Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-13260

Summary
Assigner-drupal
Assigner Org ID-2c85b837-eb8b-40ed-9d74-228c62987387
Published At-09 Jan, 2025 | 19:12
Updated At-10 Jan, 2025 | 16:42
Rejected At-
Credits

Migrate queue importer - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2024-024

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Migrate queue importer allows Cross Site Request Forgery.This issue affects Migrate queue importer: from 0.0.0 before 2.1.1.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:drupal
Assigner Org ID:2c85b837-eb8b-40ed-9d74-228c62987387
Published At:09 Jan, 2025 | 19:12
Updated At:10 Jan, 2025 | 16:42
Rejected At:
▼CVE Numbering Authority (CNA)
Migrate queue importer - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2024-024

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Migrate queue importer allows Cross Site Request Forgery.This issue affects Migrate queue importer: from 0.0.0 before 2.1.1.

Affected Products
Vendor
The Drupal AssociationDrupal
Product
Migrate queue importer
Collection URL
https://www.drupal.org/project/migrate_queue_importer
Repo
https://git.drupalcode.org/project/migrate_queue_importer
Default Status
unaffected
Versions
Affected
  • From 0.0.0 before 2.1.1 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-352CWE-352 Cross-Site Request Forgery (CSRF)
Type: CWE
CWE ID: CWE-352
Description: CWE-352 Cross-Site Request Forgery (CSRF)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-62CAPEC-62 Cross Site Request Forgery
CAPEC ID: CAPEC-62
Description: CAPEC-62 Cross Site Request Forgery
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Pierre Rudloff
remediation developer
David Bätge
remediation developer
Pierre Rudloff
coordinator
Greg Knaddison
coordinator
Juraj Nemec
coordinator
Michael Hess
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.drupal.org/sa-contrib-2024-024
N/A
Hyperlink: https://www.drupal.org/sa-contrib-2024-024
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:mlhess@drupal.org
Published At:09 Jan, 2025 | 20:15
Updated At:04 Jun, 2025 | 15:13

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Migrate queue importer allows Cross Site Request Forgery.This issue affects Migrate queue importer: from 0.0.0 before 2.1.1.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CPE Matches
migrate_queue_importer_project
migrate_queue_importer_project
>>migrate_queue_importer>>Versions before 2.1.1(exclusive)
cpe:2.3:a:migrate_queue_importer_project:migrate_queue_importer:*:*:*:*:*:drupal:*:*
Weaknesses
CWE IDTypeSource
CWE-352Secondarymlhess@drupal.org
CWE-352Primarynvd@nist.gov
CWE ID: CWE-352
Type: Secondary
Source: mlhess@drupal.org
CWE ID: CWE-352
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.drupal.org/sa-contrib-2024-024mlhess@drupal.org
Vendor Advisory
Hyperlink: https://www.drupal.org/sa-contrib-2024-024
Source: mlhess@drupal.org
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

2417Records found
CVE-2025-47701
Matching Score-10
Assigner-Drupal.org
ShareView Details
Matching Score-10
Assigner-Drupal.org
CVSS Score-8.8||HIGH
EPSS-0.10% / 27.81%
||
7 Day CHG~0.00%
Published-14 May, 2025 | 17:01
Updated-20 May, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Restrict route by IP - Critical - Cross Site Request Forgery - SA-CONTRIB-2025-047

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Restrict route by IP allows Cross Site Request Forgery.This issue affects Restrict route by IP: from 0.0.0 before 1.3.0.

Action-Not Available
Vendor-The Drupal Association
Product-Restrict route by IP
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31677
Matching Score-10
Assigner-Drupal.org
ShareView Details
Matching Score-10
Assigner-Drupal.org
CVSS Score-8.8||HIGH
EPSS-0.34% / 57.25%
||
7 Day CHG~0.00%
Published-31 Mar, 2025 | 21:37
Updated-04 Jun, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AI (Artificial Intelligence) - Critical - Cross Site Request Forgery - SA-CONTRIB-2025-003

Cross-Site Request Forgery (CSRF) vulnerability in Drupal AI (Artificial Intelligence) allows Cross Site Request Forgery.This issue affects AI (Artificial Intelligence): from 1.0.0 before 1.0.2.

Action-Not Available
Vendor-artificial_intelligence_projectThe Drupal Association
Product-artificial_intelligenceAI (Artificial Intelligence)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31690
Matching Score-10
Assigner-Drupal.org
ShareView Details
Matching Score-10
Assigner-Drupal.org
CVSS Score-8.8||HIGH
EPSS-0.41% / 61.68%
||
7 Day CHG~0.00%
Published-31 Mar, 2025 | 21:49
Updated-02 Sep, 2025 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cache Utility - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-019

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Cache Utility allows Cross Site Request Forgery.This issue affects Cache Utility: from 0.0.0 before 1.2.1.

Action-Not Available
Vendor-cache_utility_projectThe Drupal Association
Product-cache_utilityCache Utility
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-48921
Matching Score-10
Assigner-Drupal.org
ShareView Details
Matching Score-10
Assigner-Drupal.org
CVSS Score-8.8||HIGH
EPSS-0.09% / 26.38%
||
7 Day CHG~0.00%
Published-26 Jun, 2025 | 13:32
Updated-09 Jul, 2025 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open Social - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-079

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Open Social allows Cross Site Request Forgery.This issue affects Open Social: from 0.0.0 before 12.3.14, from 12.4.0 before 12.4.13.

Action-Not Available
Vendor-getopensocialThe Drupal Association
Product-open_socialOpen Social
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-47708
Matching Score-10
Assigner-Drupal.org
ShareView Details
Matching Score-10
Assigner-Drupal.org
CVSS Score-8.8||HIGH
EPSS-0.10% / 27.81%
||
7 Day CHG~0.00%
Published-14 May, 2025 | 17:03
Updated-10 Jun, 2025 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Enterprise MFA - TFA for Drupal - Critical - Cross Site Request Forgery - SA-CONTRIB-2025-054

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Cross Site Request Forgery.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0.

Action-Not Available
Vendor-miniorangeThe Drupal Association
Product-miniorange_2faEnterprise MFA - TFA for Drupal
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-13244
Matching Score-10
Assigner-Drupal.org
ShareView Details
Matching Score-10
Assigner-Drupal.org
CVSS Score-8.8||HIGH
EPSS-0.42% / 62.56%
||
7 Day CHG~0.00%
Published-09 Jan, 2025 | 18:50
Updated-04 Jun, 2025 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Migrate Tools - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2024-008

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Migrate Tools allows Cross Site Request Forgery.This issue affects Migrate Tools: from 0.0.0 before 6.0.3.

Action-Not Available
Vendor-migrate_tools_projectThe Drupal Association
Product-migrate_toolsMigrate Tools
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-13250
Matching Score-10
Assigner-Drupal.org
ShareView Details
Matching Score-10
Assigner-Drupal.org
CVSS Score-8.8||HIGH
EPSS-0.42% / 62.56%
||
7 Day CHG~0.00%
Published-09 Jan, 2025 | 18:57
Updated-04 Jun, 2025 | 16:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Drupal Symfony Mailer Lite - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2024-014

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Drupal Symfony Mailer Lite allows Cross Site Request Forgery.This issue affects Drupal Symfony Mailer Lite: from 0.0.0 before 1.0.6.

Action-Not Available
Vendor-drupal_symfony_mailer_lite_projectThe Drupal Association
Product-drupal_symfony_mailer_liteDrupal Symfony Mailer Lite
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-13284
Matching Score-10
Assigner-Drupal.org
ShareView Details
Matching Score-10
Assigner-Drupal.org
CVSS Score-8.8||HIGH
EPSS-0.22% / 44.35%
||
7 Day CHG~0.00%
Published-09 Jan, 2025 | 19:36
Updated-02 Sep, 2025 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Gutenberg - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2024-048

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Gutenberg allows Cross Site Request Forgery.This issue affects Gutenberg: from 0.0.0 before 2.13.0, from 3.0.0 before 3.0.5.

