CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,354 vulnerabilities with CWE-352
CVE-2023-25482 MEDIUM
WP Tiles <= 1.1.2 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-25475 MEDIUM
Smart YouTube PRO < 4.3 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-25473 MEDIUM
Flickr Justified Gallery <= 3.5 - Cross-Site Request Forgery
CVSS 5.4
CVE-2023-37985 MEDIUM
FiveStarPlugins Restaurant Menu and Food Ordering < 2.4.6 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-37974 MEDIUM
WP Social AutoConnect <= 4.6.1 - Cross-Site Request Forgery
CVSS 5.4
CVE-2023-37968 MEDIUM
Faboba Falang multilanguage for WordPress <= 1.3.39 - Cross-Site Request Forgery
CVSS 5.4
CVE-2023-36514 MEDIUM
WooCommerce Shipping Multiple Addresses <3.8.5 - CSRF
CVSS 6.5
CVE-2023-36513 MEDIUM
WooCommerce AutomateWoo <5.7.5 - CSRF
CVSS 5.4
CVE-2023-36511 MEDIUM
WooCommerce Order Barcodes <1.6.4 - CSRF
CVSS 4.3
CVE-2023-34005 MEDIUM
Etoile Web Design Front End Users <= 3.2.24 - CSRF
CVSS 6.5
CVE-2023-3179 HIGH
POST SMTP Mailer WordPress <2.5.7 - CSRF
CVSS 8.8
CVE-2023-35880 MEDIUM
WooCommerce Brands <= 1.6.49 - Cross-Site Request Forgery
CVSS 5.4
CVE-2023-35096 MEDIUM
myCred < 2.5 - Cross-Site Request Forgery
CVSS 6.5
CVE-2023-35089 MEDIUM
Recipe Maker For Your Food Blog from Zip Recipes <= 8.0.7 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-35038 MEDIUM
wpexperts WP PDF Generator <= 1.2.2 - Cross-Site Request Forgery
CVSS 5.4
CVE-2023-31216 MEDIUM
Ultimate Member < 2.6.0 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-27424 MEDIUM
Inactive User Deleter <= 1.59 - Cross-Site Request Forgery
CVSS 5.4
CVE-2023-27606 MEDIUM
WP Reroute Email <= 1.4.6 - Cross-Site Request Forgery
CVSS 5.4
CVE-2023-23719 MEDIUM
Premmerce < 1.3.17 - Cross-Site Request Forgery
CVSS 5.4
CVE-2023-23646 MEDIUM
A WP Life Album Gallery - WordPress Gallery <= 1.4.9 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-22672 MEDIUM
vSlider Multi Image Slider for WordPress <= 4.1.2 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-38349 HIGH
PNP4Nagios 0.6.26 - Cross-Site Request Forgery via AJAX Controller
CVSS 8.8
CVE-2023-32761 HIGH
Archer < 6.12.0.6 - Authenticated Cross-Site Request Forgery
CVSS 8.1
CVE-2023-37598 MEDIUM
Issabel PBX 4.0.0-6 - Cross-Site Request Forgery via Delete Virtual Fax Function
CVSS 4.5
CVE-2023-37562 HIGH
ELECOM WTC-C1167GC-B and WTC-C1167GC-W < 1.17 - Cross-Site Request Forgery
CVSS 8.8
Details
Vulnerabilities 9,354
Exploit Likelihood Medium