edit Member module. | ||||
| CVE-2024-13146 | 1 Fs-code | 1 Booknetic | 2025-04-30 | 8.8 High |
| The Booknetic WordPress plugin before 4.1.5 does not have CSRF check when creating Staff accounts, which could allow attackers to make logged in admin add arbitrary Staff members via a CSRF attack | ||||
| CVE-2022-45393 | 1 Jenkins | 1 Delete Log | 2025-04-30 | 3.5 Low |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Delete log Plugin 1.0 and earlier allows attackers to delete build logs. | ||||
| CVE-2024-42768 | 2 Jayesh, Kashipara | 2 Hotel Management System, Hotel Management | 2025-04-30 | 6.8 Medium |
| A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Hotel Management System v1.0 via /admin/delete_room.php. | ||||
| CVE-2024-45527 | 2 Redcap, Vanderbilt | 2 Redcap, Redcap | 2025-04-30 | 6.1 Medium |
| REDCap 14.7.0 allows HTML injection via the project title of a New Project action. This can lead to resultant logout CSRF via index.php?logout=1, and can also be used to insert a link to an external phishing website. | ||||
| CVE-2025-46231 | 1 Servit | 1 Affiliate-toolkit | 2025-04-30 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in SERVIT Software Solutions affiliate-toolkit allows Cross Site Request Forgery. This issue affects affiliate-toolkit: from n/a through 3.7.3. | ||||
| CVE-2022-45398 | 1 Jenkins | 1 Cluster Statistics | 2025-04-30 | 4.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics. | ||||
| CVE-2022-43323 | 1 Eyoucms | 1 Eyoucms | 2025-04-30 | 8.8 High |
| EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Top Up Balance component under the Edit Member module. | ||||
| CVE-2022-3750 | 1 Inkthemes | 1 Ask Me | 2025-04-30 | 4.7 Medium |
| The has a CSRF vulnerability that allows the deletion of a post without using a nonce or prompting for confirmation. | ||||
| CVE-2022-3538 | 1 Webmaster Tools Verification Project | 1 Webmaster Tools Verification | 2025-04-30 | 6.5 Medium |
| The Webmaster Tools Verification WordPress plugin through 1.2 does not have authorisation and CSRF checks when disabling plugins, allowing unauthenticated users to disable arbitrary plugins | ||||
| CVE-2021-25976 | 1 Dotnetfoundation | 1 Piranha Cms | 2025-04-30 | 8.1 High |
| In PiranhaCMS, versions 4.0.0-alpha1 to 9.2.0 are vulnerable to cross-site request forgery (CSRF) when performing various actions supported by the management system, such as deleting a user, deleting a role, editing a post, deleting a media folder etc., when an ID is known. | ||||
| CVE-2021-25965 | 1 Janeczku | 1 Calibre-web | 2025-04-30 | 8.8 High |
| In Calibre-web, versions 0.6.0 to 0.6.13 are vulnerable to Cross-Site Request Forgery (CSRF). By luring an authenticated user to click on a link, an attacker can create a new user role with admin privileges and attacker-controlled credentials, allowing them to take over the application. | ||||
| CVE-2025-46249 | 1 Migaweb | 1 Simple Calendar For Elementor | 2025-04-30 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Michael Simple calendar for Elementor allows Cross Site Request Forgery. This issue affects Simple calendar for Elementor: from n/a through 1.6.4. | ||||
| CVE-2025-46251 | 1 E4jconnect | 1 Vikrestaurants Table Reservations And Take-away | 2025-04-30 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in e4jvikwp VikRestaurants Table Reservations and Take-Away allows Cross Site Request Forgery. This issue affects VikRestaurants Table Reservations and Take-Away: from n/a through 1.3.3. | ||||
| CVE-2022-43693 | 1 Concretecms | 1 Concrete Cms | 2025-04-30 | 8.8 High |
| Concrete CMS is vulnerable to CSRF due to the lack of "State" parameter for external Concrete authentication service for users of Concrete who use the "out of the box" core OAuth. | ||||
| CVE-2025-27189 | 1 Adobe | 1 Commerce B2b | 2025-04-30 | 4.3 Medium |
| Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could be exploited to cause a denial-of-service condition. An attacker could trick a logged-in user into submitting a forged request to the vulnerable application, which may disrupt service availability. Exploitation of this issue requires user interaction, typically in the form of clicking a malicious link or visiting an attacker-controlled website. | ||||
| CVE-2022-42246 | 1 Duofoxtechnologies | 1 Duofox Cms | 2025-04-29 | 8.8 High |
| Doufox 0.0.4 contains a CSRF vulnerability that can add system administrator account. | ||||
| CVE-2020-23582 | 1 Optilinknetwork | 2 Op-xt71000n, Op-xt71000n Firmware | 2025-04-29 | 6.5 Medium |
| A vulnerability in the "/admin/wlmultipleap.asp" of optilink OP-XT71000N version: V2.2 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to create Multiple WLAN BSSID. | ||||