Action-Not Available
Vendor-drupalgutenbergThe Drupal Association
Product-gutenbergGutenberg
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-13663
Matching Score-10
Assigner-Drupal.org
ShareView Details
Matching Score-10
Assigner-Drupal.org
CVSS Score-8.8||HIGH
EPSS-0.15% / 36.22%
||
7 Day CHG~0.00%
Published-11 Jun, 2021 | 15:07
Updated-04 Aug, 2024 | 12:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross Site Request Forgery vulnerability in Drupal Core Form API does not properly handle certain form input from cross-site requests, which can lead to other vulnerabilities.

Action-Not Available
Vendor-The Drupal Association
Product-drupalDrupal Core
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-48445
Matching Score-8
Assigner-Drupal.org
ShareView Details
Matching Score-8
Assigner-Drupal.org
CVSS Score-8.8||HIGH
EPSS-0.29% / 52.63%
||
7 Day CHG~0.00%
Published-11 Jun, 2025 | 14:31
Updated-16 Jun, 2025 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Commerce Eurobank (Redirect) - Moderately critical - Access bypass - SA-CONTRIB-2025-066

Incorrect Authorization vulnerability in Drupal Commerce Eurobank (Redirect) allows Functionality Misuse.This issue affects Commerce Eurobank (Redirect): from 0.0.0 before 2.1.1.

Action-Not Available
Vendor-commerce_eurobank_\(redirect\)_projectThe Drupal Association
Product-commerce_eurobank_\(redirect\)Commerce Eurobank (Redirect)
CWE ID-CWE-863
Incorrect Authorization
CVE-2025-48446
Matching Score-8
Assigner-Drupal.org
ShareView Details
Matching Score-8
Assigner-Drupal.org
CVSS Score-8.8||HIGH
EPSS-0.29% / 52.63%
||
7 Day CHG~0.00%
Published-11 Jun, 2025 | 14:34
Updated-16 Jun, 2025 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Commerce Alphabank Redirect - Moderately critical - Access bypass - SA-CONTRIB-2025-067

Incorrect Authorization vulnerability in Drupal Commerce Alphabank Redirect allows Functionality Misuse.This issue affects Commerce Alphabank Redirect: from 0.0.0 before 1.0.3.

Action-Not Available
Vendor-commerce_alphabank_redirect_projectThe Drupal Association
Product-commerce_alphabank_redirectCommerce Alphabank Redirect
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-13282
Matching Score-8
Assigner-Drupal.org
ShareView Details
Matching Score-8
Assigner-Drupal.org
CVSS Score-8.8||HIGH
EPSS-0.18% / 39.19%
||
7 Day CHG~0.00%
Published-09 Jan, 2025 | 19:35
Updated-02 Sep, 2025 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Block permissions - Moderately critical - Access bypass - SA-CONTRIB-2024-046

Incorrect Authorization vulnerability in Drupal Block permissions allows Forceful Browsing.This issue affects Block permissions: from 1.0.0 before 1.2.0.

Action-Not Available
Vendor-block_permissions_projectThe Drupal Association
Product-block_permissionsBlock permissions
CWE ID-CWE-863
Incorrect Authorization
CVE-2020-13664
Matching Score-8
Assigner-Drupal.org
ShareView Details
Matching Score-8
Assigner-Drupal.org
CVSS Score-8.8||HIGH
EPSS-1.96% / 83.95%
||
7 Day CHG~0.00%
Published-05 May, 2021 | 14:56
Updated-04 Aug, 2024 | 12:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Arbitrary PHP code execution vulnerability in Drupal Core under certain circumstances. An attacker could trick an administrator into visiting a malicious site that could result in creating a carefully named directory on the file system. With this directory in place, an attacker could attempt to brute force a remote code execution vulnerability. Windows servers are most likely to be affected. This issue affects: Drupal Drupal Core 8.8.x versions prior to 8.8.8; 8.9.x versions prior to 8.9.1; 9.0.1 versions prior to 9.0.1.

Action-Not Available
Vendor-The Drupal Association
Product-drupalDrupal Core
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-3907
Matching Score-6
Assigner-Drupal.org
ShareView Details
Matching Score-6
Assigner-Drupal.org
CVSS Score-4.3||MEDIUM
EPSS-0.17% / 37.88%
||
7 Day CHG~0.00%
Published-23 Apr, 2025 | 17:08
Updated-02 Sep, 2025 | 18:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Search API Solr - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-046

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Search API Solr allows Cross Site Request Forgery.This issue affects Search API Solr: from 0.0.0 before 4.3.9.

Action-Not Available
Vendor-drunkenmonkeyThe Drupal Association
Product-search_api_solrSearch API Solr
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-3131
Matching Score-6
Assigner-Drupal.org
ShareView Details
Matching Score-6
Assigner-Drupal.org
CVSS Score-5.4||MEDIUM
EPSS-0.30% / 53.42%
||
7 Day CHG~0.00%
Published-09 Apr, 2025 | 17:47
Updated-22 Apr, 2025 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ECA: Event - Condition - Action - Critical - Cross site request forgery - SA-CONTRIB-2025-031

Cross-Site Request Forgery (CSRF) vulnerability in Drupal ECA: Event - Condition - Action allows Cross Site Request Forgery.This issue affects ECA: Event - Condition - Action: from 0.0.0 before 1.1.12, from 2.0.0 before 2.0.16, from 2.1.0 before 2.1.7, from 0.0.0 before 1.2.*.

Action-Not Available
Vendor-The Drupal Association
Product-eca\ECA: Event - Condition - Action
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31683
Matching Score-6
Assigner-Drupal.org
ShareView Details
Matching Score-6
Assigner-Drupal.org
CVSS Score-6.8||MEDIUM
EPSS-0.33% / 56.21%
||
7 Day CHG~0.00%
Published-31 Mar, 2025 | 21:41
Updated-02 Jun, 2025 | 20:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Google Tag - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-012

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Google Tag allows Cross Site Request Forgery.This issue affects Google Tag: from 0.0.0 before 1.8.0, from 2.0.0 before 2.0.8.

Action-Not Available
Vendor-google_tag_projectThe Drupal Association
Product-google_tagGoogle Tag
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31689
Matching Score-6
Assigner-Drupal.org
ShareView Details
Matching Score-6
Assigner-Drupal.org
CVSS Score-8.1||HIGH
EPSS-0.43% / 62.83%
||
7 Day CHG~0.00%
Published-31 Mar, 2025 | 21:45
Updated-02 Sep, 2025 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
General Data Protection Regulation - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-018

Cross-Site Request Forgery (CSRF) vulnerability in Drupal General Data Protection Regulation allows Cross Site Request Forgery.This issue affects General Data Protection Regulation: from 0.0.0 before 3.0.1, from 3.1.0 before 3.1.2.

Action-Not Available
Vendor-general_data_protection_regulation_projectThe Drupal Association
Product-general_data_protection_regulationGeneral Data Protection Regulation
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31688
Matching Score-6
Assigner-Drupal.org
ShareView Details
Matching Score-6
Assigner-Drupal.org
CVSS Score-6.8||MEDIUM
EPSS-0.30% / 53.87%
||
7 Day CHG~0.00%
Published-31 Mar, 2025 | 21:45
Updated-28 Aug, 2025 | 14:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Configuration Split - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-017

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Configuration Split allows Cross Site Request Forgery.This issue affects Configuration Split: from 0.0.0 before 1.10.0, from 2.0.0 before 2.0.2.

Action-Not Available
Vendor-nuvoleThe Drupal Association
Product-configuration_splitConfiguration Split
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31684
Matching Score-6
Assigner-Drupal.org
ShareView Details
Matching Score-6
Assigner-Drupal.org
CVSS Score-6.8||MEDIUM
EPSS-0.30% / 53.87%
||
7 Day CHG~0.00%
Published-31 Mar, 2025 | 21:43
Updated-28 Aug, 2025 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OAuth2 Client - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-013

Cross-Site Request Forgery (CSRF) vulnerability in Drupal OAuth2 Client allows Cross Site Request Forgery.This issue affects OAuth2 Client: from 0.0.0 before 4.1.3.

Action-Not Available
Vendor-mskccThe Drupal Association
Product-oauth2_clientOAuth2 Client
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-13982
Matching Score-6
Assigner-Drupal.org
ShareView Details
Matching Score-6
Assigner-Drupal.org
CVSS Score-8.1||HIGH
EPSS-0.03% / 9.05%
||
7 Day CHG~0.00%
Published-28 Jan, 2026 | 20:01
Updated-19 Feb, 2026 | 21:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Login Time Restriction - Moderately critical - Cross-Site Request Forgery - SA-CONTRIB-2025-120

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Login Time Restriction allows Cross Site Request Forgery.This issue affects Login Time Restriction: from 0.0.0 before 1.0.3.

Action-Not Available
Vendor-innoraftThe Drupal Association
Product-login_time_restrictionLogin Time Restriction
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-14472
Matching Score-6
Assigner-Drupal.org
ShareView Details
Matching Score-6
Assigner-Drupal.org
CVSS Score-8.1||HIGH
EPSS-0.03% / 8.51%
||
7 Day CHG~0.00%
Published-28 Jan, 2026 | 20:03
Updated-06 Feb, 2026 | 19:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Acquia Content Hub - Moderately critical - Cross-Site Request Forgery - SA-CONTRIB-2025-125

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Acquia Content Hub allows Cross Site Request Forgery.This issue affects Acquia Content Hub: from 0.0.0 before 3.6.4, from 3.7.0 before 3.7.3.

Action-Not Available
Vendor-acquiaThe Drupal Association
Product-acquia_content_hubAcquia Content Hub
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-10930
Matching Score-6
Assigner-Drupal.org
ShareView Details
Matching Score-6
Assigner-Drupal.org
CVSS Score-6.5||MEDIUM
EPSS-0.02% / 5.00%
||
7 Day CHG~0.00%
Published-29 Oct, 2025 | 23:13
Updated-12 Dec, 2025 | 18:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Currency - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-110

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Currency allows Cross Site Request Forgery.This issue affects Currency: from 0.0.0 before 3.5.0.

Action-Not Available
Vendor-2bitsThe Drupal Association
Product-currencyCurrency
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-6379
Matching Score-6
Assigner-Drupal.org
ShareView Details
Matching Score-6
Assigner-Drupal.org
CVSS Score-7.5||HIGH
EPSS-0.19% / 41.00%
||
7 Day CHG~0.00%
Published-16 Mar, 2017 | 14:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some administrative paths in Drupal 8.2.x before 8.2.7 did not include protection for CSRF. This would allow an attacker to disable some blocks on a site. This issue is mitigated by the fact that users would have to know the block ID.

Action-Not Available
Vendor-The Drupal Association
Product-drupalDrupal Core
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2026-4393
Matching Score-6
Assigner-Drupal.org
ShareView Details
Matching Score-6
Assigner-Drupal.org
CVSS Score-4.3||MEDIUM
EPSS-0.02% / 6.27%
||
7 Day CHG~0.00%
Published-26 Mar, 2026 | 20:10
Updated-01 Apr, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Automated Logout - Moderately critical - Cross-site request forgery - SA-CONTRIB-2026-030

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Automated Logout allows Cross Site Request Forgery.This issue affects Automated Logout: from 0.0.0 before 1.7.0, from 2.0.0 before 2.0.2.

Action-Not Available
Vendor-ajkThe Drupal Association
Product-automated_logoutAutomated Logout
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31680
Matching Score-6
Assigner-Drupal.org
ShareView Details
Matching Score-6
Assigner-Drupal.org
CVSS Score-6.8||MEDIUM
EPSS-0.36% / 58.43%
||
7 Day CHG~0.00%
Published-31 Mar, 2025 | 21:39
Updated-02 Jun, 2025 | 20:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Matomo Analytics - Moderately critical - Cross site request forgery - SA-CONTRIB-2025-008

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Matomo Analytics allows Cross Site Request Forgery.This issue affects Matomo Analytics: from 0.0.0 before 1.24.0.

Action-Not Available
Vendor-matomo_analytics_projectThe Drupal Association
Product-matomo_analyticsMatomo Analytics
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-13293
Matching Score-6
Assigner-Drupal.org
ShareView Details
Matching Score-6
Assigner-Drupal.org
CVSS Score-3.1||LOW
EPSS-0.17% / 38.16%
||
7 Day CHG~0.00%
Published-09 Jan, 2025 | 20:17
Updated-02 Sep, 2025 | 18:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
POST File - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2024-059

Cross-Site Request Forgery (CSRF) vulnerability in Drupal POST File allows Cross Site Request Forgery.This issue affects POST File: from 0.0.0 before 1.0.2.

Action-Not Available
Vendor-post_file_projectThe Drupal Association
Product-post_filePOST File
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-13304
Matching Score-6
Assigner-Drupal.org
ShareView Details
Matching Score-6
Assigner-Drupal.org
CVSS Score-4.5||MEDIUM
EPSS-0.11% / 29.88%
||
7 Day CHG~0.00%
Published-09 Jan, 2025 | 20:25
Updated-28 Aug, 2025 | 11:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Minify JS - Moderately critical - Cross site request forgery - SA-CONTRIB-2024-070

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Minify JS allows Cross Site Request Forgery.This issue affects Minify JS: from 0.0.0 before 3.0.3.

Action-Not Available
Vendor-matthiasmullieThe Drupal Association
Product-minify_jsMinify JS
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-13261
Matching Score-6
Assigner-Drupal.org
ShareView Details
Matching Score-6
Assigner-Drupal.org
CVSS Score-3.5||LOW
EPSS-0.07% / 22.22%
||
7 Day CHG~0.00%
Published-09 Jan, 2025 | 19:14
Updated-27 Aug, 2025 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Acquia DAM - Moderately critical - Cross Site Request Forgery, Denial of Service - SA-CONTRIB-2024-025

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Acquia DAM allows Cross Site Request Forgery.This issue affects Acquia DAM: from 0.0.0 before 1.0.13, from 1.1.0 before 1.1.0-beta3.

Action-Not Available
Vendor-acquiaThe Drupal Association
Product-damAcquia DAM
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-13674
Matching Score-6
Assigner-Drupal.org
ShareView Details
Matching Score-6
Assigner-Drupal.org
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 34.12%
||
7 Day CHG~0.00%
Published-11 Feb, 2022 | 15:45
Updated-04 Aug, 2024 | 12:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The QuickEdit module does not properly validate access to routes, which could allow cross-site request forgery under some circumstances and lead to possible data integrity issues. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed. Removing the "access in-place editing" permission from untrusted users will not fully mitigate the vulnerability.

Action-Not Available
Vendor-The Drupal Association
Product-drupalCore
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-13673
Matching Score-6
Assigner-Drupal.org
ShareView Details
Matching Score-6
Assigner-Drupal.org
CVSS Score-6.1||MEDIUM
EPSS-0.15% / 35.33%
||
7 Day CHG~0.00%
Published-11 Feb, 2022 | 15:35
Updated-04 Aug, 2024 | 12:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Entity Embed module provides a filter to allow embedding entities in content fields. In certain circumstances, the filter could allow an unprivileged user to inject HTML into a page when it is accessed by a trusted user with permission to embed entities. In some cases, this could lead to cross-site scripting.

Action-Not Available
Vendor-The Drupal Association
Product-entity_embedEntity Embed
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-3211
Matching Score-6
Assigner-Drupal.org
ShareView Details
Matching Score-6
Assigner-Drupal.org
CVSS Score-4.3||MEDIUM
EPSS-0.02% / 6.02%
||
7 Day CHG~0.00%
Published-25 Mar, 2026 | 15:21
Updated-31 Mar, 2026 | 19:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Theme Negotiation by Rules - Moderately critical - Cross-site request forgery - SA-CONTRIB-2026-012

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Theme Negotiation by Rules allows Cross Site Request Forgery.This issue affects Theme Negotiation by Rules: from 0.0.0 before 1.2.1.

Action-Not Available
Vendor-webikonThe Drupal Association
Product-theme_negotiation_by_rulesTheme Negotiation by Rules
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-1259
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-5.04% / 90.01%
||
7 Day CHG~0.00%
Published-11 Sep, 2019 | 21:24
Updated-04 Aug, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests to authorize applications, resulting in cross-site request forgery (CSRF).To exploit this vulnerability, an attacker would need to create a page specifically designed to cause a cross-site request, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1261.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_foundationMicrosoft SharePoint Foundation
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-47723
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-6.9||MEDIUM
EPSS-0.02% / 6.68%
||
7 Day CHG~0.00%
Published-09 Dec, 2025 | 20:41
Updated-07 Apr, 2026 | 14:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
STVS ProVision Cross-Site Request Forgery (Add Admin)

STVS ProVision 5.9.10 contains a cross-site request forgery vulnerability that allows attackers to perform actions with administrative privileges by exploiting unvalidated HTTP requests. Attackers can visit malicious web sites to trigger the forge request, allowing them to create new admin users.

Action-Not Available
Vendor-stvsSTVS SA
Product-provisionSTVS ProVision
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-14043
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.40% / 61.02%
||
7 Day CHG~0.00%
Published-24 Aug, 2020 | 15:34
Updated-04 Aug, 2024 | 12:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Cross Side Request Forgery (CSRF) vulnerability was found in Codiad v1.7.8 and later. The request to download a plugin from the marketplace is only available to admin users and it isn't CSRF protected in components/market/controller.php. This might cause admins to make a vulnerable request without them knowing and result in remote code execution. NOTE: the vendor states "Codiad is no longer under active maintenance by core contributors."

Action-Not Available
Vendor-codiadn/a
Product-codiadn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-51683
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.11% / 29.43%
||
7 Day CHG~0.00%
Published-28 Feb, 2024 | 16:45
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Easy PayPal Buy Now Button Plugin <= 1.8.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Easy PayPal & Stripe Buy Now Button.This issue affects Easy PayPal & Stripe Buy Now Button: from n/a through 1.8.1.

Action-Not Available
Vendor-wppluginScott Paterson
Product-easy_paypal_\&_stripe_buy_now_buttonEasy PayPal & Stripe Buy Now Button
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-50902
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.19% / 40.51%
||
7 Day CHG+0.02%
Published-20 Aug, 2025 | 00:00
Updated-09 Oct, 2025 | 17:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross Site Request Forgery (CSRF) vulnerability in old-peanut Open-Shop (aka old-peanut/wechat_applet__open_source) thru 1.0.0 allows attackers to gain sensitive information via crafted HTTP Post message.

Action-Not Available
Vendor-old-peanutn/a
Product-open-shopn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-49399
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.03% / 9.57%
||
7 Day CHG~0.00%
Published-20 Aug, 2025 | 08:03
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress NEX-Forms Plugin <= 9.1.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows Cross Site Request Forgery.This issue affects NEX-Forms: from n/a through <= 9.1.3.

Action-Not Available
Vendor-Basix
Product-NEX-Forms
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-49291
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 25.24%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:53
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Calculated Fields Form plugin <= 5.3.58 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in codepeople Calculated Fields Form calculated-fields-form allows Cross Site Request Forgery.This issue affects Calculated Fields Form: from n/a through <= 5.3.58.

Action-Not Available
Vendor-CodePeople
Product-calculated_fields_formCalculated Fields Form
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-47633
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 25.24%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:20
Updated-12 May, 2026 | 00:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Awin – Advertiser Tracking for WooCommerce plugin <= 2.0.0 - CSRF to Product Feed Regeneration vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Awin Awin – Advertiser Tracking for WooCommerce awin-advertiser-tracking allows Cross Site Request Forgery.This issue affects Awin – Advertiser Tracking for WooCommerce: from n/a through <= 2.0.0.

Action-Not Available
Vendor-awinAwin
Product-awin_-_advertiser_tracking_for_woocommerceAwin – Advertiser Tracking for WooCommerce
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-47546
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.09% / 25.61%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:20
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Compress plugin <= 6.30.30 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in AresIT WP Compress wp-compress-image-optimizer allows Cross Site Request Forgery.This issue affects WP Compress: from n/a through <= 6.30.30.

Action-Not Available
Vendor-wpcompressAresIT
Product-wp_compressWP Compress
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-32744
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 16.39%
||
7 Day CHG~0.00%
Published-09 Nov, 2023 | 20:53
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce Product Recommendations Plugin < 2.3.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Product Recommendations plugin <= 2.3.0 versions.

Action-Not Available
Vendor-WooCommerce
Product-product_recommendationsProduct Recommendations
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-32589
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 28.51%
||
7 Day CHG-0.04%
Published-20 May, 2023 | 22:48
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Dyslexiefont Free Plugin <= 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in PingOnline Dyslexiefont Free plugin <= 1.0.0 versions.

Action-Not Available
Vendor-pingonlinePingOnline
Product-dyslexiefont_freeDyslexiefont Free
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-47624
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 25.24%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:20
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress DoFollow Case by Case plugin <= 3.5.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in apasionados DoFollow Case by Case dofollow-case-by-case allows Cross Site Request Forgery.This issue affects DoFollow Case by Case: from n/a through <= 3.5.1.

Action-Not Available
Vendor-apasionadosapasionados
Product-dofollow_case_by_caseDoFollow Case by Case
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2026-29839
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.02% / 4.96%
||
7 Day CHG~0.00%
Published-24 Mar, 2026 | 00:00
Updated-25 Mar, 2026 | 20:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DedeCMS v5.7.118 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability in /sys_task_add.php.

Action-Not Available
Vendor-n/aDedeCMS
Product-dedecmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-46366
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.53% / 67.65%
||
7 Day CHG~0.00%
Published-11 Feb, 2022 | 20:08
Updated-04 Aug, 2024 | 05:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in the Login page of Magnolia CMS v6.2.3 and below allows attackers to exploit both an Open Redirect vulnerability and Cross-Site Request Forgery (CSRF) in order to brute force and exfiltrate users' credentials.

Action-Not Available
Vendor-magnolia-cmsn/a
Product-magnolia_cmsn/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-47132
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-3.21% / 87.35%
||
7 Day CHG~0.00%
Published-03 Feb, 2023 | 00:00
Updated-03 Aug, 2024 | 14:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows attackers to arbitrarily add Administrator users.

Action-Not Available
Vendor-n/aCreativeitem
Product-academy_lmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-49382
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.27% / 50.68%
||
7 Day CHG~0.00%
Published-05 Dec, 2023 | 00:00
Updated-02 Aug, 2024 | 21:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/div/delete.

Action-Not Available
Vendor-jfinalcms_projectn/a
Product-jfinalcmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-47410
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-8.8||HIGH
EPSS-0.03% / 7.36%
||
7 Day CHG~0.00%
Published-18 Oct, 2025 | 15:15
Updated-04 Nov, 2025 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Geode: CSRF attacks through GET requests to the Management and Monitoring REST API that can execute gfsh commands on the target system

Apache Geode is vulnerable to CSRF attacks through GET requests to the Management and Monitoring REST API that could allow an attacker who has tricked a user into giving up their Geode session credentials to submit malicious commands on the target system on behalf of the authenticated user. This issue affects Apache Geode: versions 1.10 through 1.15.1 Users are recommended to upgrade to version 1.15.2, which fixes the issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-geodeApache Geode
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-32739
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.87%
||
7 Day CHG~0.00%
Published-09 Nov, 2023 | 20:56
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Custom Cursors Plugin < 3.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Web_Trendy WP Custom Cursors | WordPress Cursor Plugin plugin < 3.2 versions.

Action-Not Available
Vendor-hamidrezasepehrWeb_Trendy
Product-custom_cursorsWP Custom Cursors | WordPress Cursor Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-49377
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.27% / 50.68%
||
7 Day CHG~0.00%
Published-05 Dec, 2023 | 00:00
Updated-02 Aug, 2024 | 21:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/update.

Action-Not Available
Vendor-jfinalcms_projectn/a
Product-jfinalcmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 48
  • 49
  • Next
Details not found