Loading...
Loading...
8,720 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Swatchly plugin <= 1.2.0 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Muneeb Form Builder plugin <= 1.9.9.0 versions.
Cross-Site Request Forgery (CSRF) vulnerability in SecondLineThemes Auto YouTube Importer plugin <= 1.0.3 versions.
Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Really Simple Google Tag Manager plugin <= 1.0.6 versions.
Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Easy GA4 ( Google Analytics 4 ) plugin <= 1.0.6 versions.
Cross-Site Request Forgery (CSRF) vulnerability in HasThemes JustTables plugin <= 1.4.9 versions.
Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Feed plugin <= 1.2.7 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My Calendar plugin <= 3.4.3 versions.
A cross-site request forgery (CSRF) vulnerability in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another meth…
Cross-Site Request Forgery (CSRF) vulnerability in German Mesky GMAce plugin <= 1.5.2 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Checkout Plugins Stripe Payments For WooCommerce plugin <= 1.4.10 leads to settings change.
Cross-Site Request Forgery (CSRF) vulnerability in Amit Agarwal Google XML Sitemap for Mobile plugin <= 1.6.1 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Nicolas Zeh PHP Execution plugin <= 1.0.0 versions.
Cross-Site Request Forgery (CSRF) vulnerability in LJ Apps WP Airbnb Review Slider plugin <= 3.2 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Ozette Plugins Simple Mobile URL Redirect plugin <= 1.7.2 versions.
Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Extensions For CF7 plugin <= 2.0.8 versions leads to arbitrary plugin activation.
Cross-Site Request Forgery (CSRF) vulnerability in a3rev Software Contact Us Page – Contact People plugin <= 3.7.0.
Cross-Site Request Forgery (CSRF) vulnerability in Fullworks Quick Event Manager plugin <= 9.7.4 affecting all registration actions (delete, delete all, edit, update).
Cross-Site Request Forgery (CSRF) vulnerability in wpdevart Responsive Vertical Icon Menu plugin <= 1.5.8 can lead to theme deletion.
Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Bubble Menu – circle floating menu plugin <= 3.0.1 leading to form deletion.
Cross-Site Request Forgery (CSRF) vulnerability in AutomatorWP plugin <= 2.5.0 leads to object delete.
Cross-Site Request Forgery (CSRF) vulnerability in LionScripts.Com LionScripts: IP Blocker Lite plugin <= 11.1.1 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Dave Jesch Database Collation Fix plugin <= 1.2.7 versions.
Cross-Site Request Forgery (CSRF) vulnerability in TheOnlineHero - Tom Skroza Admin Block Country plugin <= 7.1.4 versions.
Cross-Site Request Forgery (CSRF) vulnerability in yonifre Maspik – Spam Blacklist plugin <= 0.7.8 versions.
Cross Site Request Forgery (CSRF) vulnerability in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain control of the device via crafted GET request to /man_password.htm.
The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.0. This is due to missing nonce validation in the vcita-callback.php file. This makes it possible f…
The Event Registration Calendar By vcita plugin, versions up to and including 3.10.0, and Online Payments – Get Paid with PayPal, Square & Stripe plugin, for WordPress are vulnerable to Cross-Site Request Forgery. This is due to missing …
The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the vcita_logout_callback function in versions up to, and including, 4.5. This…
Cross-Site Request Forgery (CSRF) vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart plugin <= 6.11.3 versions.
The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due to missing or incorrect nonce validation on the 'userpro_save_userdata' function. This makes it possible for …
Cross-Site Request Forgery (CSRF) vulnerability in Webbjocke Simple Wp Sitemap.This issue affects Simple Wp Sitemap: from n/a through 1.2.1.
Cross-Site Request Forgery (CSRF) vulnerability in Photon WP Material Design Icons for Page Builders plugin <= 1.4.2 versions.
Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Organization chart <= 1.4.4 versions.
Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Booking calendar, Appointment Booking System plugin <= 3.2.3 versions affects plugin forms actions (create, duplicate, edit, delete).
Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Contact Form 7 Redirect & Thank You Page plugin <= 1.0.3 versions.
The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing nonce validation in the 'admin_page', 'userpro_verify_user' and 'verifyUnverifyAllUsers' functions…
Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Contact Form 7 – PayPal & Stripe Add-on plugin <= 1.9.3 versions.
Cross-Site Request Forgery (CSRF) vulnerability in RoboSoft Photo Gallery, Images, Slider in Rbs Image Gallery plugin <= 3.2.11 versions.
Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud AI ChatBot plugin <= 4.2.8 versions.
Cross-Site Request Forgery (CSRF) vulnerability in tiggersWelt.Net Worthy plugin <= 1.6.5-6497609 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Form Builder Team Formidable Forms plugin <= 5.5.6 versions.
Cross-Site Request Forgery (CSRF) vulnerability in WP Engine PHP Compatibility Checker plugin <= 1.5.2 versions.
A cross-site request forgery (CSRF) vulnerability in Jenkins Gerrit Trigger Plugin 2.38.0 and earlier allows attackers to rebuild previous builds triggered by Gerrit.
A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket OAuth Plugin 0.12 and earlier allows attackers to trick users into logging in to the attacker's account.
A cross-site request forgery (CSRF) vulnerability in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another meth…
A cross-site request forgery (CSRF) vulnerability in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another m…
A cross-site request forgery (CSRF) vulnerability in Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through an…
A cross site request forgery vulnerability exists in Rockwell Automation's FactoryTalk Vantagepoint. This vulnerability can be exploited in two ways. If an attacker sends a malicious link to a computer that is on the same domain as the Fa…
A cross-site request forgery (CSRF) vulnerability in Jenkins OpenID Plugin 2.4 and earlier allows attackers to trick users into logging in to the attacker's account.
EchelonGraph correlates every CVE — across CWE-352 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →