CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,348 vulnerabilities with CWE-352
CVE-2024-32107 MEDIUM
XLPlugins Finale Lite < 2.18.0 - Cross-Site Request Forgery
CVSS 4.3
CVE-2024-32106 MEDIUM
WP Compress - All-In-One <6.10.35 - CSRF
CVSS 4.3
CVE-2024-31936 MEDIUM
UsersWP < 1.2.6 - Cross-Site Request Forgery
CVSS 5.4
CVE-2024-31935 MEDIUM
BracketSpace Simple Post Notes <1.7.6 - CSRF
CVSS 4.3
CVE-2024-31934 MEDIUM
Link Whisper Free < 0.6.9 - Cross-Site Request Forgery
CVSS 4.3
CVE-2024-31932 MEDIUM
Blocksy Companion <= 2.0.28 - Cross-Site Request Forgery
CVSS 5.4
CVE-2024-31285 HIGH
Tooltip WordPress Tooltips <9.5.3 - CSRF
CVSS 7.1
CVE-2024-32112 MEDIUM
Leadinfo <= 1.0 - Cross-Site Request Forgery
CVSS 4.3
CVE-2024-25572 HIGH
Ninja Forms < 3.4.31 - Cross-Site Request Forgery
CVSS 8.8
CVE-2024-2741 HIGH
Planet IGS-4215-16T2S - Firmware v1.305b210528 - CSRF
CVSS 7.1
CVE-2024-29019 HIGH
ESPHome 2023.12.9-2024.3.0 - Cross-Site Request Forgery in Dashboard API Endpoints
CVSS 8.1
CVE-2024-27967 MEDIUM
DSGVO All in one for WP < 4.3 - Cross-Site Request Forgery
CVSS 4.3
CVE-2024-31988 CRITICAL
XWiki Platform <4.10.19, 15.5.4, 15.10-rc-1 - RCE
CVSS 9.6
CVE-2024-31986 CRITICAL
XWiki Platform <4.10.19-15.10-rc-1 - RCE
CVSS 9.0
CVE-2024-31985 MEDIUM
XWiki Platform <4.10.20-15.10-rc-1 - Info Disclosure
CVSS 5.4
CVE-2024-31939 MEDIUM
Import any XML or CSV File to WordPress <= 3.7.3 - Cross-Site Request Forgery
CVSS 4.3
CVE-2024-31430 MEDIUM
WOLF and BEAR WordPress Bulk Editor Plugins - Cross-Site Request Forgery
CVSS 4.3
CVE-2024-31386 MEDIUM
WordPress Themes - Cross-Site Request Forgery
CVSS 4.3
CVE-2024-31944 MEDIUM
Octolize WooCommerce UPS Shipping - CSRF
CVSS 4.3
CVE-2024-31943 MEDIUM
Octolize USPS Shipping <1.9.2 - CSRF
CVSS 4.3
CVE-2024-31299 HIGH
ReDi Restaurant Reservation <24.0128 - CSRF/XSS
CVSS 7.1
CVE-2024-2196 HIGH
aim - Cross-Site Request Forgery via Missing CSRF and CORS Protection
CVSS 8.8
CVE-2024-23734 MEDIUM
savignano S/Notify < 2.0.1 - Cross-Site Request Forgery via User Profile Upload
CVSS 5.2
CVE-2024-27474 HIGH
Leantime 3.0.6 - Cross-Site Request Forgery
CVSS 8.8
CVE-2024-31924 MEDIUM
EWWW Image Optimizer <= 7.2.3 - Cross-Site Request Forgery
CVSS 4.3
Details
Vulnerabilities 9,348
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits