CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,347 vulnerabilities with CWE-352
CVE-2024-37251 MEDIUM
WPENGINE, INC. Advanced Custom Fields PRO <6.3.2 - CSRF
CVSS 4.3
CVE-2024-12646 HIGH
Chunghwa Telecom topm-client - Path Traversal
CVSS 8.1
CVE-2024-12645 MEDIUM
Chunghwa Telecom topm-client >=0.3.14 <0.3.17 - Unauthenticated Arbitrary File Read via Relative Path Traversal
CVSS 6.5
CVE-2024-12644 HIGH
Chunghwa Telecom tbm-client - CSRF & Path Traversal
CVSS 7.1
CVE-2024-12643 HIGH
Chunghwa Telecom tbm-client - Path Traversal
CVSS 8.1
CVE-2024-12642 HIGH
TenderDocTransfer 0.41.151-0.41.157 - Unauthenticated Arbitrary File Write via CSRF and Path Traversal
CVSS 8.1
CVE-2024-12555 MEDIUM
SIP Calculator <= 1.0 - Cross-Site Request Forgery via Missing Nonce Validation
CVSS 6.1
CVE-2024-54139 HIGH
Combodo iTop <2.7.11, <3.1.2, <3.2.0 - XSS
CVSS 7.9
CVE-2024-54351 HIGH
Tom Landis Fancy Roller Scroller -n/a-1.4.0 - XSS
CVSS 7.1
CVE-2024-54337 HIGH
DevriX DX Dark Site -n/a-1.0.1 - CSRF
CVSS 7.1
CVE-2024-54321 MEDIUM
Hive Support < 1.1.2 - Cross-Site Request Forgery
CVSS 4.3
CVE-2024-54307 MEDIUM
AIcomments < 1.4.1 - Cross-Site Request Forgery
CVSS 4.3
CVE-2024-54306 MEDIUM
KCT AIKCT Engine Chatbot <1.6.2 - CSRF
CVSS 4.3
CVE-2024-54300 MEDIUM
Neuralabz LTD. AutoWP <2.0.8 - CSRF
CVSS 4.3
CVE-2024-54248 HIGH
eewee admin custom <= 1.8.2.4 - Cross-Site Request Forgery to Privilege Escalation
CVSS 8.8
CVE-2024-12414 MEDIUM
Themify Store Locator <= 1.1.9 - Cross-Site Request Forgery via Missing Nonce Validation
CVSS 4.3
CVE-2024-12572 MEDIUM
Hello In All Languages plugin <1.0.6 - CSRF
CVSS 6.1
CVE-2024-12526 MEDIUM
Arena.IM - Live Blogging for real-time events < 0.4.1 - Cross-Site Request Forgery via albfre_user_action AJAX Action
CVSS 4.3
CVE-2024-11689 HIGH
HQ Rental Software WordPress <1.5.29 - CSRF
CVSS 8.8
CVE-2024-11419 MEDIUM
Password for WP <= 1.5 - Cross-Site Request Forgery via get3_init_admin_page()
CVSS 6.1
CVE-2024-11417 MEDIUM
WordPress Vernetzungsfunktion <1.97.5 - CSRF
CVSS 6.1
CVE-2024-28141 MEDIUM
Scan2Net < 7.40 - Cross-Site Request Forgery
CVSS 6.3
CVE-2024-12004 MEDIUM
WPC Order Notes for WooCommerce <1.5.2 - CSRF
CVSS 6.1
CVE-2024-55500 HIGH
Avenwu Whistle <= 2.9.90 - Cross-Site Request Forgery
CVSS 8.8
CVE-2024-54226 HIGH
Karl Kiesinger Country Blocker -<3.2 - CSRF
CVSS 7.1
Details
Vulnerabilities 9,347
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits