Search Vulnerabilities

OpenClaw < 2026.3.31 - Cross-Site Request Forgery via Missing Browser-Origin Validation in HTTP Operator Endpoints

Hackage CSRF vulnerability

Cross-Site Request Forgery (CSRF) in GitLab

WordPress Avada theme < 7.13.2 - Cross Site Request Forgery (CSRF) vulnerability

DX Unanswered Comments <= 1.7 - Cross-Site Request Forgery via Settings Update

Google PageRank Display <= 1.4 - Cross-Site Request Forgery to Settings Update via Settings Page

Kcaptcha <= 1.0.1 - Cross-Site Request Forgery to Settings Update

Inquiry cart <= 3.4.2 - Cross-Site Request Forgery via Settings Form

Call To Action Plugin <= 3.1.3 - Cross-Site Request Forgery via Settings Update

mCatFilter <= 0.5.2 - Cross-Site Request Forgery via compute_post() Function

Fast & Fancy Filter – 3F <= 1.2.2 - Cross-Site Request Forgery to Settings Modification via fff_save_settins AJAX Action

Ni WooCommerce Order Export <= 3.1.6 - Cross-Site Request Forgery to Settings Update via ni_order_export_action AJAX Action

TextP2P Texting Widget <= 1.7 - Cross-Site Request Forgery to Settings Update

WP Responsive Popup + Optin <= 1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'wpo_image_url' Parameter

WWBN AVideo's missing CSRF protection in objects/commentDelete.json.php enables mass comment deletion against moderators and content creators

AVideo: Missing CSRF Protection on State-Changing JSON Endpoints Enables Forced Comment Creation, Vote Manipulation, and Category Asset Deletion

WWBN AVideo Vulnerable to CSRF in Admin JSON Endpoints (Category CRUD, Plugin Update Script)

WWBN AVideo has CSRF in configurationUpdate.json.php Enables Full Site Configuration Takeover Including Encoder URL and SMTP Credentials

goshs: CSRF in state-changing GET routes enables authenticated file deletion and directory creation

FreeScout's Mailbox OAuth disconnect uses a state-changing GET and is CSRFable