Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-3211

Summary
Assigner-drupal
Assigner Org ID-2c85b837-eb8b-40ed-9d74-228c62987387
Published At-25 Mar, 2026 | 15:21
Updated At-26 Mar, 2026 | 14:36
Rejected At-
Credits

Theme Negotiation by Rules - Moderately critical - Cross-site request forgery - SA-CONTRIB-2026-012

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Theme Negotiation by Rules allows Cross Site Request Forgery.This issue affects Theme Negotiation by Rules: from 0.0.0 before 1.2.1.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:drupal
Assigner Org ID:2c85b837-eb8b-40ed-9d74-228c62987387
Published At:25 Mar, 2026 | 15:21
Updated At:26 Mar, 2026 | 14:36
Rejected At:
▼CVE Numbering Authority (CNA)
Theme Negotiation by Rules - Moderately critical - Cross-site request forgery - SA-CONTRIB-2026-012

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Theme Negotiation by Rules allows Cross Site Request Forgery.This issue affects Theme Negotiation by Rules: from 0.0.0 before 1.2.1.

Affected Products
Vendor
The Drupal AssociationDrupal
Product
Theme Negotiation by Rules
Collection URL
https://www.drupal.org/project/theme_rule
Repo
https://git.drupalcode.org/project/theme_rule
Default Status
unaffected
Versions
Affected
  • From 0.0.0 before 1.2.1 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-352CWE-352 Cross-Site Request Forgery (CSRF)
Type: CWE
CWE ID: CWE-352
Description: CWE-352 Cross-Site Request Forgery (CSRF)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-62CAPEC-62 Cross Site Request Forgery
CAPEC ID: CAPEC-62
Description: CAPEC-62 Cross Site Request Forgery
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Juraj Nemec (poker10)
remediation developer
Zoltan Attila Horvath (huzooka)
remediation developer
Juraj Nemec (poker10)
coordinator
Damien McKenna (damienmckenna)
coordinator
Greg Knaddison (greggles)
coordinator
Juraj Nemec (poker10)
coordinator
Jess (xjm)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.drupal.org/sa-contrib-2026-012
N/A
Hyperlink: https://www.drupal.org/sa-contrib-2026-012
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:mlhess@drupal.org
Published At:25 Mar, 2026 | 16:16
Updated At:31 Mar, 2026 | 19:23

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Theme Negotiation by Rules allows Cross Site Request Forgery.This issue affects Theme Negotiation by Rules: from 0.0.0 before 1.2.1.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Type: Secondary
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CPE Matches
webikon
webikon
>>theme_negotiation_by_rules>>Versions before 1.2.1(exclusive)
cpe:2.3:a:webikon:theme_negotiation_by_rules:*:*:*:*:*:drupal:*:*
Weaknesses
CWE IDTypeSource
CWE-352Secondarymlhess@drupal.org
CWE ID: CWE-352
Type: Secondary
Source: mlhess@drupal.org
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.drupal.org/sa-contrib-2026-012mlhess@drupal.org
Vendor Advisory
Hyperlink: https://www.drupal.org/sa-contrib-2026-012
Source: mlhess@drupal.org
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

2448Records found
CVE-2025-3907
Matching Score-10
Assigner-Drupal.org
ShareView Details
Matching Score-10
Assigner-Drupal.org
CVSS Score-4.3||MEDIUM
EPSS-0.17% / 37.88%
||
7 Day CHG~0.00%
Published-23 Apr, 2025 | 17:08
Updated-02 Sep, 2025 | 18:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Search API Solr - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-046

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Search API Solr allows Cross Site Request Forgery.This issue affects Search API Solr: from 0.0.0 before 4.3.9.

Action-Not Available
Vendor-drunkenmonkeyThe Drupal Association
Product-search_api_solrSearch API Solr
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-10930
Matching Score-10
Assigner-Drupal.org
ShareView Details
Matching Score-10
Assigner-Drupal.org
CVSS Score-6.5||MEDIUM
EPSS-0.02% / 5.00%
||
7 Day CHG~0.00%
Published-29 Oct, 2025 | 23:13
Updated-12 Dec, 2025 | 18:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Currency - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-110

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Currency allows Cross Site Request Forgery.This issue affects Currency: from 0.0.0 before 3.5.0.

Action-Not Available
Vendor-2bitsThe Drupal Association
Product-currencyCurrency
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-13288
Matching Score-8
Assigner-Drupal.org
ShareView Details
Matching Score-8
Assigner-Drupal.org
CVSS Score-4.3||MEDIUM
EPSS-0.16% / 36.39%
||
7 Day CHG~0.00%
Published-09 Jan, 2025 | 20:14
Updated-02 Sep, 2025 | 18:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Monster Menus - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-052

Deserialization of Untrusted Data vulnerability in Drupal Monster Menus allows Object Injection.This issue affects Monster Menus: from 0.0.0 before 9.3.4, from 9.4.0 before 9.4.2.

Action-Not Available
Vendor-monster_menus_projectThe Drupal Association
Product-monster_menusMonster Menus
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-8362
Matching Score-8
Assigner-Drupal.org
ShareView Details
Matching Score-8
Assigner-Drupal.org
CVSS Score-4.3||MEDIUM
EPSS-0.17% / 37.82%
||
7 Day CHG+0.12%
Published-15 Aug, 2025 | 16:27
Updated-21 Aug, 2025 | 18:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GoogleTag Manager - Moderately critical - Cross-site scripting - SA-CONTRIB-2025-094

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal GoogleTag Manager allows Cross-Site Scripting (XSS).This issue affects GoogleTag Manager: from 0.0.0 before 1.10.0.

Action-Not Available
Vendor-googletag_manager_projectThe Drupal Association
Product-googletag_managerGoogleTag Manager
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-47701
Matching Score-6
Assigner-Drupal.org
ShareView Details
Matching Score-6
Assigner-Drupal.org
CVSS Score-8.8||HIGH
EPSS-0.10% / 27.81%
||
7 Day CHG~0.00%
Published-14 May, 2025 | 17:01
Updated-20 May, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Restrict route by IP - Critical - Cross Site Request Forgery - SA-CONTRIB-2025-047

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Restrict route by IP allows Cross Site Request Forgery.This issue affects Restrict route by IP: from 0.0.0 before 1.3.0.

Action-Not Available
Vendor-The Drupal Association
Product-Restrict route by IP
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31677
Matching Score-6
Assigner-Drupal.org
ShareView Details
Matching Score-6
Assigner-Drupal.org
CVSS Score-8.8||HIGH
EPSS-0.34% / 57.25%
||
7 Day CHG~0.00%
Published-31 Mar, 2025 | 21:37
Updated-04 Jun, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AI (Artificial Intelligence) - Critical - Cross Site Request Forgery - SA-CONTRIB-2025-003

Cross-Site Request Forgery (CSRF) vulnerability in Drupal AI (Artificial Intelligence) allows Cross Site Request Forgery.This issue affects AI (Artificial Intelligence): from 1.0.0 before 1.0.2.

Action-Not Available
Vendor-artificial_intelligence_projectThe Drupal Association
Product-artificial_intelligenceAI (Artificial Intelligence)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-3131
Matching Score-6
Assigner-Drupal.org
ShareView Details
Matching Score-6
Assigner-Drupal.org
CVSS Score-5.4||MEDIUM
EPSS-0.30% / 53.42%
||
7 Day CHG~0.00%
Published-09 Apr, 2025 | 17:47
Updated-22 Apr, 2025 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ECA: Event - Condition - Action - Critical - Cross site request forgery - SA-CONTRIB-2025-031

Cross-Site Request Forgery (CSRF) vulnerability in Drupal ECA: Event - Condition - Action allows Cross Site Request Forgery.This issue affects ECA: Event - Condition - Action: from 0.0.0 before 1.1.12, from 2.0.0 before 2.0.16, from 2.1.0 before 2.1.7, from 0.0.0 before 1.2.*.

Action-Not Available
Vendor-The Drupal Association
Product-eca\ECA: Event - Condition - Action
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31690
Matching Score-6
Assigner-Drupal.org
ShareView Details
Matching Score-6
Assigner-Drupal.org
CVSS Score-8.8||HIGH
EPSS-0.41% / 61.68%
||
7 Day CHG~0.00%
Published-31 Mar, 2025 | 21:49
Updated-02 Sep, 2025 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cache Utility - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-019

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Cache Utility allows Cross Site Request Forgery.This issue affects Cache Utility: from 0.0.0 before 1.2.1.

Action-Not Available
Vendor-cache_utility_projectThe Drupal Association
Product-cache_utilityCache Utility
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31683
Matching Score-6
Assigner-Drupal.org
ShareView Details
Matching Score-6
Assigner-Drupal.org
CVSS Score-6.8||MEDIUM
EPSS-0.33% / 56.21%
||
7 Day CHG~0.00%
Published-31 Mar, 2025 | 21:41
Updated-02 Jun, 2025 | 20:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Google Tag - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-012

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Google Tag allows Cross Site Request Forgery.This issue affects Google Tag: from 0.0.0 before 1.8.0, from 2.0.0 before 2.0.8.

Action-Not Available
Vendor-google_tag_projectThe Drupal Association
Product-google_tagGoogle Tag
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31689
Matching Score-6
Assigner-Drupal.org
ShareView Details
Matching Score-6
Assigner-Drupal.org
CVSS Score-8.1||HIGH
EPSS-0.43% / 62.83%
||
7 Day CHG~0.00%
Published-31 Mar, 2025 | 21:45
Updated-02 Sep, 2025 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
General Data Protection Regulation - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-018

Cross-Site Request Forgery (CSRF) vulnerability in Drupal General Data Protection Regulation allows Cross Site Request Forgery.This issue affects General Data Protection Regulation: from 0.0.0 before 3.0.1, from 3.1.0 before 3.1.2.

Action-Not Available
Vendor-general_data_protection_regulation_projectThe Drupal Association
Product-general_data_protection_regulationGeneral Data Protection Regulation
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31688
Matching Score-6
Assigner-Drupal.org
ShareView Details
Matching Score-6
Assigner-Drupal.org
CVSS Score-6.8||MEDIUM
EPSS-0.30% / 53.87%
||
7 Day CHG~0.00%
Published-31 Mar, 2025 | 21:45
Updated-28 Aug, 2025 | 14:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Configuration Split - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-017

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Configuration Split allows Cross Site Request Forgery.This issue affects Configuration Split: from 0.0.0 before 1.10.0, from 2.0.0 before 2.0.2.

Action-Not Available
Vendor-nuvoleThe Drupal Association
Product-configuration_splitConfiguration Split
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31684
Matching Score-6
Assigner-Drupal.org
ShareView Details
Matching Score-6
Assigner-Drupal.org
CVSS Score-6.8||MEDIUM
EPSS-0.30% / 53.87%
||
7 Day CHG~0.00%
Published-31 Mar, 2025 | 21:43
Updated-28 Aug, 2025 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OAuth2 Client - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-013

Cross-Site Request Forgery (CSRF) vulnerability in Drupal OAuth2 Client allows Cross Site Request Forgery.This issue affects OAuth2 Client: from 0.0.0 before 4.1.3.

Action-Not Available
Vendor-mskccThe Drupal Association
Product-oauth2_clientOAuth2 Client
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-13982
Matching Score-6
Assigner-Drupal.org
ShareView Details
Matching Score-6
Assigner-Drupal.org
CVSS Score-8.1||HIGH
EPSS-0.03% / 9.05%
||
7 Day CHG~0.00%
Published-28 Jan, 2026 | 20:01
Updated-19 Feb, 2026 | 21:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Login Time Restriction - Moderately critical - Cross-Site Request Forgery - SA-CONTRIB-2025-120

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Login Time Restriction allows Cross Site Request Forgery.This issue affects Login Time Restriction: from 0.0.0 before 1.0.3.

Action-Not Available
Vendor-innoraftThe Drupal Association
Product-login_time_restrictionLogin Time Restriction
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-14472
Matching Score-6
Assigner-Drupal.org
ShareView Details
Matching Score-6
Assigner-Drupal.org
CVSS Score-8.1||HIGH
EPSS-0.03% / 8.51%
||
7 Day CHG~0.00%
Published-28 Jan, 2026 | 20:03
Updated-06 Feb, 2026 | 19:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Acquia Content Hub - Moderately critical - Cross-Site Request Forgery - SA-CONTRIB-2025-125

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Acquia Content Hub allows Cross Site Request Forgery.This issue affects Acquia Content Hub: from 0.0.0 before 3.6.4, from 3.7.0 before 3.7.3.

Action-Not Available
Vendor-acquiaThe Drupal Association
Product-acquia_content_hubAcquia Content Hub
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-6379
Matching Score-6
Assigner-Drupal.org
ShareView Details
Matching Score-6
Assigner-Drupal.org
CVSS Score-7.5||HIGH
EPSS-0.19% / 41.00%
||
7 Day CHG~0.00%
Published-16 Mar, 2017 | 14:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some administrative paths in Drupal 8.2.x before 8.2.7 did not include protection for CSRF. This would allow an attacker to disable some blocks on a site. This issue is mitigated by the fact that users would have to know the block ID.

Action-Not Available
Vendor-The Drupal Association
Product-drupalDrupal Core
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-48921
Matching Score-6
Assigner-Drupal.org
ShareView Details
Matching Score-6
Assigner-Drupal.org
CVSS Score-8.8||HIGH
EPSS-0.09% / 26.38%
||
7 Day CHG~0.00%
Published-26 Jun, 2025 | 13:32
Updated-09 Jul, 2025 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open Social - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-079

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Open Social allows Cross Site Request Forgery.This issue affects Open Social: from 0.0.0 before 12.3.14, from 12.4.0 before 12.4.13.

Action-Not Available
Vendor-getopensocialThe Drupal Association
Product-open_socialOpen Social
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-47708
Matching Score-6
Assigner-Drupal.org
ShareView Details
Matching Score-6
Assigner-Drupal.org
CVSS Score-8.8||HIGH
EPSS-0.10% / 27.81%
||
7 Day CHG~0.00%
Published-14 May, 2025 | 17:03
Updated-10 Jun, 2025 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Enterprise MFA - TFA for Drupal - Critical - Cross Site Request Forgery - SA-CONTRIB-2025-054

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Cross Site Request Forgery.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0.

Action-Not Available
Vendor-miniorangeThe Drupal Association
Product-miniorange_2faEnterprise MFA - TFA for Drupal
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2026-4393
Matching Score-6
Assigner-Drupal.org
ShareView Details
Matching Score-6
Assigner-Drupal.org
CVSS Score-4.3||MEDIUM
EPSS-0.02% / 6.27%
||
7 Day CHG~0.00%
Published-26 Mar, 2026 | 20:10
Updated-01 Apr, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Automated Logout - Moderately critical - Cross-site request forgery - SA-CONTRIB-2026-030

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Automated Logout allows Cross Site Request Forgery.This issue affects Automated Logout: from 0.0.0 before 1.7.0, from 2.0.0 before 2.0.2.

Action-Not Available
Vendor-ajkThe Drupal Association
Product-automated_logoutAutomated Logout
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31680
Matching Score-6
Assigner-Drupal.org
ShareView Details
Matching Score-6
Assigner-Drupal.org
CVSS Score-6.8||MEDIUM
EPSS-0.36% / 58.43%
||
7 Day CHG~0.00%
Published-31 Mar, 2025 | 21:39
Updated-02 Jun, 2025 | 20:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Matomo Analytics - Moderately critical - Cross site request forgery - SA-CONTRIB-2025-008

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Matomo Analytics allows Cross Site Request Forgery.This issue affects Matomo Analytics: from 0.0.0 before 1.24.0.

Action-Not Available
Vendor-matomo_analytics_projectThe Drupal Association
Product-matomo_analyticsMatomo Analytics
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-13293
Matching Score-6
Assigner-Drupal.org
ShareView Details
Matching Score-6
Assigner-Drupal.org
CVSS Score-3.1||LOW
EPSS-0.17% / 38.16%
||
7 Day CHG~0.00%
Published-09 Jan, 2025 | 20:17
Updated-02 Sep, 2025 | 18:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
POST File - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2024-059

Cross-Site Request Forgery (CSRF) vulnerability in Drupal POST File allows Cross Site Request Forgery.This issue affects POST File: from 0.0.0 before 1.0.2.

Action-Not Available
Vendor-post_file_projectThe Drupal Association
Product-post_filePOST File
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-13304
Matching Score-6
Assigner-Drupal.org
ShareView Details
Matching Score-6
Assigner-Drupal.org
CVSS Score-4.5||MEDIUM
EPSS-0.11% / 29.88%
||
7 Day CHG~0.00%
Published-09 Jan, 2025 | 20:25
Updated-28 Aug, 2025 | 11:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Minify JS - Moderately critical - Cross site request forgery - SA-CONTRIB-2024-070

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Minify JS allows Cross Site Request Forgery.This issue affects Minify JS: from 0.0.0 before 3.0.3.

Action-Not Available
Vendor-matthiasmullieThe Drupal Association
Product-minify_jsMinify JS
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-13244
Matching Score-6
Assigner-Drupal.org
ShareView Details
Matching Score-6
Assigner-Drupal.org
CVSS Score-8.8||HIGH
EPSS-0.42% / 62.56%
||
7 Day CHG~0.00%
Published-09 Jan, 2025 | 18:50
Updated-04 Jun, 2025 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Migrate Tools - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2024-008

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Migrate Tools allows Cross Site Request Forgery.This issue affects Migrate Tools: from 0.0.0 before 6.0.3.

Action-Not Available
Vendor-migrate_tools_projectThe Drupal Association
Product-migrate_toolsMigrate Tools
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-13261
Matching Score-6
Assigner-Drupal.org
ShareView Details
Matching Score-6
Assigner-Drupal.org
CVSS Score-3.5||LOW
EPSS-0.07% / 22.22%
||
7 Day CHG~0.00%
Published-09 Jan, 2025 | 19:14
Updated-27 Aug, 2025 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Acquia DAM - Moderately critical - Cross Site Request Forgery, Denial of Service - SA-CONTRIB-2024-025

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Acquia DAM allows Cross Site Request Forgery.This issue affects Acquia DAM: from 0.0.0 before 1.0.13, from 1.1.0 before 1.1.0-beta3.

Action-Not Available
Vendor-acquiaThe Drupal Association
Product-damAcquia DAM
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-13250
Matching Score-6
Assigner-Drupal.org
ShareView Details
Matching Score-6
Assigner-Drupal.org
CVSS Score-8.8||HIGH
EPSS-0.42% / 62.56%
||
7 Day CHG~0.00%
Published-09 Jan, 2025 | 18:57
Updated-04 Jun, 2025 | 16:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Drupal Symfony Mailer Lite - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2024-014

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Drupal Symfony Mailer Lite allows Cross Site Request Forgery.This issue affects Drupal Symfony Mailer Lite: from 0.0.0 before 1.0.6.

Action-Not Available
Vendor-drupal_symfony_mailer_lite_projectThe Drupal Association
Product-drupal_symfony_mailer_liteDrupal Symfony Mailer Lite
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-13284
Matching Score-6
Assigner-Drupal.org
ShareView Details
Matching Score-6
Assigner-Drupal.org
CVSS Score-8.8||HIGH
EPSS-0.22% / 44.35%
||
7 Day CHG~0.00%
Published-09 Jan, 2025 | 19:36
Updated-02 Sep, 2025 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Gutenberg - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2024-048

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Gutenberg allows Cross Site Request Forgery.This issue affects Gutenberg: from 0.0.0 before 2.13.0, from 3.0.0 before 3.0.5.

Action-Not Available
Vendor-drupalgutenbergThe Drupal Association
Product-gutenbergGutenberg
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-13260
Matching Score-6
Assigner-Drupal.org
ShareView Details
Matching Score-6
Assigner-Drupal.org
CVSS Score-8.8||HIGH
EPSS-0.42% / 62.56%
||
7 Day CHG~0.00%
Published-09 Jan, 2025 | 19:12
Updated-04 Jun, 2025 | 15:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Migrate queue importer - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2024-024

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Migrate queue importer allows Cross Site Request Forgery.This issue affects Migrate queue importer: from 0.0.0 before 2.1.1.

Action-Not Available
Vendor-migrate_queue_importer_projectThe Drupal Association
Product-migrate_queue_importerMigrate queue importer
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-13663
Matching Score-6
Assigner-Drupal.org
ShareView Details
Matching Score-6
Assigner-Drupal.org
CVSS Score-8.8||HIGH
EPSS-0.15% / 36.22%
||
7 Day CHG~0.00%
Published-11 Jun, 2021 | 15:07
Updated-04 Aug, 2024 | 12:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross Site Request Forgery vulnerability in Drupal Core Form API does not properly handle certain form input from cross-site requests, which can lead to other vulnerabilities.

Action-Not Available
Vendor-The Drupal Association
Product-drupalDrupal Core
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-13674
Matching Score-6
Assigner-Drupal.org
ShareView Details
Matching Score-6
Assigner-Drupal.org
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 34.12%
||
7 Day CHG~0.00%
Published-11 Feb, 2022 | 15:45
Updated-04 Aug, 2024 | 12:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The QuickEdit module does not properly validate access to routes, which could allow cross-site request forgery under some circumstances and lead to possible data integrity issues. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed. Removing the "access in-place editing" permission from untrusted users will not fully mitigate the vulnerability.

Action-Not Available
Vendor-The Drupal Association
Product-drupalCore
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-13673
Matching Score-6
Assigner-Drupal.org
ShareView Details
Matching Score-6
Assigner-Drupal.org
CVSS Score-6.1||MEDIUM
EPSS-0.15% / 35.33%
||
7 Day CHG~0.00%
Published-11 Feb, 2022 | 15:35
Updated-04 Aug, 2024 | 12:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Entity Embed module provides a filter to allow embedding entities in content fields. In certain circumstances, the filter could allow an unprivileged user to inject HTML into a page when it is accessed by a trusted user with permission to embed entities. In some cases, this could lead to cross-site scripting.

Action-Not Available
Vendor-The Drupal Association
Product-entity_embedEntity Embed
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-49968
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.70%
||
7 Day CHG~0.00%
Published-20 Jun, 2025 | 15:04
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress XML Travel Portal Widget plugin <= 2.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Oganro XML Travel Portal Widget oganro-reservation-widget allows Cross Site Request Forgery.This issue affects XML Travel Portal Widget: from n/a through <= 2.0.

Action-Not Available
Vendor-Oganro
Product-XML Travel Portal Widget
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-49965
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.70%
||
7 Day CHG~0.00%
Published-20 Jun, 2025 | 15:04
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress PixelBeds Channel Manager and Hotel Booking Engine plugin <= 1.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Oganro PixelBeds Channel Manager and Hotel Booking Engine pixelbeds-channel-manager-booking-engine allows Cross Site Request Forgery.This issue affects PixelBeds Channel Manager and Hotel Booking Engine: from n/a through <= 1.0.

Action-Not Available
Vendor-Oganro
Product-PixelBeds Channel Manager and Hotel Booking Engine
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-49967
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.70%
||
7 Day CHG~0.00%
Published-20 Jun, 2025 | 15:04
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Live Sports Streamthunder plugin <= 2.1 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in marcusjansen Live Sports Streamthunder live-sports-streamthunder allows Cross Site Request Forgery.This issue affects Live Sports Streamthunder: from n/a through <= 2.1.

Action-Not Available
Vendor-marcusjansen
Product-Live Sports Streamthunder
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-51530
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.17% / 38.34%
||
7 Day CHG~0.00%
Published-29 Feb, 2024 | 04:49
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress GS Logo Slider Plugin <= 3.5.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in GS Plugins Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation.This issue affects Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation: from n/a through 3.5.1.

Action-Not Available
Vendor-GS Plugins
Product-Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-49975
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.70%
||
7 Day CHG~0.00%
Published-20 Jun, 2025 | 15:04
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress JobWP plugin <= 2.4.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Hossni Mubarak JobWP jobwp allows Cross Site Request Forgery.This issue affects JobWP: from n/a through <= 2.4.0.

Action-Not Available
Vendor-Hossni Mubarak
Product-JobWP
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-49865
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.70%
||
7 Day CHG~0.00%
Published-17 Jun, 2025 | 15:01
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Advanced Settings plugin <= 3.0.1 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Helmut Wandl Advanced Settings advanced-settings allows Cross Site Request Forgery.This issue affects Advanced Settings: from n/a through <= 3.0.1.

Action-Not Available
Vendor-Helmut Wandl
Product-Advanced Settings
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-49856
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.70%
||
7 Day CHG~0.00%
Published-17 Jun, 2025 | 15:01
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Responsive Plus plugin <= 3.2.2 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in CyberChimps Responsive Plus responsive-add-ons allows Cross Site Request Forgery.This issue affects Responsive Plus: from n/a through <= 3.2.2.

Action-Not Available
Vendor-CyberChimps Inc.
Product-Responsive Plus
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-50179
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.6||MEDIUM
EPSS-0.08% / 24.59%
||
7 Day CHG~0.00%
Published-25 Jun, 2025 | 15:48
Updated-21 Aug, 2025 | 20:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tuleap missing CSRF protection on tracker reports manipulation

Tuleap is an Open Source Suite to improve management of software developments and collaboration. An attacker could use a cross-site request forgery vulnerability in Tuleap Community Edition prior to version 16.8.99.1749830289 and Tuleap Enterprise Edition prior to version 16.9-1 to trick victims into changing the canned responses. Tuleap Community Edition 16.8.99.1749830289 and Tuleap Enterprise Edition 16.9-1 contain a patch for the issue.

Action-Not Available
Vendor-Enalean SAS
Product-tuleaptuleap
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-49972
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.70%
||
7 Day CHG~0.00%
Published-20 Jun, 2025 | 15:04
Updated-12 May, 2026 | 00:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress TM Replace Howdy plugin <= 1.4.2 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in David Wood TM Replace Howdy tm-replace-howdy allows Cross Site Request Forgery.This issue affects TM Replace Howdy: from n/a through <= 1.4.2.

Action-Not Available
Vendor-David Wood
Product-TM Replace Howdy
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-47702
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-5.3||MEDIUM
EPSS-0.05% / 15.72%
||
7 Day CHG~0.00%
Published-09 Dec, 2025 | 20:35
Updated-07 Apr, 2026 | 14:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenBMCS Cross Site Request Forgery (CSRF) via sendFeedback.php

OpenBMCS 2.4 contains a CSRF vulnerability that allows attackers to perform actions with administrative privileges by exploiting the sendFeedback.php endpoint. Attackers can submit malicious requests to trigger unintended actions, such as sending emails or modifying system settings.

Action-Not Available
Vendor-openbmcsOPEN BMCS
Product-openbmcsOpenBMCS
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-49449
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.70%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:54
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Interactive Regional Map of Africa plugin <= 1.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in WP Map Plugins Interactive Regional Map of Africa interactive-map-of-africa allows Cross Site Request Forgery.This issue affects Interactive Regional Map of Africa: from n/a through <= 1.0.

Action-Not Available
Vendor-WP Map Plugins
Product-Interactive Regional Map of Africa
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-47860
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.14% / 33.48%
||
7 Day CHG~0.00%
Published-21 Jan, 2026 | 17:29
Updated-07 Apr, 2026 | 14:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GetSimple CMS Custom JS 0.1 - CSRF to XSS to RCE

GetSimple CMS Custom JS 0.1 plugin contains a cross-site request forgery vulnerability that allows unauthenticated attackers to inject arbitrary client-side code into administrator browsers. Attackers can craft a malicious website that triggers a cross-site scripting payload to execute remote code on the hosting server when an authenticated administrator visits the page.

Action-Not Available
Vendor-get-simpleGetSimple CMS
Product-getsimplecmsCustom JS Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-49269
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.70%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:53
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Market Exporter plugin <= 2.0.22 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Anton Vanyukov Market Exporter market-exporter allows Cross Site Request Forgery.This issue affects Market Exporter: from n/a through <= 2.0.22.

Action-Not Available
Vendor-Anton Vanyukov
Product-Market Exporter
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-49286
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.70%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:53
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Table Builder plugin <= 2.0.6 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in WP Table Builder WP Table Builder wp-table-builder allows Cross Site Request Forgery.This issue affects WP Table Builder: from n/a through <= 2.0.6.

Action-Not Available
Vendor-WP Table Builder
Product-WP Table Builder
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-49284
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.70%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:53
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Maintenance Mode & Site Under Construction plugin <= 4.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in wp-buy WP Maintenance Mode & Site Under Construction wp-maintenance-mode-site-under-construction allows Cross Site Request Forgery.This issue affects WP Maintenance Mode & Site Under Construction: from n/a through <= 4.3.

Action-Not Available
Vendor-wp-buy
Product-WP Maintenance Mode & Site Under Construction
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-49040
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 7.80%
||
7 Day CHG~0.00%
Published-27 Aug, 2025 | 03:24
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Backup Bolt plugin <= 1.5.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Backup Bolt Backup Bolt backup-bolt allows Cross Site Request Forgery.This issue affects Backup Bolt: from n/a through <= 1.5.0.

Action-Not Available
Vendor-Backup Bolt
Product-Backup Bolt
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-52060
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 30.36%
||
7 Day CHG~0.00%
Published-13 Feb, 2024 | 00:00
Updated-13 Mar, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Cross-Site Request Forgery (CSRF) in Gestsup v3.2.46 allows attackers to arbitrarily edit user profile information via a crafted request.

Action-Not Available
Vendor-gestsupn/a
Product-gestsupn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-49435
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.70%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:54
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Wp Easy Allopass plugin <= 4.1.1 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Hasina77 Wp Easy Allopass wordpress-easy-allopass allows Cross Site Request Forgery.This issue affects Wp Easy Allopass: from n/a through <= 4.1.1.

Action-Not Available
Vendor-Hasina77
Product-Wp Easy Allopass
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-49446
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.70%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:54
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Admin Notes plugin <=1.1 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in minhlaobao Admin Notes admin-note allows Cross Site Request Forgery.This issue affects Admin Notes: from n/a through <= 1.1.

Action-Not Available
Vendor-minhlaobao
Product-Admin Notes
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-49332
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.70%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:53
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Time Slots Booking Form plugin <= 1.2.30 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in codepeople WP Time Slots Booking Form wp-time-slots-booking-form allows Cross Site Request Forgery.This issue affects WP Time Slots Booking Form: from n/a through <= 1.2.30.

Action-Not Available
Vendor-CodePeople
Product-WP Time Slots Booking Form
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-49273
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.70%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:53
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Tools plugin <= 5.24 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in sminozzi WP Tools wptools allows Cross Site Request Forgery.This issue affects WP Tools: from n/a through <= 5.24.

Action-Not Available
Vendor-sminozzi
Product-WP Tools
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 48
  • 49
  • Next
Details not found