CWE-352

The has a CSRF vulnerability that allows the deletion of a post without using a nonce or prompting for confirmation.

The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.5, Booster Elite for WooCommerce WordPress plugin before 1.1.7 do not have CSRF check in place when deleting files uploaded at the checkout, allowing attackers to make a logged in shop manager or admin delete them via a CSRF attack

Cross-Site Request Forgery (CSRF) vulnerability in Mickey Kay’s Better Font Awesome plugin <= 2.0.1 at WordPress.

Cross-Site Request Forgery (CSRF) vulnerability in Vinoj Cardoza’s Captcha Code plugin <= 2.7 at WordPress.

An issue was discovered in the webmail component in Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0. When using preauth, CSRF tokens are not checked on some POST endpoints. Thus, when an authenticated user views an attacker-controlled page, a request will be sent to the application that appears to be intended. The CSRF token is omitted from the request, but the request still succeeds.

In Progress WS_FTP Server prior to version 8.7.3, forms within the administrative interface did not include a nonce to mitigate the risk of cross-site request forgery (CSRF) attacks.