Total
8007 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-13146 | 1 Fs-code | 1 Booknetic | 2025-04-30 | N/A | 8.8 HIGH |
| The Booknetic WordPress plugin before 4.1.5 does not have CSRF check when creating Staff accounts, which could allow attackers to make logged in admin add arbitrary Staff members via a CSRF attack | |||||
| CVE-2022-45393 | 1 Jenkins | 1 Delete Log | 2025-04-30 | N/A | 3.5 LOW |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Delete log Plugin 1.0 and earlier allows attackers to delete build logs. | |||||
| CVE-2024-42768 | 1 Jayesh | 1 Hotel Management System | 2025-04-30 | N/A | 6.8 MEDIUM |
| A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Hotel Management System v1.0 via /admin/delete_room.php. | |||||
| CVE-2024-45527 | 1 Vanderbilt | 1 Redcap | 2025-04-30 | N/A | 6.1 MEDIUM |
| REDCap 14.7.0 allows HTML injection via the project title of a New Project action. This can lead to resultant logout CSRF via index.php?logout=1, and can also be used to insert a link to an external phishing website. | |||||
| CVE-2025-46231 | 1 Servit | 1 Affiliate-toolkit | 2025-04-30 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in SERVIT Software Solutions affiliate-toolkit allows Cross Site Request Forgery. This issue affects affiliate-toolkit: from n/a through 3.7.3. | |||||
| CVE-2022-45398 | 1 Jenkins | 1 Cluster Statistics | 2025-04-30 | N/A | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics. | |||||
| CVE-2022-43323 | 1 Eyoucms | 1 Eyoucms | 2025-04-30 | N/A | 8.8 HIGH |
| EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Top Up Balance component under the Edit Member module. | |||||
| CVE-2022-3763 | 1 Booster | 1 Booster For Woocommerce | 2025-04-30 | N/A | 8.1 HIGH |
| The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.5, Booster Elite for WooCommerce WordPress plugin before 1.1.7 do not have CSRF check in place when deleting files uploaded at the checkout, allowing attackers to make a logged in shop manager or admin delete them via a CSRF attack | |||||
| CVE-2022-3750 | 1 Inkthemes | 1 Ask Me | 2025-04-30 | N/A | 4.7 MEDIUM |
| The has a CSRF vulnerability that allows the deletion of a post without using a nonce or prompting for confirmation. | |||||
| CVE-2022-3538 | 1 Webmaster Tools Verification Project | 1 Webmaster Tools Verification | 2025-04-30 | N/A | 6.5 MEDIUM |
| The Webmaster Tools Verification WordPress plugin through 1.2 does not have authorisation and CSRF checks when disabling plugins, allowing unauthenticated users to disable arbitrary plugins | |||||
| CVE-2025-46249 | 1 Migaweb | 1 Simple Calendar For Elementor | 2025-04-30 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Michael Simple calendar for Elementor allows Cross Site Request Forgery. This issue affects Simple calendar for Elementor: from n/a through 1.6.4. | |||||
| CVE-2025-46251 | 1 E4jconnect | 1 Vikrestaurants Table Reservations And Take-away | 2025-04-30 | N/A | 7.1 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in e4jvikwp VikRestaurants Table Reservations and Take-Away allows Cross Site Request Forgery. This issue affects VikRestaurants Table Reservations and Take-Away: from n/a through 1.3.3. | |||||
| CVE-2022-43693 | 1 Concretecms | 1 Concrete Cms | 2025-04-30 | N/A | 8.8 HIGH |
| Concrete CMS is vulnerable to CSRF due to the lack of "State" parameter for external Concrete authentication service for users of Concrete who use the "out of the box" core OAuth. | |||||
| CVE-2022-1578 | 1 My Wpdb Project | 1 My Wpdb | 2025-04-30 | N/A | 8.8 HIGH |
| The My wpdb WordPress plugin before 2.5 is missing CSRF check when running SQL queries, which could allow attacker to make a logged in admin run arbitrary SQL query via a CSRF attack | |||||
| CVE-2025-27189 | 1 Adobe | 1 Commerce B2b | 2025-04-30 | N/A | 4.3 MEDIUM |
| Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could be exploited to cause a denial-of-service condition. An attacker could trick a logged-in user into submitting a forged request to the vulnerable application, which may disrupt service availability. Exploitation of this issue requires user interaction, typically in the form of clicking a malicious link or visiting an attacker-controlled website. | |||||
| CVE-2022-3336 | 1 Awplife | 1 Event Monster | 2025-04-30 | N/A | 4.3 MEDIUM |
| The Event Monster WordPress plugin before 1.2.0 does not have CSRF check when deleting visitors, which could allow attackers to make logged in admin delete arbitrary visitors via a CSRF attack | |||||
| CVE-2022-42246 | 1 Duofoxtechnologies | 1 Duofox Cms | 2025-04-29 | N/A | 8.8 HIGH |
| Doufox 0.0.4 contains a CSRF vulnerability that can add system administrator account. | |||||
| CVE-2020-23582 | 1 Optilinknetwork | 2 Op-xt71000n, Op-xt71000n Firmware | 2025-04-29 | N/A | 6.5 MEDIUM |
| A vulnerability in the "/admin/wlmultipleap.asp" of optilink OP-XT71000N version: V2.2 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to create Multiple WLAN BSSID. | |||||
| CVE-2025-46241 | 1 Codepeople | 1 Appointment Booking Calendar | 2025-04-29 | N/A | 8.2 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in codepeople Appointment Booking Calendar allows SQL Injection. This issue affects Appointment Booking Calendar: from n/a through 1.3.92. | |||||
| CVE-2025-46243 | 1 Sktthemes | 1 Recover Abandoned Cart For Woocommerce | 2025-04-29 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in sonalsinha21 Recover abandoned cart for WooCommerce allows Cross Site Request Forgery. This issue affects Recover abandoned cart for WooCommerce: from n/a through 2.2. | |||||