Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: cms Tag: csrf Clear
ID Title
CVE-2026-13040 Cross-Site Scripting (XSS) in wordpress (CVE-2026-13040)
cross-site scripting in wordpress (CVE-2026-13040). Risk of unauthorized operations or information disclosure.
CVE-2026-9676 Vulnerability in wordpress (CVE-2026-9676)
vulnerability in wordpress (CVE-2026-9676). Risk of unauthorized operations or information disclosure.
CVE-2026-6292 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-6292)
vulnerability in wordpress (CVE-2026-6292). Risk of unauthorized operations or information disclosure.
CVE-2026-7859 Vulnerability in wordpress (CVE-2026-7859)
vulnerability in wordpress (CVE-2026-7859). Risk of unauthorized operations or information disclosure.
CVE-2026-10034 Vulnerability in wordpress (CVE-2026-10034)
vulnerability in wordpress (CVE-2026-10034). Risk of unauthorized operations or information disclosure.
CVE-2026-22342 Unauthenticated Cross Site Request Forgery (CSRF) in WordPress Dating Theme <= 11.2.0 versions.
Unauthenticated Cross Site Request Forgery (CSRF) in WordPress Dating Theme <= 11.2.0 versions.
CVE-2016-20083 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2016-20083)
vulnerability in wordpress (CVE-2016-20083). Risk of unauthorized operations or information disclosure.
CVE-2026-11603 Cross-Site Scripting (XSS) in wordpress (CVE-2026-11603)
cross-site scripting in wordpress (CVE-2026-11603). Risk of unauthorized operations or information disclosure.
CVE-2026-10553 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-10553)
vulnerability in wordpress (CVE-2026-10553). Risk of unauthorized operations or information disclosure.
CVE-2026-6455 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-6455)
vulnerability in wordpress (CVE-2026-6455). Data can be tampered with by attackers.
CVE-2026-7533 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-7533)
vulnerability in wordpress (CVE-2026-7533). Risk of unauthorized operations or information disclosure. Exploitable via ``admin_init``.
CVE-2026-35220 Cross-Site Request Forgery (CSRF) in joomla (CVE-2026-35220)
vulnerability in joomla (CVE-2026-35220). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `6.1.1` or later.
CVE-2026-8174 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-8174)
vulnerability in wordpress (CVE-2026-8174). Data can be tampered with by attackers.
CVE-2026-6405 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-6405)
vulnerability in wordpress (CVE-2026-6405). Risk of unauthorized operations or information disclosure.
CVE-2026-4094 The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to...
The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to...
CVE-2017-1000224 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2017-1000224)
vulnerability in wordpress (CVE-2017-1000224). Data can be tampered with by attackers.
CVE-2015-5533 SQL Injection in wordpress (CVE-2015-5533)
SQL injection in wordpress (CVE-2015-5533). Successful exploitation can lead to full system takeover.
CVE-2017-15808 In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php.
In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php.
CVE-2017-15734 In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.main.php.
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.main.php.
CVE-2017-15733 Cross-Site Request Forgery (CSRF) in csrf (CVE-2017-15733)
vulnerability in csrf (CVE-2017-15733). Successful exploitation can lead to full system takeover.
CVE-2017-15732 In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/news.php.
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/news.php.
CVE-2017-15731 In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.adminlog.php.
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.adminlog.php.
CVE-2017-15730 In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.ratings.php.
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.ratings.php.
CVE-2017-15729 In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for adding a glossary.
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for adding a glossary.
CVE-2017-15735 In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for modifying a glossary.
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for modifying a glossary.
CVE-2015-9233 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2015-9233)
vulnerability in wordpress (CVE-2015-9233). Successful exploitation can lead to full system takeover.
CVE-2015-4089 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2015-4089)
vulnerability in wordpress (CVE-2015-4089). Successful exploitation can lead to full system takeover.
CVE-2017-14530 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2017-14530)
vulnerability in wordpress (CVE-2017-14530). Successful exploitation can lead to full system takeover.
CVE-2015-4697 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2015-4697)
vulnerability in wordpress (CVE-2015-4697). Successful exploitation can lead to full system takeover.
CVE-2017-12949 SQL Injection in wordpress (CVE-2017-12949)
SQL injection in wordpress (CVE-2017-12949). Successful exploitation can lead to full system takeover.
CVE-2017-12651 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2017-12651)
vulnerability in wordpress (CVE-2017-12651). Successful exploitation can lead to full system takeover. Exploitable via `Referer header`.
CVE-2017-9934 Cross-Site Scripting (XSS) in csrf (CVE-2017-9934)
cross-site scripting in csrf (CVE-2017-9934). Risk of unauthorized operations or information disclosure.
CVE-2016-4904 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2016-4904)
vulnerability in wordpress (CVE-2016-4904). Successful exploitation can lead to full system takeover.
CVE-2017-9064 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2017-9064)
vulnerability in wordpress (CVE-2017-9064). Successful exploitation can lead to full system takeover.
CVE-2017-8875 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2017-8875)
vulnerability in wordpress (CVE-2017-8875). Data can be tampered with by attackers.
CVE-2017-8100 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2017-8100)
vulnerability in wordpress (CVE-2017-8100). Data can be tampered with by attackers.
CVE-2017-8099 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2017-8099)
vulnerability in wordpress (CVE-2017-8099). Data can be tampered with by attackers.
CVE-2017-6379 Cross-Site Request Forgery (CSRF) in drupal (CVE-2017-6379)
vulnerability in drupal (CVE-2017-6379). Successful exploitation can lead to full system takeover.
CVE-2017-6819 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2017-6819)
vulnerability in wordpress (CVE-2017-6819). Risk of unauthorized operations or information disclosure.
CVE-2016-6897 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2016-6897)
vulnerability in wordpress (CVE-2016-6897). Confidential information can be exposed externally.
CVE-2017-5492 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2017-5492)
vulnerability in wordpress (CVE-2017-5492). Successful exploitation can lead to full system takeover.
CVE-2017-5489 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2017-5489)
vulnerability in wordpress (CVE-2017-5489). Successful exploitation can lead to full system takeover.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →