CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,350 vulnerabilities with CWE-352
CVE-2023-48755 MEDIUM
teachPress < 9.0.4 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-47806 MEDIUM
Saint Systems Disable User Login < 1.3.7 - Cross-Site Request Forgery
CVSS 5.4
CVE-2023-47789 MEDIUM
WooCommerce Canada Post Shipping Method < 2.8.3 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-47787 MEDIUM
WooCommerce Bookings <= 2.0.3 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-33214 MEDIUM
Tagbox - Cross-Site Request Forgery
CVSS 5.4
CVE-2023-49853 MEDIUM
PayTR Taksit Tablosu - WooCommerce < 1.3.1 - Cross-Site Request Forgery
CVSS 5.4
CVE-2023-49844 MEDIUM
WPPerformanceTester < 2.0.0 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-49843 MEDIUM
First Order Discount Woocommerce < 1.21 - Cross-Site Request Forgery
CVSS 5.4
CVE-2023-49840 MEDIUM
Multi Currency For WooCommerce < 1.5.5 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-50372 MEDIUM
Custom Post Type Page Template < 1.1 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-49855 MEDIUM
Menu Bar Cart Icon For WooCommerce By Binary Carpenter < 1.49.3 - Cross-Site Request Forgery
CVSS 6.5
CVE-2023-49854 MEDIUM
Caddy - Smart Side Cart for WooCommerce <= 1.9.7 - Cross-Site Request Forgery
CVSS 5.4
CVE-2023-6904 MEDIUM
Jahastech NxFilter 4.3.2.5 - Cross-Site Request Forgery via admin_name Parameter
CVSS 4.3
CVE-2023-49834 MEDIUM
FOX - Currency Switcher Professional for WooCommerce < 1.4.1.4 - Cross-Site Request Forgery
CVSS 5.4
CVE-2023-49824 MEDIUM
PixelYourSite Product Catalog Feed < 2.1.1 - Cross-Site Request Forgery
CVSS 5.4
CVE-2023-49816 MEDIUM
Fix My Feed RSS Repair < 1.4 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-49775 MEDIUM
Denis Kobozev CSV Importer < 0.3.8 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-49769 MEDIUM
SoftLab Integrate Google Drive <= 1.3.4 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-49751 MEDIUM
Block for Font Awesome < 1.4.0 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-24380 MEDIUM
Simple Wp Sitemap < 1.2.1 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-50722 CRITICAL
XWiki Platform 2.3-14.10.4 - Unauthenticated Remote Code Execution via Configurable Admin Section URL Parameter
CVSS 9.6
CVE-2023-49749 MEDIUM
SureTriggers < 1.0.23 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-49744 MEDIUM
Gift Up Gift Cards for WordPress and WooCommerce <= 2.21.3 - Cross-Site Request Forgery
CVSS 5.4
CVE-2023-49197 MEDIUM
DoFollow Case by Case < 3.4.2 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-50870 MEDIUM
JetBrains TeamCity < 2023.11.1 - Cross-Site Request Forgery on Login
CVSS 4.3
Details
Vulnerabilities 9,350
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits