Vulnerabilities (CVE)

Filtered by CWE-352
Total 7663 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-3538 1 Webmaster Tools Verification Project 1 Webmaster Tools Verification 2025-04-30 N/A 6.5 MEDIUM
The Webmaster Tools Verification WordPress plugin through 1.2 does not have authorisation and CSRF checks when disabling plugins, allowing unauthenticated users to disable arbitrary plugins
CVE-2025-46249 1 Migaweb 1 Simple Calendar For Elementor 2025-04-30 N/A 4.3 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in Michael Simple calendar for Elementor allows Cross Site Request Forgery. This issue affects Simple calendar for Elementor: from n/a through 1.6.4.
CVE-2025-46251 1 E4jconnect 1 Vikrestaurants Table Reservations And Take-away 2025-04-30 N/A 7.1 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in e4jvikwp VikRestaurants Table Reservations and Take-Away allows Cross Site Request Forgery. This issue affects VikRestaurants Table Reservations and Take-Away: from n/a through 1.3.3.
CVE-2022-43693 1 Concretecms 1 Concrete Cms 2025-04-30 N/A 8.8 HIGH
Concrete CMS is vulnerable to CSRF due to the lack of "State" parameter for external Concrete authentication service for users of Concrete who use the "out of the box" core OAuth.
CVE-2025-27189 1 Adobe 1 Commerce B2b 2025-04-30 N/A 4.3 MEDIUM
Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could be exploited to cause a denial-of-service condition. An attacker could trick a logged-in user into submitting a forged request to the vulnerable application, which may disrupt service availability. Exploitation of this issue requires user interaction, typically in the form of clicking a malicious link or visiting an attacker-controlled website.
CVE-2022-42246 1 Duofoxtechnologies 1 Duofox Cms 2025-04-29 N/A 8.8 HIGH
Doufox 0.0.4 contains a CSRF vulnerability that can add system administrator account.
CVE-2020-23582 1 Optilinknetwork 2 Op-xt71000n, Op-xt71000n Firmware 2025-04-29 N/A 6.5 MEDIUM
A vulnerability in the "/admin/wlmultipleap.asp" of optilink OP-XT71000N version: V2.2 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to create Multiple WLAN BSSID.
CVE-2025-46241 1 Codepeople 1 Appointment Booking Calendar 2025-04-29 N/A 8.2 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in codepeople Appointment Booking Calendar allows SQL Injection. This issue affects Appointment Booking Calendar: from n/a through 1.3.92.
CVE-2025-46243 1 Sktthemes 1 Recover Abandoned Cart For Woocommerce 2025-04-29 N/A 4.3 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in sonalsinha21 Recover abandoned cart for WooCommerce allows Cross Site Request Forgery. This issue affects Recover abandoned cart for WooCommerce: from n/a through 2.2.
CVE-2025-46245 1 Cminds 1 Cm Ad Changer 2025-04-29 N/A 4.3 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSolutions CM Ad Changer allows Cross Site Request Forgery. This issue affects CM Ad Changer: from n/a through 2.0.5.
CVE-2025-46246 1 Cminds 1 Cm Answers 2025-04-29 N/A 4.3 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSolutions CM Answers allows Cross Site Request Forgery. This issue affects CM Answers: from n/a through 3.3.3.
CVE-2025-31690 2025-04-29 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Cache Utility allows Cross Site Request Forgery.This issue affects Cache Utility: from 0.0.0 before 1.2.1.
CVE-2025-31689 2025-04-29 N/A 8.1 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Drupal General Data Protection Regulation allows Cross Site Request Forgery.This issue affects General Data Protection Regulation: from 0.0.0 before 3.0.1, from 3.1.0 before 3.1.2.
CVE-2025-31688 2025-04-29 N/A 6.8 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Configuration Split allows Cross Site Request Forgery.This issue affects Configuration Split: from 0.0.0 before 1.10.0, from 2.0.0 before 2.0.2.
CVE-2025-31684 2025-04-29 N/A 6.8 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in Drupal OAuth2 Client allows Cross Site Request Forgery.This issue affects OAuth2 Client: from 0.0.0 before 4.1.3.
CVE-2021-29334 1 Jizhicms 1 Jizhicms 2025-04-29 N/A 8.8 HIGH
An issue was discovered in JIZHI CMS 1.9.4. There is a CSRF vulnerability that can add an admin account via index, /admin.php/Admin/adminadd.html
CVE-2020-23593 1 Optilinknetwork 2 Op-xt71000n, Op-xt71000n Firmware 2025-04-29 N/A 6.5 MEDIUM
A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2, Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross site request forgery (CSRF) attack to enable syslog mode through ' /mgm_log_cfg.asp.' The system starts to log events, 'Remote' mode or 'Both' mode on "Syslog -- Configuration page" logs events and sends to remote syslog server IP and Port.
CVE-2020-23592 1 Optilinknetwork 2 Op-xt71000n, Op-xt71000n Firmware 2025-04-29 N/A 8.8 HIGH
A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to Reset ONU to Factory Default through ' /mgm_dev_reset.asp.' Resetting to default leads to Escalation of Privileges by logging-in with default credentials.
CVE-2020-23590 1 Optilinknetwork 2 Op-xt71000n, Op-xt71000n Firmware 2025-04-29 N/A 6.5 MEDIUM
A vulnerability in Optilink OP-XT71000N Hardware version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated remote attacker to conduct a cross-site request forgery (CSRF) attack to change the Password for "WLAN SSID" through "wlwpa.asp".
CVE-2020-23589 1 Optilinknetwork 2 Op-xt71000n, Op-xt71000n Firmware 2025-04-29 N/A 6.5 MEDIUM
A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to cause a Denial of Service by Rebooting the router through " /mgm_dev_reboot.asp."