CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,348 vulnerabilities with CWE-352
CVE-2024-1339 MEDIUM
ImageRecycle pdf & image compression <= 3.1.13 - Cross-Site Request Forgery via Reinitialize Function
CVSS 4.3
CVE-2024-1338 MEDIUM
ImageRecycle pdf & image compression <= 3.1.13 - Cross-Site Request Forgery via stopOptimizeAll Function
CVSS 4.3
CVE-2024-1336 MEDIUM
ImageRecycle pdf & image compression <= 3.1.13 - Cross-Site Request Forgery via optimizeAllOn Function
CVSS 4.3
CVE-2024-1335 MEDIUM
ImageRecycle pdf & image compression <= 3.1.13 - Cross-Site Request Forgery via disableOptimization Function
CVSS 4.3
CVE-2024-1334 MEDIUM
ImageRecycle pdf & image compression <= 3.1.13 - Cross-Site Request Forgery via enableOptimization Function
CVSS 4.3
CVE-2024-0590 MEDIUM
Microsoft Clarity plugin <0.9.3 - CSRF
CVSS 6.1
CVE-2024-0516 MEDIUM
Royal Elementor Addons & Templates <1.3.87 - Info Disclosure
CVSS 5.3
CVE-2024-0515 MEDIUM
Royal Elementor Addons and Templates <1.3.87 - CSRF
CVSS 4.3
CVE-2024-0514 MEDIUM
Royal Elementor Addons and Templates <1.3.87 - CSRF
CVSS 4.3
CVE-2024-0513 MEDIUM
Royal Elementor Addons and Templates <1.3.87 - CSRF
CVSS 4.3
CVE-2024-0512 MEDIUM
Royal Elementor Addons and Templates <1.3.87 - CSRF
CVSS 4.3
CVE-2024-0379 MEDIUM
Custom Twitter Feeds < 2.2.1 - Cross-Site Request Forgery via ctf_auto_save_tokens Function
CVSS 4.3
CVE-2024-23910 HIGH
ELECOM Wireless LAN Routers and Repeaters - Unauthenticated Cross-Site Request Forgery
CVSS 8.8
CVE-2024-26450 MEDIUM
Piwigo < 14.2.0 - Cross-Site Request Forgery and Stored Cross-Site Scripting
CVSS 5.4
CVE-2024-27948 MEDIUM
bytesforall Atahualpa < 3.7.24 - Cross-Site Request Forgery
CVSS 5.4
CVE-2024-21749 MEDIUM
1 click disable all < 1.0.1 - Cross-Site Request Forgery
CVSS 5.4
CVE-2024-24705 MEDIUM
Octa Code Accessibility <1.0.6 - CSRF
CVSS 5.4
CVE-2024-24702 MEDIUM
Page Restrict <2.5.5 - CSRF
CVSS 4.3
CVE-2024-1719 MEDIUM
Contact Form 7 - PayPal & Stripe Add-on <= 2.1 - Cross-Site Request Forgery via wpecpp_stripe_connect_completion
CVSS 4.3
CVE-2024-1954 MEDIUM
Oliver POS - A WooCommerce Point of Sale (POS) <= 2.4.1.8 - Cross-Site Request Forgery via Missing Nonce Validation
CVSS 6.3
CVE-2024-0768 MEDIUM
Elementor Templates & Widgets - CSRF
CVSS 4.3
CVE-2024-0767 MEDIUM
Elementor Templates & Widgets - CSRF
CVSS 4.3
CVE-2024-0433 MEDIUM
Gestpay for WooCommerce <= 20221130 - Cross-Site Request Forgery via ajax_unset_default_card
CVSS 4.3
CVE-2024-0432 MEDIUM
Gestpay for WooCommerce <= 20221130 - Cross-Site Request Forgery via ajax_delete_card Function
CVSS 4.3
CVE-2024-0431 MEDIUM
Gestpay for WooCommerce <= 20221130 - Cross-Site Request Forgery via ajax_set_default_card Function
CVSS 4.3
Details
Vulnerabilities 9,348
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits