Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-4401

Summary
Assigner-Wordfence
Assigner Org ID-b15e7b5b-3da4-40ae-a43c-f7aa60e62599
Published At-01 Jul, 2023 | 05:33
Updated At-08 Apr, 2026 | 17:02
Rejected At-
Credits

Style Kits <= 1.8.0 - Cross-Site Request Forgery Bypass

The Style Kits plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.0. This is due to missing or incorrect nonce validation on the update_posts_stylekit() function. This makes it possible for unauthenticated attackers to update style kits for posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Wordfence
Assigner Org ID:b15e7b5b-3da4-40ae-a43c-f7aa60e62599
Published At:01 Jul, 2023 | 05:33
Updated At:08 Apr, 2026 | 17:02
Rejected At:
▼CVE Numbering Authority (CNA)
Style Kits <= 1.8.0 - Cross-Site Request Forgery Bypass

The Style Kits plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.0. This is due to missing or incorrect nonce validation on the update_posts_stylekit() function. This makes it possible for unauthenticated attackers to update style kits for posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Affected Products
Vendor
analogwp
Product
Style Kits – Advanced Theme Styles for Elementor, Elementor Kits & Elementor Patterns
Default Status
unaffected
Versions
Affected
  • From 0 through 1.8.0 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-352CWE-352 Cross-Site Request Forgery (CSRF)
Type: CWE
CWE ID: CWE-352
Description: CWE-352 Cross-Site Request Forgery (CSRF)
Metrics
VersionBase scoreBase severityVector
3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Jerome Bruandet
Timeline
EventDate
Disclosed2021-03-01 00:00:00
Event: Disclosed
Date: 2021-03-01 00:00:00
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.wordfence.com/threat-intel/vulnerabilities/id/7cb08fc1-fb8b-4478-8569-eb9b28aff50b?source=cve
N/A
https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/
N/A
https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/
N/A
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/
N/A
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/
N/A
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/
N/A
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/
N/A
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/
N/A
https://plugins.trac.wordpress.org/changeset/2473676/analogwp-templates/trunk/inc/class-quick-edit.php
N/A
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/7cb08fc1-fb8b-4478-8569-eb9b28aff50b?source=cve
Resource: N/A
Hyperlink: https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/
Resource: N/A
Hyperlink: https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/
Resource: N/A
Hyperlink: https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/
Resource: N/A
Hyperlink: https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/
Resource: N/A
Hyperlink: https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/
Resource: N/A
Hyperlink: https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/
Resource: N/A
Hyperlink: https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/
Resource: N/A
Hyperlink: https://plugins.trac.wordpress.org/changeset/2473676/analogwp-templates/trunk/inc/class-quick-edit.php
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.wordfence.com/threat-intel/vulnerabilities/id/7cb08fc1-fb8b-4478-8569-eb9b28aff50b?source=cve
x_transferred
https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/
x_transferred
https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/
x_transferred
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/
x_transferred
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/
x_transferred
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/
x_transferred
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/
x_transferred
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/
x_transferred
https://plugins.trac.wordpress.org/changeset/2473676/analogwp-templates/trunk/inc/class-quick-edit.php
x_transferred
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/7cb08fc1-fb8b-4478-8569-eb9b28aff50b?source=cve
Resource:
x_transferred
Hyperlink: https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/
Resource:
x_transferred
Hyperlink: https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/
Resource:
x_transferred
Hyperlink: https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/
Resource:
x_transferred
Hyperlink: https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/
Resource:
x_transferred
Hyperlink: https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/
Resource:
x_transferred
Hyperlink: https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/
Resource:
x_transferred
Hyperlink: https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/
Resource:
x_transferred
Hyperlink: https://plugins.trac.wordpress.org/changeset/2473676/analogwp-templates/trunk/inc/class-quick-edit.php
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@wordfence.com
Published At:01 Jul, 2023 | 06:15
Updated At:08 Apr, 2026 | 18:17

The Style Kits plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.0. This is due to missing or incorrect nonce validation on the update_posts_stylekit() function. This makes it possible for unauthenticated attackers to update style kits for posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CPE Matches
analogwp
analogwp
>>style_kits>>Versions up to 1.8.0(inclusive)
cpe:2.3:a:analogwp:style_kits:*:*:*:*:*:wordpress:*:*
Weaknesses
CWE IDTypeSource
CWE-352Primarysecurity@wordfence.com
CWE ID: CWE-352
Type: Primary
Source: security@wordfence.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/security@wordfence.com
Not Applicable
https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/security@wordfence.com
Not Applicable
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/security@wordfence.com
Third Party Advisory
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/security@wordfence.com
Not Applicable
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/security@wordfence.com
Not Applicable
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/security@wordfence.com
Not Applicable
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/security@wordfence.com
Not Applicable
https://plugins.trac.wordpress.org/changeset/2473676/analogwp-templates/trunk/inc/class-quick-edit.phpsecurity@wordfence.com
Patch
https://www.wordfence.com/threat-intel/vulnerabilities/id/7cb08fc1-fb8b-4478-8569-eb9b28aff50b?source=cvesecurity@wordfence.com
Third Party Advisory
https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/af854a3a-2127-422b-91ae-364da2661108
Not Applicable
https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/af854a3a-2127-422b-91ae-364da2661108
Not Applicable
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/af854a3a-2127-422b-91ae-364da2661108
Not Applicable
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/af854a3a-2127-422b-91ae-364da2661108
Not Applicable
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/af854a3a-2127-422b-91ae-364da2661108
Not Applicable
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/af854a3a-2127-422b-91ae-364da2661108
Not Applicable
https://plugins.trac.wordpress.org/changeset/2473676/analogwp-templates/trunk/inc/class-quick-edit.phpaf854a3a-2127-422b-91ae-364da2661108
Patch
https://www.wordfence.com/threat-intel/vulnerabilities/id/7cb08fc1-fb8b-4478-8569-eb9b28aff50b?source=cveaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Hyperlink: https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/
Source: security@wordfence.com
Resource:
Not Applicable
Hyperlink: https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/
Source: security@wordfence.com
Resource:
Not Applicable
Hyperlink: https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/
Source: security@wordfence.com
Resource:
Third Party Advisory
Hyperlink: https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/
Source: security@wordfence.com
Resource:
Not Applicable
Hyperlink: https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/
Source: security@wordfence.com
Resource:
Not Applicable
Hyperlink: https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/
Source: security@wordfence.com
Resource:
Not Applicable
Hyperlink: https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/
Source: security@wordfence.com
Resource:
Not Applicable
Hyperlink: https://plugins.trac.wordpress.org/changeset/2473676/analogwp-templates/trunk/inc/class-quick-edit.php
Source: security@wordfence.com
Resource:
Patch
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/7cb08fc1-fb8b-4478-8569-eb9b28aff50b?source=cve
Source: security@wordfence.com
Resource:
Third Party Advisory
Hyperlink: https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Not Applicable
Hyperlink: https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Not Applicable
Hyperlink: https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Not Applicable
Hyperlink: https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Not Applicable
Hyperlink: https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Not Applicable
Hyperlink: https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Not Applicable
Hyperlink: https://plugins.trac.wordpress.org/changeset/2473676/analogwp-templates/trunk/inc/class-quick-edit.php
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/7cb08fc1-fb8b-4478-8569-eb9b28aff50b?source=cve
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

2375Records found
CVE-2023-4837
Matching Score-4
Assigner-CERT.PL
ShareView Details
Matching Score-4
Assigner-CERT.PL
CVSS Score-8.8||HIGH
EPSS-0.19% / 40.82%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 09:20
Updated-18 Sep, 2024 | 19:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-site request forgery (CSRF) in SmodBIP

SmodBIP is vulnerable to Cross-Site Request Forgery, that could be used to induce logged in users to perform unintended actions, including creation of additional accounts with administrative privileges. This issue affects all versions of SmodBIP. SmodBIP is no longer maintained and the vulnerability will not be fixed.

Action-Not Available
Vendor-smodJan Syski
Product-smodbipSmodBIP
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-47765
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.34%
||
7 Day CHG~0.00%
Published-22 Nov, 2023 | 18:12
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress CodeBard's Patron Button and Widgets for Patreon Plugin <= 2.1.9 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in CodeBard CodeBard's Patron Button and Widgets for Patreon plugin <= 2.1.9 versions.

Action-Not Available
Vendor-codebardCodeBard
Product-codebard\'s_patron_button_and_widgets_for_patreonCodeBard's Patron Button and Widgets for Patreon
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-40335
Matching Score-4
Assigner-Hitachi Energy
ShareView Details
Matching Score-4
Assigner-Hitachi Energy
CVSS Score-5||MEDIUM
EPSS-0.24% / 46.83%
||
7 Day CHG-0.00%
Published-25 Jul, 2022 | 14:32
Updated-16 Sep, 2024 | 23:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross Site Request Forgery (CSRF) in Hitachi Energy’s MSM Product

A vulnerability exists in the HTTP web interface where the web interface does not sufficiently verify if a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. This cause a Cross Site Request Forgery (CSRF), which if exploited could lead an attacker to gain unauthorized access to the web application and perform an unwanted operation on it without the knowledge of the legitimate user. An attacker, who successfully makes an MSM user who has already established a session to MSM web interface clicks a forged link to the MSM web interface, e.g., link is sent per E-Mail, could perform harmful command on MSM through its web server interface. This issue affects: Hitachi Energy MSM V2.2 and prior versions.

Action-Not Available
Vendor-Hitachi Energy Ltd.
Product-modular_switchgear_monitoring_firmwaremodular_switchgear_monitoringMSM
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-47825
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.34%
||
7 Day CHG~0.00%
Published-22 Nov, 2023 | 19:40
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP EXtra Plugin <= 6.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in TienCOP WP EXtra plugin <= 6.4 versions.

Action-Not Available
Vendor-wpvnteamTienCOP
Product-wp_extraWP EXtra
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-47649
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.11% / 28.29%
||
7 Day CHG~0.00%
Published-18 Nov, 2023 | 21:27
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Best Restaurant Menu by PriceListo Plugin <= 1.3.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in PriceListo Best Restaurant Menu by PriceListo.This issue affects Best Restaurant Menu by PriceListo: from n/a through 1.3.1.

Action-Not Available
Vendor-pricelistoPriceListo
Product-best_restaurant_menuBest Restaurant Menu by PriceListo
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-47781
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.10% / 26.37%
||
7 Day CHG~0.00%
Published-22 Nov, 2023 | 18:27
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Thrive Theme Builder Theme < 3.24.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Thrive Themes Thrive Theme Builder < 3.24.2 versions.

Action-Not Available
Vendor-Thrive Themes LLC (Thrive Themes)
Product-thrive_themes_builderThrive Theme Builder
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-47791
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.34%
||
7 Day CHG~0.00%
Published-22 Nov, 2023 | 18:38
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Leadster Plugin <= 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Leadster plugin <= 1.1.2 versions.

Action-Not Available
Vendor-leadsterLeadster
Product-leadsterLeadster
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-47718
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 12.75%
||
7 Day CHG~0.00%
Published-19 Jan, 2024 | 01:14
Updated-17 Jun, 2025 | 21:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Maximo Asset Management cross-site request forgery

IBM Maximo Asset Management 7.6.1.3 and Manage Component 8.10 through 8.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 271843.

Action-Not Available
Vendor-IBM Corporation
Product-maximo_application_suitemaximo_asset_managementMaximo Asset Management Manage ComponentMaximo Asset Management
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-47551
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.11% / 28.29%
||
7 Day CHG~0.00%
Published-18 Nov, 2023 | 21:50
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Donations Made Easy – Smart Donations Plugin <= 4.0.12 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in RedNao Donations Made Easy – Smart Donations.This issue affects Donations Made Easy – Smart Donations: from n/a through 4.0.12.

Action-Not Available
Vendor-rednaoRedNao
Product-donations_made_easy_-_smart_donationsDonations Made Easy – Smart Donations
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-48020
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.16% / 36.85%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 00:00
Updated-03 Sep, 2024 | 15:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/task/changeStatus.

Action-Not Available
Vendor-iteachyoun/a
Product-dreamer_cmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-47687
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.17% / 37.99%
||
7 Day CHG~0.00%
Published-16 Nov, 2023 | 22:09
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Woo Custom and Sequential Order Number Plugin <= 2.6.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in VJInfotech Woo Custom and Sequential Order Number plugin <= 2.6.0 versions.

Action-Not Available
Vendor-vjinfotechVJInfotech
Product-woo_custom_and_sequential_order_numberWoo Custom and Sequential Order Number
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-48328
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.27% / 50.18%
||
7 Day CHG~0.00%
Published-30 Nov, 2023 | 16:05
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress NextGEN Gallery Plugin <= 3.37 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Imagely WordPress Gallery Plugin – NextGEN Gallery allows Cross Site Request Forgery.This issue affects WordPress Gallery Plugin – NextGEN Gallery: from n/a through 3.37.

Action-Not Available
Vendor-Imagely, LLC (Imagely)
Product-nextgen_galleryWordPress Gallery Plugin – NextGEN Gallery
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-12189
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 7.43%
||
7 Day CHG-0.02%
Published-05 Dec, 2025 | 05:31
Updated-08 Apr, 2026 | 19:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Bread & Butter: Gate content + Capture leads + Collect first-party data + Nurture with Ai agents <= 7.11.1374 - Cross-Site Request Forgery to Arbitrary File Upload

The Bread & Butter: Gate content + Capture leads + Collect first-party data + Nurture with Ai agents plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.11.1374. This is due to missing or incorrect nonce validation on the uploadImage() function. This makes it possible for unauthenticated attackers to upload arbitrary files that make remote code execution possible via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-breadbutterbreadbutter
Product-bread_\&_butterBread & Butter: AI-Powered Lead Intelligence
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-48060
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.08% / 22.52%
||
7 Day CHG~0.00%
Published-13 Nov, 2023 | 00:00
Updated-04 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/task/add

Action-Not Available
Vendor-iteachyoun/adreamer_cms_project
Product-dreamer_cmsn/adreamer_cms
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-47824
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.69%
||
7 Day CHG~0.00%
Published-22 Nov, 2023 | 19:36
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Legal Pages Plugin <= 1.3.8 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in wpWax Legal Pages – Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice Generator plugin <= 1.3.8 versions.

Action-Not Available
Vendor-wpwaxwpWax
Product-legal_pagesLegal Pages – Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice Generator
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-48279
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.22% / 44.90%
||
7 Day CHG~0.00%
Published-30 Nov, 2023 | 13:14
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Seraphinite Post .DOCX Source Plugin <= 2.16.6 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Seraphinite Solutions Seraphinite Post .DOCX Source allows Cross Site Request Forgery.This issue affects Seraphinite Post .DOCX Source: from n/a through 2.16.6.

Action-Not Available
Vendor-s-solsSeraphinite Solutions
Product-seraphinite_post_.docx_sourceSeraphinite Post .DOCX Source
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-47230
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 16.54%
||
7 Day CHG~0.00%
Published-13 Nov, 2023 | 00:07
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Contact Forms by Cimatti Plugin <= 1.6.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Cimatti Consulting WordPress Contact Forms by Cimatti plugin <= 1.6.0 versions.

Action-Not Available
Vendor-cimattiCimatti Consulting
Product-wordpress_contact_formsWordPress Contact Forms by Cimatti
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-47664
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.20% / 41.19%
||
7 Day CHG~0.00%
Published-18 Nov, 2023 | 21:09
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Plainview Protect Passwords Plugin <= 1.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in edward_plainview Plainview Protect Passwords.This issue affects Plainview Protect Passwords: from n/a through 1.4.

Action-Not Available
Vendor-plainviewpluginsedward_plainview
Product-plainview_protect_passwordsPlainview Protect Passwords
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-47677
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.8||HIGH
EPSS-0.36% / 58.06%
||
7 Day CHG~0.00%
Published-08 Jul, 2024 | 15:25
Updated-04 Nov, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (csrf) vulnerability exists in the boa CSRF protection functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted network request can lead to CSRF. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-level1LevelOnelevel_oneRealtek Semiconductor Corp.
Product-wbr-6013_firmwarewbr-6013rtl819x_jungle_software_development_kitrtl819x Jungle SDKWBR-6013rtl819x_software_development_kitwbr6013
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-47667
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 34.75%
||
7 Day CHG~0.00%
Published-18 Nov, 2023 | 20:57
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Full Stripe Free plugin <= 7.0.16 - Cross Site Request Forgery (CSRF) vulnerability on every Setting Save

Cross-Site Request Forgery (CSRF) vulnerability in Mammothology WP Full Stripe Free.This issue affects WP Full Stripe Free: from n/a through 7.0.16.

Action-Not Available
Vendor-paymentspluginMammothology
Product-wp_full_stripe_freeWP Full Stripe Free
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-48330
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.12% / 31.03%
||
7 Day CHG~0.00%
Published-30 Nov, 2023 | 12:56
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Bulk Comment Remove Plugin <= 2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Mike Strand Bulk Comment Remove allows Cross Site Request Forgery.This issue affects Bulk Comment Remove: from n/a through 2.

Action-Not Available
Vendor-supremoMike Strand
Product-bulk_comment_removeBulk Comment Remove
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-4824
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-8.8||HIGH
EPSS-0.10% / 26.37%
||
7 Day CHG~0.00%
Published-20 Nov, 2023 | 18:55
Updated-29 Aug, 2024 | 13:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WooHoo Newspaper Magazine Theme <= 2.5.3 - Settings Update via CSRF

The WooHoo Newspaper Magazine theme does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Action-Not Available
Vendor-bdaiaUnknownbdaia
Product-woohoo_newspaper_magazine_themeWoohoowoohoo_newspaper_magazine_theme
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-47186
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 31.04%
||
7 Day CHG~0.00%
Published-06 Nov, 2023 | 11:25
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Kadence WooCommerce Email Designer Plugin <= 1.5.11 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Kadence WP Kadence WooCommerce Email Designer plugin <= 1.5.11 versions.

Action-Not Available
Vendor-Kadence WPKadence WPThe Events Calendar (StellarWP)
Product-kadence_woocommerce_email_designerKadence WooCommerce Email Designer
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-47519
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 34.75%
||
7 Day CHG~0.00%
Published-18 Nov, 2023 | 22:01
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce Product Table Lite Plugin <= 2.6.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in WC Product Table WooCommerce Product Table Lite.This issue affects WooCommerce Product Table Lite: from n/a through 2.6.2.

Action-Not Available
Vendor-wcproducttableWC Product Table
Product-woocommerce_product_table_liteWooCommerce Product Table Lite
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-48323
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.17% / 37.99%
||
7 Day CHG~0.00%
Published-30 Nov, 2023 | 12:59
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Awesome Support Plugin <= 6.1.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Awesome Support Team Awesome Support – WordPress HelpDesk & Support Plugin allows Cross Site Request Forgery.This issue affects Awesome Support – WordPress HelpDesk & Support Plugin: from n/a through 6.1.4.

Action-Not Available
Vendor-getawesomesupportAwesome Support Team
Product-awesome_supportAwesome Support – WordPress HelpDesk & Support Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-48292
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.7||CRITICAL
EPSS-0.86% / 75.18%
||
7 Day CHG+0.10%
Published-20 Nov, 2023 | 18:02
Updated-02 Aug, 2024 | 21:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
XWiki Admin Tools Application Run Shell Command allows CSRF RCE attacks

The XWiki Admin Tools Application provides tools to help the administration of XWiki. Starting in version 4.4 and prior to version 4.5.1, a cross site request forgery vulnerability in the admin tool for executing shell commands on the server allows an attacker to execute arbitrary shell commands by tricking an admin into loading the URL with the shell command. A very simple possibility for an attack are comments. When the attacker can leave a comment on any page in the wiki it is sufficient to include an image with an URL like `/xwiki/bin/view/Admin/RunShellCommand?command=touch%20/tmp/attacked` in the comment. When an admin views the comment, the file `/tmp/attacked` will be created on the server. The output of the command is also vulnerable to XWiki syntax injection which offers a simple way to execute Groovy in the context of the XWiki installation and thus an even easier way to compromise the integrity and confidentiality of the whole XWiki installation. This has been patched by adding a form token check in version 4.5.1 of the admin tools. Some workarounds are available. The patch can be applied manually to the affected wiki pages. Alternatively, the document `Admin.RunShellCommand` can also be deleted if the possibility to run shell commands isn't needed.

Action-Not Available
Vendor-XWiki SAS
Product-admin_toolsapplication-admintools
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-47238
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 22.73%
||
7 Day CHG~0.00%
Published-09 Nov, 2023 | 18:21
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Top 10 Plugin <= 3.3.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in WebberZone Top 10 – WordPress Popular posts by WebberZone plugin <= 3.3.2 versions.

Action-Not Available
Vendor-webberzoneWebberZone
Product-top_10Top 10 – WordPress Popular posts by WebberZone
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-48331
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.17% / 37.99%
||
7 Day CHG~0.00%
Published-30 Nov, 2023 | 12:54
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MyBookTable Bookstore Plugin <= 3.3.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Stormhill Media MyBookTable Bookstore by Stormhill Media allows Cross Site Request Forgery.This issue affects MyBookTable Bookstore by Stormhill Media: from n/a through 3.3.4.

Action-Not Available
Vendor-stormhillmediaStormhill Media
Product-mybook_table_bookstoreMyBookTable Bookstore by Stormhill Media
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-47350
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.68% / 71.66%
||
7 Day CHG~0.00%
Published-22 Nov, 2023 | 00:00
Updated-26 Nov, 2024 | 19:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-Site Request Forgery (CSRF) vulnerability in SwiftyEdit Content Management System prior to v1.2.0, allows remote attackers to escalate privileges via the user password update functionality.

Action-Not Available
Vendor-swiftyeditn/a
Product-swiftyeditn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-47556
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.19% / 40.87%
||
7 Day CHG~0.00%
Published-18 Nov, 2023 | 21:35
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Device Theme Switcher Plugin <= 3.0.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in James Mehorter Device Theme Switcher.This issue affects Device Theme Switcher: from n/a through 3.0.2.

Action-Not Available
Vendor-jamesmehorterJames Mehorter
Product-device_theme_switcherDevice Theme Switcher
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-47757
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 29.54%
||
7 Day CHG~0.00%
Published-17 Nov, 2023 | 08:52
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AWeber Plugin <= 7.3.9 is vulnerable to Broken Access Control

Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in AWeber AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth allows Accessing Functionality Not Properly Constrained by ACLs, Cross-Site Request Forgery.This issue affects AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth: from n/a through 7.3.9.

Action-Not Available
Vendor-AWeber
Product-aweberAWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-862
Missing Authorization
CVE-2023-47578
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.21% / 42.87%
||
7 Day CHG~0.00%
Published-13 Dec, 2023 | 00:00
Updated-08 Oct, 2024 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices are susceptible to Cross Site Request Forgery (CSRF) attacks due to the absence of CSRF protection in the web interface.

Action-Not Available
Vendor-relyumn/arelyum
Product-rely-pcie_firmwarerely-pcierely-rec_firmwarerely-recn/arely-pcie_firmwarerely-rec_firmware
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-47792
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.34%
||
7 Day CHG~0.00%
Published-22 Nov, 2023 | 18:41
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Big File Uploads Plugin <= 2.1.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Infinite Uploads Big File Uploads – Increase Maximum File Upload Size plugin <= 2.1.1 versions.

Action-Not Available
Vendor-infiniteuploadsInfinite Uploads
Product-big_file_uploadsBig File Uploads – Increase Maximum File Upload Size
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-48282
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.12% / 31.03%
||
7 Day CHG~0.00%
Published-30 Nov, 2023 | 13:07
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Taxonomy filter Plugin <= 2.2.9 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Andrea Landonio Taxonomy filter allows Cross Site Request Forgery.This issue affects Taxonomy filter: from n/a through 2.2.9.

Action-Not Available
Vendor-andrealandonioAndrea Landonio
Product-taxonomy_filterTaxonomy filter
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-47787
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.14%
||
7 Day CHG~0.00%
Published-18 Dec, 2023 | 15:30
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce Bookings Plugin <= 2.0.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Bookings.This issue affects WooCommerce Bookings: from n/a through 2.0.3.

Action-Not Available
Vendor-WooCommerceAutomattic Inc.
Product-woocommerce_bookingsWooCommerce Bookings
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-48058
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.08% / 22.52%
||
7 Day CHG~0.00%
Published-13 Nov, 2023 | 00:00
Updated-04 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/task/run

Action-Not Available
Vendor-iteachyoun/adreamer_cms_project
Product-dreamer_cmsn/adreamer_cms
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-48284
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 31.05%
||
7 Day CHG~0.00%
Published-30 Nov, 2023 | 13:01
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Decorator – WooCommerce Email Customizer Plugin <= 1.2.7 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in WebToffee Decorator – WooCommerce Email Customizer allows Cross Site Request Forgery.This issue affects Decorator – WooCommerce Email Customizer: from n/a through 1.2.7.

Action-Not Available
Vendor-webtoffeeWebToffee
Product-decoratorDecorator – WooCommerce Email Customizer
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-47322
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.14% / 34.23%
||
7 Day CHG~0.00%
Published-13 Dec, 2023 | 00:00
Updated-02 Aug, 2024 | 21:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The "userModify" feature of Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) leading to privilege escalation. If an administrator goes to a malicious URL while being authenticated to the Silverpeas application, the CSRF with execute making the attacker an administrator user in the application.

Action-Not Available
Vendor-silverpeasn/a
Product-silverpeasn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-47789
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.14%
||
7 Day CHG~0.00%
Published-18 Dec, 2023 | 15:43
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce Canada Post Shipping Plugin <= 2.8.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Canada Post Shipping Method.This issue affects Canada Post Shipping Method: from n/a through 2.8.3.

Action-Not Available
Vendor-WooCommerceAutomattic Inc.
Product-canada_post_shipping_methodCanada Post Shipping Method
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-47651
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 31.75%
||
7 Day CHG~0.00%
Published-18 Nov, 2023 | 21:17
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Links Page Plugin <= 4.9.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Robert Macchi WP Links Page.This issue affects WP Links Page: from n/a through 4.9.4.

Action-Not Available
Vendor-wplinkspageRobert Macchi
Product-wp_links_pageWP Links Page
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-4373
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.13% / 32.42%
||
7 Day CHG~0.00%
Published-07 Jun, 2023 | 01:51
Updated-08 Apr, 2026 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Better Search <= 2.5.2 - Cross-Site Request Forgery to Settings Import

The Better Search plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.2. This makes it possible for unauthenticated attackers to import settings via forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-webberzoneajay
Product-better_searchBetter Search – Relevant search results for WordPress
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-45906
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.08% / 22.52%
||
7 Day CHG~0.00%
Published-17 Oct, 2023 | 00:00
Updated-04 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/user/add.

Action-Not Available
Vendor-iteachyoun/a
Product-dreamer_cmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-46625
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.14%
||
7 Day CHG~0.00%
Published-13 Nov, 2023 | 00:33
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Autolinks Manager Plugin <= 1.10.04 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in DAEXT Autolinks Manager plugin <= 1.10.04 versions.

Action-Not Available
Vendor-daextDAEXT
Product-autolinks_managerAutolinks Manager
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-46781
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.34%
||
7 Day CHG~0.00%
Published-06 Nov, 2023 | 11:19
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Current Menu Item for Custom Post Types Plugin <= 1.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Roland Murg Current Menu Item for Custom Post Types plugin <= 1.5 versions.

Action-Not Available
Vendor-rolandmurgRoland Murg
Product-current_menu_item_for_custom_post_typesCurrent Menu Item for Custom Post Types
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-46152
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.17% / 37.99%
||
7 Day CHG~0.00%
Published-24 Oct, 2023 | 10:13
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WOLF Plugin <= 1.0.7.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional plugin <= 1.0.7.1 versions.

Action-Not Available
Vendor-PluginUs.Net (RealMag777)
Product-wolf_-_wordpress_posts_bulk_editor_and_products_manager_professionalWOLF – WordPress Posts Bulk Editor and Manager Professional
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-45836
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 34.75%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 10:25
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ultimate Taxonomy Manager Plugin <= 2.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in XYDAC Ultimate Taxonomy Manager plugin <= 2.0 versions.

Action-Not Available
Vendor-xydacXYDAC
Product-ultimate_taxonomy_managerUltimate Taxonomy Manager
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-46618
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.14%
||
7 Day CHG~0.00%
Published-13 Nov, 2023 | 00:46
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Category SEO Meta Tags Plugin <= 2.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Bala Krishna, Sergey Yakovlev Category SEO Meta Tags plugin <= 2.5 versions.

Action-Not Available
Vendor-bala-krishnaBala Krishna, Sergey Yakovlev
Product-category_seo_meta_tagsCategory SEO Meta Tags
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-45903
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.08% / 22.52%
||
7 Day CHG~0.00%
Published-17 Oct, 2023 | 00:00
Updated-04 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/label/delete.

Action-Not Available
Vendor-iteachyoun/a
Product-dreamer_cmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-46089
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.34%
||
7 Day CHG~0.00%
Published-22 Oct, 2023 | 21:14
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Userback Plugin <= 1.0.13 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Lee Le @ Userback Userback plugin <= 1.0.13 versions.

Action-Not Available
Vendor-userbackLee Le @ Userback
Product-userbackUserback
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-45901
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.08% / 22.52%
||
7 Day CHG~0.00%
Published-17 Oct, 2023 | 00:00
Updated-04 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin\/category\/add.

Action-Not Available
Vendor-iteachyoun/a
Product-dreamer_cmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 47
  • 48
  • Next
Details not found