CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,348 vulnerabilities with CWE-352
CVE-2023-22675 MEDIUM
WP Fast Cache < 1.5 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-53688 MEDIUM
Nagios XI < 5.11.3 - Cross-Site Scripting and Cross-Site Request Forgery via Hypermap Replay
CVSS 5.4
CVE-2023-7297 LOW
TwitterPosts WordPress Plugin <= 1.0.2 - Cross-Site Request Forgery in Settings Update
CVSS 3.5
CVE-2023-7229 MEDIUM
illi Link Party! < 1.0 - Cross-Site Request Forgery in Settings Update
CVSS 5.5
CVE-2023-7197 HIGH
Marketing Twitter Bot < 1.11 - Cross-Site Request Forgery and Stored Cross-Site Scripting
CVSS 7.1
CVE-2023-7196 MEDIUM
Ultimate Noindex Nofollow Tool < 1.1.2 - Cross-Site Request Forgery in Settings Update
CVSS 4.3
CVE-2023-7195 MEDIUM
WP-Reply Notify < 1.1 - Cross-Site Request Forgery in Settings Update
CVSS 4.3
CVE-2023-7174 HIGH
abitgone_commentsafe < 1.0.0 - Cross-Site Request Forgery and Stored Cross-Site Scripting
CVSS 7.1
CVE-2023-5934 HIGH
Travelpayouts: All Travel Brands in One Place WordPress Plugin < 1.1.13 - Cross-Site Request Forgery via Settings Import
CVSS 7.3
CVE-2023-2334 MEDIUM
edd-google-sheet-connector-pro <1.4/Easy Digital Downloads Google S...
CVSS 5.4
CVE-2023-48790 HIGH
Fortinet FortiNDR <7.4.0, 7.2.1-7.1.1 - CSRF
CVSS 7.5
CVE-2023-38739 MEDIUM
IBM Sterling B2B Integrator 6.0.0.0-6.1.2.5 and 6.2.0.0-6.2.0.3 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-42234 MEDIUM
HelpdeskAdvanced <= 11.0.33 - Cross-Site Request Forgery via WSCView Function
CVSS 5.4
CVE-2023-41686 MEDIUM
ilGhera Woocommerce Support System - CSRF
CVSS 6.5
CVE-2023-28688 MEDIUM
ThemeHunk TH Variation Swatches - CSRF
CVSS 5.4
CVE-2023-23726 MEDIUM
Tickera < 3.5.1.0 - Cross-Site Request Forgery
CVSS 5.4
CVE-2023-0737 MEDIUM
wallabag < 2.5.4 - Cross-Site Request Forgery via Account Delete Endpoint
CVSS 6.5
CVE-2023-26248 MEDIUM
go-libp2p-kad-dht <= 0.20.0 - Content Censorship via Sybil Peer ID Hijacking
CVSS 5.3
CVE-2023-6243 MEDIUM
EventON PRO - WordPress Virtual Event Calendar Plugin <4.6.8 - CSRF
CVSS 4.3
CVE-2023-7273 MEDIUM
Kiteworks OwnCloud < 10.12.2 - Cross-Site Request Forgery via Authorization Header Bypass
CVSS 6.8
CVE-2023-2919 MEDIUM
Tutor LMS < 2.7.5 - Cross-Site Request Forgery via Addon Enable/Disable Function
CVSS 4.3
CVE-2023-3409 MEDIUM
Bricks < 1.8.1 - Cross-Site Request Forgery via Missing Nonce Validation
CVSS 5.4
CVE-2023-3408 MEDIUM
Bricks < 1.8.1 - Cross-Site Request Forgery via 'save_settings' Function
CVSS 4.3
CVE-2023-1604 MEDIUM
Short URL <= 1.6.8 - Cross-Site Request Forgery via Configuration Page
CVSS 4.7
CVE-2023-38001 MEDIUM
IBM Aspera Orchestrator 4.0.1 - Cross-Site Request Forgery
CVSS 6.5
Details
Vulnerabilities 9,348
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits