CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,354 vulnerabilities with CWE-352
CVE-2023-37964 HIGH
Jenkins ElasticBox CI Plugin < 5.0.1 - Cross-Site Request Forgery
CVSS 8.8
CVE-2023-37962 HIGH
Jenkins Benchmark Evaluator Plugin < 1.0.1 - Cross-Site Request Forgery
CVSS 8.8
CVE-2023-37961 HIGH
Jenkins Assembla Auth Plugin < 1.14 - Cross-Site Request Forgery
CVSS 8.8
CVE-2023-37958 HIGH
Jenkins Sumologic Publisher Plugin < 2.2.1 - Cross-Site Request Forgery
CVSS 8.8
CVE-2023-37957 HIGH
Jenkins Pipeline restFul API Plugin < 0.11 - Cross-Site Request Forgery
CVSS 8.8
CVE-2023-37955 MEDIUM
Jenkins Test Results Aggregator < 1.2.13 - Cross-Site Request Forgery
CVSS 6.5
CVE-2023-37954 MEDIUM
Jenkins Rebuilder < 320.v5a_0933a_e7d61 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-37952 MEDIUM
Jenkins mabl Plugin < 0.0.46 - Cross-Site Request Forgery via Credential Capture
CVSS 6.5
CVE-2023-3202 MEDIUM
MStore API < 3.9.6 - Cross-Site Request Forgery via mstore_update_firebase_server_key Function
CVSS 4.3
CVE-2023-3199 MEDIUM
MStore API - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-3011 MEDIUM
ARMember < 4.0.5 - Cross-Site Request Forgery via arm_check_user_cap Function
CVSS 6.5
CVE-2023-2517 MEDIUM
Metform Elementor Contact Form Builder <= 3.3.2 - Cross-Site Request Forgery via Permalink Setup Function
CVSS 5.4
CVE-2023-3627 HIGH
GitHub salesagility/suitecrm-core <8.3.1 - CSRF
CVSS 8.8
CVE-2023-37597 HIGH
Issabel PBX 4.0.0-6 - Cross-Site Request Forgery via User Grouplist Deletion
CVSS 8.1
CVE-2023-37596 HIGH
Issabel PBX 4.0.0-6 - Cross-Site Request Forgery via Delete User Function
CVSS 8.1
CVE-2023-2746 CRITICAL
Rockwell Automation Enhanced HIM - Cross-Site Request Forgery via Insecure CORS Settings
CVSS 9.6
CVE-2023-36690 HIGH
VibeThemes WPLMS < 4.900 - Cross-Site Request Forgery
CVSS 8.1
CVE-2023-36522 MEDIUM
Quiz Expert - Easy Quiz Maker, Exam and Test Manager < 1.5.0 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-35773 MEDIUM
Template Debugger <= 3.1.2 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-35091 MEDIUM
Stock Manager for WooCommerce <= 2.10.0 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-35044 MEDIUM
Securimage-WP < 3.6.16 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-34029 MEDIUM
Disable Wordpress Update Notifications And Auto-update Email Notifications < 2.3.3 - CSRF
CVSS 4.3
CVE-2023-32104 MEDIUM
MyCurator Content Curation < 3.74 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-25706 MEDIUM
Pagup WordPress Robots.Txt optimization <= 1.4.5 - Cross-Site Request Forgery
CVSS 5.4
CVE-2023-25443 MEDIUM
Wow-Company Button Generator <= 2.3.5 - Cross-Site Request Forgery
CVSS 4.3
Details
Vulnerabilities 9,354
Exploit Likelihood Medium