Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-7459

Summary
Assigner-VulDB
Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5
Published At-04 Aug, 2024 | 22:31
Updated At-07 Aug, 2024 | 18:27
Rejected At-
Credits

OSWAPP Warehouse Inventory System edit_account.php cross-site request forgery

A vulnerability was found in OSWAPP Warehouse Inventory System 1.0/2.0. It has been classified as problematic. Affected is an unknown function of the file /edit_account.php. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273552.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulDB
Assigner Org ID:1af790b2-7ee1-4545-860a-a788eba489b5
Published At:04 Aug, 2024 | 22:31
Updated At:07 Aug, 2024 | 18:27
Rejected At:
▼CVE Numbering Authority (CNA)
OSWAPP Warehouse Inventory System edit_account.php cross-site request forgery

A vulnerability was found in OSWAPP Warehouse Inventory System 1.0/2.0. It has been classified as problematic. Affected is an unknown function of the file /edit_account.php. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273552.

Affected Products
Vendor
OSWAPP
Product
Warehouse Inventory System
Versions
Affected
  • 1.0
  • 2.0
Problem Types
TypeCWE IDDescription
CWECWE-352CWE-352 Cross-Site Request Forgery
Type: CWE
CWE ID: CWE-352
Description: CWE-352 Cross-Site Request Forgery
Metrics
VersionBase scoreBase severityVector
4.06.9MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
3.04.3MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
2.05.0N/A
AV:N/AC:L/Au:N/C:N/I:P/A:N
Version: 4.0
Base score: 6.9
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Version: 3.0
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Version: 2.0
Base score: 5.0
Base severity: N/A
Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Advisory disclosed2024-08-04 00:00:00
VulDB entry created2024-08-04 02:00:00
VulDB entry last update2024-08-04 08:22:37
Event: Advisory disclosed
Date: 2024-08-04 00:00:00
Event: VulDB entry created
Date: 2024-08-04 02:00:00
Event: VulDB entry last update
Date: 2024-08-04 08:22:37
Replaced By

Rejected Reason

References
HyperlinkResource
https://vuldb.com/?id.273552
vdb-entry
https://vuldb.com/?ctiid.273552
signature
permissions-required
https://vuldb.com/?submit.379590
third-party-advisory
https://gist.github.com/topsky979/26ab4dc35349a3f670fb8688c69a5cad
exploit
Hyperlink: https://vuldb.com/?id.273552
Resource:
vdb-entry
Hyperlink: https://vuldb.com/?ctiid.273552
Resource:
signature
permissions-required
Hyperlink: https://vuldb.com/?submit.379590
Resource:
third-party-advisory
Hyperlink: https://gist.github.com/topsky979/26ab4dc35349a3f670fb8688c69a5cad
Resource:
exploit
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Vendor
oswapp
Product
warehouse_inventory_system
CPEs
  • cpe:2.3:a:oswapp:warehouse_inventory_system:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • 1.0
  • 2.0
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cna@vuldb.com
Published At:04 Aug, 2024 | 23:15
Updated At:06 Aug, 2024 | 17:14

A vulnerability was found in OSWAPP Warehouse Inventory System 1.0/2.0. It has been classified as problematic. Affected is an unknown function of the file /edit_account.php. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273552.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.06.9MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Secondary3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Secondary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
Type: Secondary
Version: 4.0
Base score: 6.9
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Type: Secondary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N
CPE Matches

siamonhasan
siamonhasan
>>warehouse_inventory_system>>1.0
cpe:2.3:a:siamonhasan:warehouse_inventory_system:1.0:*:*:*:*:*:*:*
siamonhasan
siamonhasan
>>warehouse_inventory_system>>2.0
cpe:2.3:a:siamonhasan:warehouse_inventory_system:2.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-352Primarycna@vuldb.com
CWE ID: CWE-352
Type: Primary
Source: cna@vuldb.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://gist.github.com/topsky979/26ab4dc35349a3f670fb8688c69a5cadcna@vuldb.com
Exploit
Third Party Advisory
https://vuldb.com/?ctiid.273552cna@vuldb.com
Permissions Required
Third Party Advisory
VDB Entry
https://vuldb.com/?id.273552cna@vuldb.com
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.379590cna@vuldb.com
Third Party Advisory
VDB Entry
Hyperlink: https://gist.github.com/topsky979/26ab4dc35349a3f670fb8688c69a5cad
Source: cna@vuldb.com
Resource:
Exploit
Third Party Advisory
Hyperlink: https://vuldb.com/?ctiid.273552
Source: cna@vuldb.com
Resource:
Permissions Required
Third Party Advisory
VDB Entry
Hyperlink: https://vuldb.com/?id.273552
Source: cna@vuldb.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://vuldb.com/?submit.379590
Source: cna@vuldb.com
Resource:
Third Party Advisory
VDB Entry

Change History

0
Information is not available yet

Similar CVEs

4348Records found

CVE-2020-23836
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.65% / 46.42%
||
7 Day CHG~0.00%
Published-01 Sep, 2020 | 16:41
Updated-04 Aug, 2024 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Cross-Site Request Forgery (CSRF) vulnerability in edit_user.php in OSWAPP Warehouse Inventory System (aka OSWA-INV) through 2020-08-10 allows remote attackers to change the admin's password after an authenticated admin visits a third-party site.

Action-Not Available
Vendor-oswappn/a
Product-warehouse_inventory_systemn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-7460
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.35% / 27.10%
||
7 Day CHG~0.00%
Published-04 Aug, 2024 | 23:00
Updated-06 Aug, 2024 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OSWAPP Warehouse Inventory System change_password.php cross-site request forgery

A vulnerability was found in OSWAPP Warehouse Inventory System 1.0/2.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /change_password.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273553 was assigned to this vulnerability.

Action-Not Available
Vendor-siamonhasanOSWAPPoswapp
Product-warehouse_inventory_systemWarehouse Inventory Systemwarehouse_inventory_system
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-42585
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.29% / 20.76%
||
7 Day CHG~0.00%
Published-20 Aug, 2024 | 00:00
Updated-01 May, 2025 | 14:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Cross-Site Request Forgery (CSRF) in the component delete_media.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.

Action-Not Available
Vendor-siamonhasann/asiamonhasan
Product-warehouse_inventory_systemn/awarehouse_inventory_system
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-42586
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.28% / 20.19%
||
7 Day CHG~0.00%
Published-20 Aug, 2024 | 00:00
Updated-01 May, 2025 | 14:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Cross-Site Request Forgery (CSRF) in the component categorie.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.

Action-Not Available
Vendor-siamonhasann/asiamonhasan
Product-warehouse_inventory_systemn/awarehouse_inventory_system
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-42581
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-0.29% / 20.76%
||
7 Day CHG~0.00%
Published-20 Aug, 2024 | 00:00
Updated-21 Aug, 2024 | 13:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Cross-Site Request Forgery (CSRF) in the component delete_group.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.

Action-Not Available
Vendor-siamonhasann/aoswapp
Product-warehouse_inventory_systemn/awarehouse_inventory_system
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-42582
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.29% / 20.76%
||
7 Day CHG~0.00%
Published-20 Aug, 2024 | 00:00
Updated-21 Aug, 2024 | 13:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Cross-Site Request Forgery (CSRF) in the component delete_categorie.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.

Action-Not Available
Vendor-siamonhasann/asiamonhasan
Product-warehouse_inventory_systemn/awarehouse_inventory_system
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-42584
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.29% / 20.76%
||
7 Day CHG~0.00%
Published-20 Aug, 2024 | 00:00
Updated-25 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Cross-Site Request Forgery (CSRF) in the component delete_product.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.

Action-Not Available
Vendor-siamonhasann/asiamonhasan
Product-warehouse_inventory_systemn/awarehouse_inventory_system
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-42580
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.7||MEDIUM
EPSS-0.21% / 11.13%
||
7 Day CHG~0.00%
Published-20 Aug, 2024 | 00:00
Updated-21 Aug, 2024 | 13:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Cross-Site Request Forgery (CSRF) in the component edit_group.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.

Action-Not Available
Vendor-siamonhasann/aoswapp
Product-warehouse_inventory_systemn/awarehouse_inventory_system
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-42576
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.29% / 20.76%
||
7 Day CHG~0.00%
Published-20 Aug, 2024 | 00:00
Updated-01 May, 2025 | 14:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Cross-Site Request Forgery (CSRF) in the component edit_categorie.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.

Action-Not Available
Vendor-siamonhasann/asiamonhasan
Product-warehouse_inventory_systemn/awarehouse_inventory_system
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-42579
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.29% / 20.76%
||
7 Day CHG~0.00%
Published-20 Aug, 2024 | 00:00
Updated-21 Aug, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Cross-Site Request Forgery (CSRF) in the component add_group.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.

Action-Not Available
Vendor-siamonhasann/asiamonhasan
Product-warehouse_inventory_systemn/awarehouse_inventory_system
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-42577
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.29% / 20.76%
||
7 Day CHG~0.00%
Published-20 Aug, 2024 | 00:00
Updated-21 Aug, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Cross-Site Request Forgery (CSRF) in the component add_product.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.

Action-Not Available
Vendor-siamonhasann/asiamonhasan
Product-warehouse_inventory_systemn/awarehouse_inventory_system
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-42583
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.29% / 20.76%
||
7 Day CHG~0.00%
Published-20 Aug, 2024 | 00:00
Updated-21 Aug, 2024 | 13:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Cross-Site Request Forgery (CSRF) in the component delete_user.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.

Action-Not Available
Vendor-siamonhasann/awarehouse_inventory_system
Product-warehouse_inventory_systemn/awarehouse_inventory_system
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-42578
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8||HIGH
EPSS-0.28% / 20.01%
||
7 Day CHG~0.00%
Published-20 Aug, 2024 | 00:00
Updated-01 May, 2025 | 14:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Cross-Site Request Forgery (CSRF) in the component edit_product.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.

Action-Not Available
Vendor-siamonhasann/aoswapp
Product-warehouse_inventory_systemn/awarehouse_inventory_system
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-44811
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.89% / 54.86%
||
7 Day CHG~0.00%
Published-09 Oct, 2023 | 00:00
Updated-19 Sep, 2024 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross Site Request Forgery (CSRF) vulnerability in MooSocial v.3.1.8 allows a remote attacker to execute arbitrary code and obtain sensitive information via the admin Password Change Function.

Action-Not Available
Vendor-moosocialn/a
Product-moosocialn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-24373
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.53% / 41.17%
||
7 Day CHG~0.00%
Published-16 Sep, 2020 | 20:00
Updated-04 Aug, 2024 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CSRF vulnerability in the UPnP MediaServer implementation in Freebox Server before 4.2.3.

Action-Not Available
Vendor-freen/a
Product-freebox_pop_firmwarefreebox_popfreebox_revolution_firmwarefreebox_revolutionfreebox_onefreebox_delta_firmwarefreebox_one_firmwarefreebox_minifreebox_deltafreebox_mini_firmwaren/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-10974
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.73% / 49.82%
||
7 Day CHG~0.00%
Published-17 Sep, 2019 | 14:02
Updated-06 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The fluid-responsive-slideshow plugin before 2.2.7 for WordPress has frs_save CSRF with resultant stored XSS.

Action-Not Available
Vendor-tonjoostudion/a
Product-fluid-responsive-slideshown/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-10945
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.78% / 51.45%
||
7 Day CHG~0.00%
Published-13 Sep, 2019 | 12:00
Updated-06 Aug, 2024 | 03:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The PageLines theme 1.1.4 for WordPress has wp-admin/admin-post.php?page=pagelines CSRF.

Action-Not Available
Vendor-pagelinesn/a
Product-pagelinesn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2026-8941
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.14% / 3.73%
||
7 Day CHG~0.00%
Published-27 May, 2026 | 05:31
Updated-27 May, 2026 | 10:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CDN Linker lite <= 1.3.1 - Cross-Site Request Forgery to Plugin Settings Update

The CDN Linker lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.1. This is due to missing or incorrect nonce validation on the ossdl_off_options() function. This makes it possible for unauthenticated attackers to update the plugin's settings — including the CDN URL used to rewrite all static asset references on the site — via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-wmark
Product-CDN Linker lite
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-11055
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.35% / 26.79%
||
7 Day CHG~0.00%
Published-28 Apr, 2020 | 15:59
Updated-06 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by CSRF. This affects CM400 before 2017-01-11, CM600 before 2017-01-11, D1500 before 2017-01-11, D500 before 2017-01-11, DST6501 before 2017-01-11, JNR1010v1 before 2017-01-11, JWNR2000Tv3 before 2017-01-11, JWNR2010v3 before 2017-01-11, PLW1000 before 2017-01-11, PLW1010 before 2017-01-11, WNR500 before 2017-01-11, WNR612v3 before 2017-01-11, N450 before 2017-01-11, and CG3000Dv2 before 2017-01-11.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-jnr1010_firmwared500cm400n450_cg3000d_firmwaredst6501_firmwareplw1000_firmwarecm400_firmwaren450_cg3000dwnr612_firmwareplw1000jwnr2010cm600_firmwared500_firmwared1500jwnr2000t_firmwarejwnr2000tdst6501d1500_firmwareplw1010cm600jnr1010wnr500wnr500_firmwarewnr612plw1010_firmwarejwnr2010_firmwaren/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-44237
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.23% / 13.41%
||
7 Day CHG~0.00%
Published-09 Oct, 2023 | 09:42
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Site Protector Plugin <= 2.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Moriyan Jay WP Site Protector plugin <= 2.0 versions.

Action-Not Available
Vendor-moriyan_jayMoriyan Jay
Product-wp_site_protectorWP Site Protector
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-20480
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.36% / 27.58%
||
7 Day CHG~0.00%
Published-24 Feb, 2020 | 14:35
Updated-05 Aug, 2024 | 02:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In MIELE XGW 3000 ZigBee Gateway before 2.4.0, a malicious website visited by an authenticated admin user or a malicious mail is allowed to make arbitrary changes in the "admin panel" because there is no CSRF protection.

Action-Not Available
Vendor-mielen/a
Product-xgw_3000_zigbee_gatewayxgw_3000_zigbee_gateway_firmwaren/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-10946
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.78% / 51.45%
||
7 Day CHG~0.00%
Published-13 Sep, 2019 | 12:01
Updated-06 Aug, 2024 | 03:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The wp-d3 plugin before 2.4.1 for WordPress has CSRF.

Action-Not Available
Vendor-wp-d3_projectn/a
Product-wp-d3n/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-20804
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.08% / 61.03%
||
7 Day CHG~0.00%
Published-21 May, 2020 | 21:51
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Gila CMS before 1.11.6 allows CSRF with resultant XSS via the admin/themes URI, leading to compromise of the admin account.

Action-Not Available
Vendor-gilacmsn/a
Product-gila_cmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-1000137
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.58% / 43.41%
||
7 Day CHG~0.00%
Published-23 Mar, 2018 | 21:00
Updated-05 Dec, 2025 | 20:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

I, Librarian version 4.8 and earlier contains a Cross site Request Forgery (CSRF) vulnerability in users.php that can result in the password of the admin being forced to be changed without the administrator's knowledge.

Action-Not Available
Vendor-scilicon/a
Product-i\,_librariann/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-44470
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.22% / 12.57%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 13:59
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Kv TinyMCE Editor Add Fonts Plugin <= 1.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Kvvaradha Kv TinyMCE Editor Add Fonts plugin <= 1.1 versions.

Action-Not Available
Vendor-kvvaradhaKvvaradha
Product-kv_tinymce_editor_add_fontsKv TinyMCE Editor Add Fonts
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-1175
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-4.3||MEDIUM
EPSS-0.77% / 50.97%
||
7 Day CHG~0.00%
Published-05 Apr, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in AQUOS Photo Player HN-PP150 1.02.00.04 through 1.03.01.04 allows remote attackers to hijack the authentication of arbitrary users.

Action-Not Available
Vendor-sharpn/a
Product-aquos_hn-pp150aquos_hn-pp150_firmwaren/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-10982
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.73% / 49.82%
||
7 Day CHG~0.00%
Published-17 Sep, 2019 | 14:17
Updated-06 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The kento-post-view-counter plugin through 2.8 for WordPress has wp-admin/admin.php?page=kentopvc_settings CSRF.

Action-Not Available
Vendor-kentothemesn/a
Product-kento-post-view-countern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-20841
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.43% / 34.23%
||
7 Day CHG~0.00%
Published-19 Jun, 2020 | 13:17
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. CSRF can sometimes occur via a crafted web site for account takeover attacks.

Action-Not Available
Vendor-n/aMattermost, Inc.
Product-mattermost_servern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-20487
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.46% / 36.48%
||
7 Day CHG~0.00%
Published-02 Mar, 2020 | 15:06
Updated-05 Aug, 2024 | 02:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. Multiple actions within the WNR1000V4 web management console are vulnerable to an unauthenticated GET request (exploitable directly or through CSRF), as demonstrated by the setup.cgi?todo=save_htp_account URI.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wnr1000_firmwarewnr1000n/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-20405
Matching Score-4
Assigner-Atlassian
ShareView Details
Matching Score-4
Assigner-Atlassian
CVSS Score-4.3||MEDIUM
EPSS-0.55% / 42.06%
||
7 Day CHG~0.00%
Published-06 Feb, 2020 | 03:10
Updated-16 Sep, 2024 | 22:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The JMX monitoring flag in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to turn the JMX monitoring flag off or on via a Cross-site request forgery (CSRF) vulnerability.

Action-Not Available
Vendor-Atlassian
Product-jira_serverjira_data_centerJira Server
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-10874
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.68% / 47.83%
||
7 Day CHG~0.00%
Published-12 Aug, 2019 | 14:55
Updated-06 Aug, 2024 | 03:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The wp-database-backup plugin before 4.3.3 for WordPress has CSRF.

Action-Not Available
Vendor-wpseedsn/a
Product-wp_database_backupn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2026-9719
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.14% / 3.33%
||
7 Day CHG~0.00%
Published-05 Jun, 2026 | 23:28
Updated-08 Jun, 2026 | 14:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
LatePoint <= 5.6.0 - Cross-Site Request Forgery via invoices__change_status Action

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.6.0. This is due to missing or incorrect nonce validation on the change_status function. This makes it possible for unauthenticated attackers to change the status of arbitrary invoices — including marking unpaid invoices as paid — without administrator consent via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-latepoint
Product-LatePoint – Calendar Booking Plugin for Appointments and Events
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2026-8902
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 2.48%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 03:41
Updated-09 Jun, 2026 | 13:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AJAX Report Comments <= 2.0.4 - Cross-Site Request Forgery to Settings Update

The AJAX Report Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.4. This is due to missing or incorrect nonce validation on the rc_options_page function. This makes it possible for unauthenticated attackers to modify plugin settings including link text and markup, success/failure/already-reported messages, comment threshold, cookie duration, reporter-comment toggle, and notification email address, subject, and message body via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-tierrainnovation
Product-AJAX Report Comments
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2026-9582
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.16% / 5.42%
||
7 Day CHG~0.00%
Published-26 May, 2026 | 20:45
Updated-27 May, 2026 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester CET Automated Grading System with AI Predictive Analytics cross-site request forgery

A security flaw has been discovered in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This affects an unknown function. Performing a manipulation results in cross-site request forgery. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks.

Action-Not Available
Vendor-SourceCodester
Product-CET Automated Grading System with AI Predictive Analytics
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-862
Missing Authorization
CVE-2026-9236
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 2.81%
||
7 Day CHG~0.00%
Published-27 May, 2026 | 04:28
Updated-27 May, 2026 | 10:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CM Ad Changer <= 2.0.7 - Cross-Site Request Forgery to Campaign Deletion via Campaign Management

The CM Ad Changer – A simple tool to control and optimize your site's banners plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.7. This is due to missing or incorrect nonce validation on the cmac_campaigns_action function. This makes it possible for unauthenticated attackers to permanently delete arbitrary advertising campaigns, including their associated banner records and uploaded files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-creativemindssolutions
Product-CM Ad Changer – A simple tool to control and optimize your site's banners
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2026-8904
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 2.48%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 03:41
Updated-09 Jun, 2026 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FastPicker, an order picker and order management system (oms) for WooCommerce on steroids <= 1.0.2 - Cross-Site Request Forgery via Settings Save

The FastPicker, an order picker and order management system (oms) for WooCommerce on steroids plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation on the settingsPage function. This makes it possible for unauthenticated attackers to modify the plugin's settings, including toggling the webhook integration and changing the FastPicker and KDZ API URLs via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-yuluma
Product-FastPicker, an order picker and order management system (oms) for WooCommerce on steroids
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2026-8942
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 2.48%
||
7 Day CHG~0.00%
Published-27 May, 2026 | 07:45
Updated-27 May, 2026 | 10:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MetaMagic SEO Plugin <= 1.6 - Cross-Site Request Forgery to Plugin Settings Update via Settings Page

The MetaMagic SEO Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6. This is due to missing or incorrect nonce validation on the metamagic_update_options function. This makes it possible for unauthenticated attackers to modify the plugin's SEO settings, including enabling or disabling the plugin and toggling description and keyword meta tag output via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-lhughes33472
Product-MetaMagic SEO Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2026-8604
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.6||HIGH
EPSS-0.18% / 7.55%
||
7 Day CHG~0.00%
Published-19 May, 2026 | 17:05
Updated-21 May, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site request forgery (CSRF) in ScadaBR

In ScadaBR version 1.2.0, a CSRF vulnerability could allow an attacker to trigger any authenticated action through a victim's session by luring any logged-in user to a malicious webpage.

Action-Not Available
Vendor-scadabrScadaBR
Product-scadabrScadaBR
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-21989
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.75% / 50.37%
||
7 Day CHG~0.00%
Published-27 Apr, 2021 | 17:41
Updated-04 Aug, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HomeAutomation 3.3.2 is affected by Cross Site Request Forgery (CSRF). The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.

Action-Not Available
Vendor-homeautomation_projectn/a
Product-homeautomationn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-45141
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.6||HIGH
EPSS-0.27% / 17.88%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 20:48
Updated-16 Sep, 2024 | 15:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CSRF Token Validation Vulnerability in fiber

Fiber is an express inspired web framework written in Go. A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the application, which allows an attacker to obtain tokens and forge malicious requests on behalf of a user. This can lead to unauthorized actions being taken on the user's behalf, potentially compromising the security and integrity of the application. The vulnerability is caused by improper validation and enforcement of CSRF tokens within the application. This vulnerability has been addressed in version 2.50.0 and users are advised to upgrade. Users should take additional security measures like captchas or Two-Factor Authentication (2FA) and set Session cookies with SameSite=Lax or SameSite=Secure, and the Secure and HttpOnly attributes.

Action-Not Available
Vendor-gofibergofibergofiber
Product-fiberfiberfiber
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-565
Reliance on Cookies without Validation and Integrity Checking
CVE-2019-20411
Matching Score-4
Assigner-Atlassian
ShareView Details
Matching Score-4
Assigner-Atlassian
CVSS Score-4.3||MEDIUM
EPSS-0.65% / 46.66%
||
7 Day CHG~0.00%
Published-29 Jun, 2020 | 05:30
Updated-16 Sep, 2024 | 17:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify Wallboard settings via a Cross-site request forgery (CSRF) vulnerability. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2.

Action-Not Available
Vendor-Atlassian
Product-jira_serverjira_data_centerjiraJira Server
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-45060
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.21% / 11.01%
||
7 Day CHG~0.00%
Published-12 Oct, 2023 | 12:38
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Interactive World Map Plugin <= 3.2.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Fla-shop.Com Interactive World Map plugin <= 3.2.0 versions.

Action-Not Available
Vendor-fla-shopFla-shop.com
Product-interactive_world_mapInteractive World Map
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2026-9486
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.19% / 8.50%
||
7 Day CHG~0.00%
Published-25 May, 2026 | 19:30
Updated-26 May, 2026 | 12:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Student Grades Management System cross-site request forgery

A security flaw has been discovered in SourceCodester Student Grades Management System 1.0. This affects an unknown part. The manipulation results in cross-site request forgery. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.

Action-Not Available
Vendor-SourceCodester
Product-Student Grades Management System
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-862
Missing Authorization
CVE-2026-9732
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 2.81%
||
7 Day CHG~0.00%
Published-02 Jun, 2026 | 23:27
Updated-04 Jun, 2026 | 13:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
EmergencyWP <= 1.4.2 - Cross-Site Request Forgery to Plugin Settings Update

The EmergencyWP – Dead Man's switch & legacy deliverance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.2. This is due to missing or incorrect nonce validation on the form_settings_ui (settings save handler, procedural include scope) function. This makes it possible for unauthenticated attackers to modify plugin settings including the minimum access role (altering WordPress role capabilities via add_cap/remove_cap), the data-erasure-on-uninstall flag, life-check timing values, the mandator email address, the confirmation page ID, and date/time formats via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-planetshaker
Product-EmergencyWP – Dead Man's switch & legacy deliverance
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-4282
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.27% / 19.14%
||
7 Day CHG~0.00%
Published-05 May, 2025 | 18:00
Updated-14 May, 2025 | 20:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester/oretnom23 Stock Management System Users.php cross-site request forgery

A vulnerability has been found in SourceCodester/oretnom23 Stock Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /classes/Users.php?f=save. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-SourceCodesteroretnom23
Product-stock_management_systemStock Management System
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-862
Missing Authorization
CVE-2023-45068
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.21% / 11.00%
||
7 Day CHG~0.00%
Published-12 Oct, 2023 | 12:44
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Contact Form by Supsystic Plugin <= 1.7.27 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Contact Form by Supsystic plugin <= 1.7.27 versions.

Action-Not Available
Vendor-supsysticSupsystic
Product-contact_formContact Form by Supsystic
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2026-9674
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 4.72%
||
7 Day CHG~0.00%
Published-27 May, 2026 | 14:14
Updated-28 May, 2026 | 16:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins Multijob Plugin 662.vd2e0001f6b_b_d and earlier allows attackers to resume failed Multijob builds.

Action-Not Available
Vendor-Jenkins
Product-multijobJenkins Multijob Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2026-57690
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-Not Assigned
Published-02 Jul, 2026 | 11:15
Updated-02 Jul, 2026 | 13:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Werkstatt theme <= 4.7.2 - Cross Site Request Forgery (CSRF) vulnerability

Unauthenticated Cross Site Request Forgery (CSRF) in Werkstatt <= 4.7.2 versions.

Action-Not Available
Vendor-Fuelthemes
Product-Werkstatt
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2026-9618
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.14% / 3.55%
||
7 Day CHG~0.00%
Published-28 May, 2026 | 06:45
Updated-28 May, 2026 | 13:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PeachPay <= 1.120.46 - Cross-Site Request Forgery to Stripe Unlink

The PeachPay — Payments & Express Checkout for WooCommerce (supports Stripe, PayPal, Square, Authorize.net, NMI) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.120.46. This is due to missing or incorrect nonce validation on the peachpay_stripe_handle_admin_actions function. This makes it possible for unauthenticated attackers to permanently delete all stored Stripe credentials — including publishable keys, secret keys, webhook secrets, and Apple Pay configuration — from the WordPress database, disabling Stripe payment processing for the store via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-peachpay
Product-PeachPay — Payments & Express Checkout for WooCommerce (supports Stripe, PayPal, Square, Authorize.net, NMI)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-25778
Matching Score-4
Assigner-Secomea A/S
ShareView Details
Matching Score-4
Assigner-Secomea A/S
CVSS Score-4.2||MEDIUM
EPSS-0.26% / 17.52%
||
7 Day CHG+0.01%
Published-04 May, 2022 | 13:49
Updated-03 Aug, 2024 | 04:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unload handlers may unintentionally defeat CSRF guards

Cross-Site Request Forgery (CSRF) vulnerability in Web UI of Secomea GateManager allows phishing attacker to issue get request in logged in user session.

Action-Not Available
Vendor-Secomea A/S
Product-gatemanager_9250_firmwaregatemanager_8250gatemanager_8250_firmwaregatemanager_9250gatemanager_4250gatemanager_4260gatemanager_4250_firmwaregatemanager_4260_firmwareGateManager
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 86
  • 87
  • Next
Details not found