CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,354 vulnerabilities with CWE-352
CVE-2023-4865 MEDIUM
SourceCodester Take-Note App 1.0 - CSRF
CVSS 4.3
CVE-2023-40953 HIGH
idreamsoft icms 7.0.16 - Cross-Site Request Forgery
CVSS 8.8
CVE-2023-41946 LOW
Jenkins Frugal Testing Plugin <= 1.1 - Cross-Site Request Forgery
CVSS 3.5
CVE-2023-41942 MEDIUM
Jenkins AWS CodeCommit Trigger Plugin < 3.0.12 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-41938 MEDIUM
Jenkins Ivy Plugin < 2.5 - Cross-Site Request Forgery
CVSS 6.5
CVE-2023-4059 MEDIUM
Profile Builder < 3.9.8 - Unauthenticated Missing Authorization and CSRF in Page Creation Function
CVSS 4.3
CVE-2023-39372 HIGH
StarTrinity Softswitch 2023-02-16 - Cross-Site Request Forgery
CVSS 8.1
CVE-2023-31174 HIGH
SEL-5037 SEL Grid Configurator <4.5.0.20 - CSRF
CVSS 7.4
CVE-2023-4161 MEDIUM
WooCommerce PDF Invoice Builder <= 1.2.90 - Cross-Site Request Forgery via SaveCustomField Function
CVSS 4.3
CVE-2023-4000 MEDIUM
WordPress One-click countdowns <0.6.2 - CSRF
CVSS 6.3
CVE-2023-3764 MEDIUM
WooCommerce PDF Invoice Builder <= 1.2.90 - Cross-Site Request Forgery via Save Function
CVSS 4.3
CVE-2023-2352 MEDIUM
CHP Ads Block Detector <3.9.4 - CSRF
CVSS 4.3
CVE-2023-2279 MEDIUM
WP Directory Kit <= 1.2.1 - Cross-Site Request Forgery via admin_page_display Function
CVSS 5.4
CVE-2023-3356 MEDIUM
Subscribers Text Counter WP <1.7.1 - CSRF/XSS
CVSS 4.3
CVE-2023-23473 MEDIUM
IBM InfoSphere Information Server 11.7.0.0-11.7.1.0, 11.7.0.0-11.7.1.4 - Cross-Site Request Forgery
CVSS 5.3
CVE-2023-40572 CRITICAL
XWiki < 14.10.9 - Cross-Site Request Forgery via Create Action
CVSS 9.0
CVE-2023-4301 MEDIUM
Jenkins Fortify Plugin <22.1.38 - CSRF
CVSS 4.2
CVE-2023-39061 LOW
Chamilo 1.11-1.11.20 - Authenticated Cross-Site Request Forgery via Admin Account Forum Posts
CVSS 3.5
CVE-2023-4455 MEDIUM
wallabag < 2.6.3 - Cross-Site Request Forgery
CVSS 6.5
CVE-2023-4454 MEDIUM
wallabag < 2.6.3 - Cross-Site Request Forgery
CVSS 5.7
CVE-2023-40172 MEDIUM
fobybus social-media-skeleton < 1.0.5 - Cross-Site Request Forgery
CVSS 6.5
CVE-2023-31218 HIGH
Pluginus Wolf - Wordpress Posts Bulk Editor And Products Manager Professional < 1.0.7 - CSRF
CVSS 7.1
CVE-2023-20221 MEDIUM
Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware - Cross-Site Request Forgery
CVSS 6.5
CVE-2023-40351 MEDIUM
Jenkins Favorite View Plugin < 5.v77a_37f62782d - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-40341 HIGH
Jenkins Blue Ocean < 1.27.5 - Cross-Site Request Forgery
CVSS 8.8
Details
Vulnerabilities 9,354
Exploit Likelihood Medium