CWE-352— Cross-Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in digitalzoomstudio Admin debug wordpress – enable debug dzs-enable-debug allows Cross Site Request Forgery.This issue affects Admin debug wordpress – enable debug: from n/a through <= 1…

Cross-Site Request Forgery (CSRF) vulnerability in Tock Tock Widget tock-widget allows Cross Site Request Forgery.This issue affects Tock Widget: from n/a through <= 1.1.

Cross-Site Request Forgery (CSRF) vulnerability in Ofek Nakar Virtual Bot virtual-bot allows Stored XSS.This issue affects Virtual Bot: from n/a through <= 1.0.0.

Cross-Site Request Forgery (CSRF) vulnerability in bnielsen Affiliate Disclosure Statement affiliate-disclosure-statement allows Cross Site Request Forgery.This issue affects Affiliate Disclosure Statement: from n/a through <= 0.3.

Cross-Site Request Forgery (CSRF) vulnerability in njshofe Smoothness Slider Shortcode smoothness-slider-shortcode allows Cross Site Request Forgery.This issue affects Smoothness Slider Shortcode: from n/a through <= v1.2.2.

Cross-Site Request Forgery (CSRF) vulnerability in WP CMS Ninja Norse Rune Oracle Plugin norse-runes-oracle allows Cross Site Request Forgery.This issue affects Norse Rune Oracle Plugin: from n/a through <= 1.4.2.

Cross-Site Request Forgery (CSRF) vulnerability in cdowp News Publisher Autopilot wpm-news-api allows Cross Site Request Forgery.This issue affects News Publisher Autopilot: from n/a through <= 2.1.4.

Cross-Site Request Forgery (CSRF) vulnerability in tubepress TubePress.NET tubepressnet allows Cross Site Request Forgery.This issue affects TubePress.NET: from n/a through <= 4.0.1.

Cross-Site Request Forgery (CSRF) vulnerability in kbowson Title Experiments Free wp-experiments-free allows Cross Site Request Forgery.This issue affects Title Experiments Free: from n/a through <= 9.0.4.

Cross-Site Request Forgery (CSRF) vulnerability in faaiq Pretty Url pretty-url allows Cross Site Request Forgery.This issue affects Pretty Url: from n/a through <= 1.5.5.

Cross-Site Request Forgery (CSRF) vulnerability in instabot Instabot instabot allows Cross Site Request Forgery.This issue affects Instabot: from n/a through <= 1.10.

Cross-Site Request Forgery (CSRF) vulnerability in Scott Nelle Uptime Robot uptime-robot allows Stored XSS.This issue affects Uptime Robot: from n/a through <= 0.1.3.

Cross-Site Request Forgery (CSRF) vulnerability in bozdoz Quote Tweet quote-tweet allows Stored XSS.This issue affects Quote Tweet: from n/a through <= 0.7.

Cross-Site Request Forgery (CSRF) vulnerability in mmrs151 Prayer Times Anywhere prayer-times-anywhere allows Stored XSS.This issue affects Prayer Times Anywhere: from n/a through <= 2.0.1.

Cross-Site Request Forgery (CSRF) vulnerability in MD Abu Jubayer Hossain Easy Booked – Appointment Booking and Scheduling Management System for WordPress easy-booked allows Cross Site Request Forgery.This issue affects Easy Booked – A…

Cross-Site Request Forgery (CSRF) vulnerability in verkkovaraani Print PDF Generator and Publisher nopeamedia allows Cross Site Request Forgery.This issue affects Print PDF Generator and Publisher: from n/a through <= 1.2.0.

Cross-Site Request Forgery (CSRF) vulnerability in Listings for Appfolio Listings for Appfolio listings-for-appfolio allows Stored XSS.This issue affects Listings for Appfolio: from n/a through <= 1.2.0.

Cross-Site Request Forgery (CSRF) vulnerability in AwesomeTOGI Awesome Event Booking awesome-event-booking allows Cross Site Request Forgery.This issue affects Awesome Event Booking: from n/a through <= 2.7.5.

Cross-Site Request Forgery (CSRF) vulnerability in CheGevara29 Tags to Keywords tags-to-meta-keywords allows Stored XSS.This issue affects Tags to Keywords: from n/a through <= 1.0.1.

Cross-Site Request Forgery (CSRF) vulnerability in Ederson Peka Unlimited Page Sidebars unlimited-page-sidebars allows Stored XSS.This issue affects Unlimited Page Sidebars: from n/a through <= 0.2.6.

Cross-Site Request Forgery (CSRF) vulnerability in DigiTimber DigiTimber cPanel Integration digitimber-cpanel-integration allows Stored XSS.This issue affects DigiTimber cPanel Integration: from n/a through <= 1.4.6.

Cross-Site Request Forgery (CSRF) vulnerability in manuelvicedo Forge – Front-End Page Builder forge allows Stored XSS.This issue affects Forge – Front-End Page Builder: from n/a through <= 1.4.6.

Cross-Site Request Forgery (CSRF) vulnerability in godthor Disqus Popular Posts disqus-popular-posts allows Reflected XSS.This issue affects Disqus Popular Posts: from n/a through <= 2.1.1.

Cross-Site Request Forgery (CSRF) vulnerability in silverplugins217 Build Private Store For Woocommerce build-private-store-for-woocommerce allows Cross Site Request Forgery.This issue affects Build Private Store For Woocommerce: from n/a …

Cross-Site Request Forgery (CSRF) vulnerability in JinHan Park Rocket Media Library Mime Type rocket-media-library-mime-type allows Stored XSS.This issue affects Rocket Media Library Mime Type: from n/a through <= 2.1.0.

Cross-Site Request Forgery (CSRF) vulnerability in swedish boy Background Control background-control allows Path Traversal.This issue affects Background Control: from n/a through <= 1.0.5.

Cross-Site Request Forgery (CSRF) vulnerability in Dylan James Zephyr Admin Theme zephyr-modern-admin-theme allows Cross Site Request Forgery.This issue affects Zephyr Admin Theme: from n/a through <= 1.4.1.

Teedy through 1.11 allows CSRF for account takeover via POST /api/user/admin.

The LuckyWP Table of Contents plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.10. This is due to missing or incorrect nonce validation on the 'ajaxEdit' function. This makes it pos…

PwnDoc is a penetration test report generator. There is no CSRF protection in pwndoc, allowing attackers to send requests on a logged-in user's behalf. This includes GET and POST requests due to the missing SameSite= attribute on cookies a…

Cross-Site Request Forgery (CSRF), Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - DataTransfer Extension allows Cross Site Request Forgery, Cros…

An issue was discovered in REDCap 14.9.6. It has an action=myprojects&logout=1 CSRF issue in the alert-title while performing an upload of a CSV file containing a list of alert configuration. An attacker can send the victim a CSV file cont…

The EZ SQL Reports Shortcode Widget and DB Backup plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 4.11.13 to 5.25.08. This is due to missing or incorrect nonce validation on the 'ELISQLREPORTS_menu' function. T…

mySCADA myPRO Manager is vulnerable to cross-site request forgery (CSRF), which could allow an attacker to obtain sensitive information. An attacker would need to trick the victim in to visiting an attacker-controlled website.

Cross-Site Request Forgery (CSRF) vulnerability in bnovotny Marquee Style RSS News Ticker marquee-style-rss-news-ticker allows Cross Site Request Forgery.This issue affects Marquee Style RSS News Ticker: from n/a through <= 3.2.0.

Cross-Site Request Forgery (CSRF) vulnerability in Binesh Dobhal go Social go-social allows Stored XSS.This issue affects go Social: from n/a through <= 1.0.

Cross-Site Request Forgery (CSRF) vulnerability in Oren Yomtov Mass Custom Fields Manager mass-custom-fields-manager allows Reflected XSS.This issue affects Mass Custom Fields Manager: from n/a through <= 1.5.

Cross-Site Request Forgery (CSRF) vulnerability in marcucci Password Protect Plugin for WordPress password-protect-plugin-for-wordpress allows Stored XSS.This issue affects Password Protect Plugin for WordPress: from n/a through <= 0.8.1.0.

Cross-Site Request Forgery (CSRF) vulnerability in capa Wp-Scribd-List wp-scribd-list allows Stored XSS.This issue affects Wp-Scribd-List: from n/a through <= 1.2.

Cross-Site Request Forgery (CSRF) vulnerability in mschertel Shockingly Big IE6 Warning shockingly-big-ie6-warning allows Stored XSS.This issue affects Shockingly Big IE6 Warning: from n/a through <= 1.6.3.

Cross-Site Request Forgery (CSRF) vulnerability in scottswezey Easy Tynt easy-tynt allows Cross Site Request Forgery.This issue affects Easy Tynt: from n/a through <= 0.2.5.1.

Cross-Site Request Forgery (CSRF) vulnerability in KokoenDE WP SpaceContent wp-spacecontent allows Stored XSS.This issue affects WP SpaceContent: from n/a through <= 0.4.5.

Cross-Site Request Forgery (CSRF) vulnerability in Master Software Solutions WP VTiger Synchronization msstiger allows Stored XSS.This issue affects WP VTiger Synchronization: from n/a through <= 1.1.1.

Cross-Site Request Forgery (CSRF) vulnerability in Oddthinking EmailShroud emailshroud allows Reflected XSS.This issue affects EmailShroud: from n/a through <= 2.2.1.

Cross-Site Request Forgery (CSRF) vulnerability in Mukesh Dak MD Custom content after or before of post md-custom-content allows Stored XSS.This issue affects MD Custom content after or before of post: from n/a through <= 1.0.

Cross-Site Request Forgery (CSRF) vulnerability in vimal.ghorecha RSS News Scroller rss-news-scroller allows Stored XSS.This issue affects RSS News Scroller: from n/a through <= 2.0.0.

Cross-Site Request Forgery (CSRF) vulnerability in xavsio4 Visit Site Link enhanced visit-site-link-enhanced allows Stored XSS.This issue affects Visit Site Link enhanced: from n/a through <= 1.0.

Cross-Site Request Forgery (CSRF) vulnerability in etemplates ECT Add to Cart Button ect-add-to-cart-button allows Stored XSS.This issue affects ECT Add to Cart Button: from n/a through <= 1.4.

Cross-Site Request Forgery (CSRF) vulnerability in isnowfy my-related-posts my-related-posts allows Stored XSS.This issue affects my-related-posts: from n/a through <= 1.1.

Cross-Site Request Forgery (CSRF) vulnerability in hoyce Universal Analytics Injector universal-analytics-injector allows Stored XSS.This issue affects Universal Analytics Injector: from n/a through <= 1.0.3.