CWE-352

The Ninja Forms plugin before 3.4.27.1 for WordPress allows CSRF via services integration.

JupyterHub 1.1.0 allows CSRF in the admin panel via a request that lacks an _xsrf field, as demonstrated by a /hub/api/user request (to add or remove a user account).

BloofoxCMS 0.5.2.1 allows Cross-Site Request Forgery (CSRF) via ‘mode=settings&page=editor’, as demonstrated by use of ‘mode=settings&page=editor’ to change any file content (Locally/Remotely).

An issue was discovered in the XCloner Backup and Restore plugin before 4.2.153 for WordPress. It allows CSRF (via almost any endpoint).

An issue was discovered in YzmCMS V5.8. There is a CSRF vulnerability that can add member user accounts via member/member/add.html.

A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugin before 3.5.0 for WordPress allows File Upload and Local File Inclusion via settings modification, leading to Remote Code Execution and XSS. (It is possible to bypass CSRF protection by simply not including a nonce parameter.)