Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-352

CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,348 vulnerabilities with CWE-352

CVE-2024-24843 HIGH

PowerPack Pro for Elementor <2.10.8 - CSRF

CVE-2024-1501 MEDIUM

Database Reset <= 3.22 - Cross-Site Request Forgery via install_wpr() Function

CVE-2024-25982 MEDIUM

moodle 4.1.0-4.1.8 and 4.3.0-4.3.2 - Cross-Site Request Forgery via Language Pack Update Link

CVE-2024-20986 MEDIUM

Oracle WebLogic Server 12.2.1.4.0 and 14.1.1.0.0 - Unauthenticated Cross-Site Request Forgery

CVE-2024-20933 MEDIUM

Oracle Installed Base 12.2.3-12.2.13 - Unauthenticated Cross-Site Request Forgery in Engineering Change Order

CVE-2024-20718 MEDIUM

Adobe Commerce <2.4.6-p3-2.4.4-p6 - CSRF

CVE-2024-23785 MEDIUM

Sharp JH-RVB1 and JH-RV11 Firmware < b0.1.9.1 - Unauthenticated Cross-Site Request Forgery

CVE-2024-21381 MEDIUM

Microsoft Azure Active Directory B2C - Spoofing

CVE-2024-25914 MEDIUM

Photoboxone SMTP Mail <= 1.3.20 - Cross-Site Request Forgery

CVE-2024-24935 MEDIUM

WpSimpleTools Basic Log Viewer <1.0.5 - CSRF

CVE-2024-24929 MEDIUM

WP Contact Form < 1.6 - Cross-Site Request Forgery

CVE-2024-24887 MEDIUM

Photos and Files Contest Gallery - CSRF

CVE-2024-24884 MEDIUM

ARI Soft Contact Form 7 Connector - CSRF

CVE-2024-24875 MEDIUM

Link Library < 7.5.13 - Cross-Site Request Forgery

CVE-2024-25419 HIGH

flusity-CMS 2.33 - Cross-Site Request Forgery via /core/tools/update_menu.php

CVE-2024-25418 HIGH

flusity v2.33 - Cross-Site Request Forgery via /core/tools/delete_menu.php

CVE-2024-25417 HIGH

flusity-CMS 2.33 - Cross-Site Request Forgery via /core/tools/add_translation.php

CVE-2024-23319 LOW

Mattermost Jira Plugin < 1.1.2-0.20230830170046-f4cf4c6de017 - Cross-Site Request Forgery via Crafted Message

CVE-2024-24819 MEDIUM

icingaweb2-module-incubator < 0.22.0 - Cross-Site Request Forgery via Missing CSRF Token Validation

CVE-2024-24820 HIGH

Icinga 1.0.0-1.8.2 - Cross-Site Request Forgery in Configuration Forms

CVE-2024-0511 MEDIUM

Royal Elementor Addons and Templates <1.3.87 - CSRF

CVE-2024-24706 MEDIUM

Forum One WP-CFM <= 1.7.8 - Cross-Site Request Forgery

CVE-2024-20255 HIGH

Cisco Expressway < 15.0 - Unauthenticated Cross-Site Request Forgery via SOAP API

CVE-2024-20254 CRITICAL

Cisco Expressway < 15.0 - Cross-Site Request Forgery

CVE-2024-20252 CRITICAL

Cisco Expressway < 15.0 - Unauthenticated Cross-Site Request Forgery

Previous Page 145 of 374 Next

Details

Vulnerabilities 9,348

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy