CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,352 vulnerabilities with CWE-352
CVE-2023-41668 MEDIUM
Leadster < 1.1.2 - Cross-Site Request Forgery
CVSS 5.4
CVE-2023-41667 MEDIUM
Ulf Benjaminsson WP-dTree <4.4.5 - CSRF
CVSS 4.3
CVE-2023-41660 MEDIUM
WPSynchro WP Synchro <= 1.9.1 - Cross-Site Request Forgery
CVSS 6.5
CVE-2023-44993 MEDIUM
QuantumCloud AI ChatBot <= 4.7.8 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-44473 MEDIUM
Table of Contents Plus < 2302 - Cross-Site Request Forgery
CVSS 5.4
CVE-2023-44240 MEDIUM
Peter Butler Timthumb Vulnerability Scanner <= 1.54 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-44246 MEDIUM
Shockingly Simple Favicon <= 1.8.2 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-44238 MEDIUM
Remove slug from custom post type <= 1.0.3 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-44237 MEDIUM
WP Site Protector < 2.0 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-44236 MEDIUM
Devnath verma WP Captcha <= 2.0.0 - Cross-Site Request Forgery
CVSS 5.4
CVE-2023-44260 MEDIUM
Woocommerce ESTO <= 2.23.1 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-44232 MEDIUM
WP Hide Pages <= 1.0 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-44231 MEDIUM
NickDuncan Contact Form <= 2.0.10 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-3589 MEDIUM
Teamwork Cloud No Magic Release 2021x-2022x - Cross-Site Request Forgery
CVSS 6.8
CVE-2023-45374 MEDIUM
MediaWiki SportsTeams Extension CSRF in Special Pages
CVSS 5.3
CVE-2023-44243 MEDIUM
Dylan Blokhuis Instant CSS <= 1.2.1 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-44233 MEDIUM
FooPlugins FooGallery <= 2.2.44 - Cross-Site Request Forgery
CVSS 5.4
CVE-2023-44146 MEDIUM
Checkfront Online Booking System <3.6 - CSRF
CVSS 4.3
CVE-2023-41950 MEDIUM
Laposta Signup Basic <= 1.4.1 - Cross-Site Request Forgery
CVSS 5.4
CVE-2023-41801 MEDIUM
AWP Classifieds <= 4.3 - Cross-Site Request Forgery
CVSS 5.4
CVE-2023-41732 MEDIUM
CodePeople CP Blocks <= 1.0.20 - Cross-Site Request Forgery
CVSS 5.4
CVE-2023-41659 MEDIUM
Jules Colle, BDWM Responsive Gallery Grid < 2.3.10 - CSRF
CVSS 5.4
CVE-2023-41654 MEDIUM
Andreas Heigl authLdap <2.5.8 - CSRF
CVSS 5.4
CVE-2023-41650 MEDIUM
Venugopal Remove/hide Author, Date, Category Like Entry-Meta < 2.1 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-40607 MEDIUM
CLUEVO LMS, E-Learning Platform <= 1.10.0 - Cross-Site Request Forgery
CVSS 4.3
Details
Vulnerabilities 9,352
Exploit Likelihood Medium