CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,355 vulnerabilities with CWE-352
CVE-2023-2079 HIGH
Buy Me a Coffee - Button and Widget Plugin <= 3.7 - Cross-Site Request Forgery via Missing Nonce Validation
CVSS 7.1
CVE-2023-37277 CRITICAL
XWiki 1.8-14.10.8 - Cross-Site Request Forgery via REST API
CVSS 9.6
CVE-2023-3579 MEDIUM
HadSky 7.11.8 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-37392 MEDIUM
WP Dummy Content Generator <= 2.3.0 - Cross-Site Request Forgery
CVSS 5.4
CVE-2023-36691 MEDIUM
Albert Peschar WebwinkelKeur <= 3.24 - CSRF
CVSS 5.4
CVE-2023-35912 MEDIUM
WP Zone Potent Donations for WooCommerce <= 1.1.9 - CSRF
CVSS 4.3
CVE-2023-28995 MEDIUM
Keith Solomon Configurable Tag Cloud (CTC) <= 5.2 - Cross-Site Request Forgery
CVSS 5.4
CVE-2023-28989 MEDIUM
Happy Addons for Elementor <= 3.8.2 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-28986 MEDIUM
Affiliates Manager <= 2.9.20 - Cross-Site Request Forgery
CVSS 5.4
CVE-2023-25478 MEDIUM
Weather Station < 3.8.12 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-24405 MEDIUM
Scott Paterson Contact Form 7 - PayPal & Stripe Add-on <1.9.3 - CSRF
CVSS 5.4
CVE-2023-24395 MEDIUM
Scott Paterson Contact Form 7 Redirect & Thank You Page <1.0.3 - CSRF
CVSS 5.4
CVE-2023-23993 MEDIUM
LionScripts.Com LionScripts: IP Blocker Lite <11.1.1 - CSRF
CVSS 5.4
CVE-2023-23897 MEDIUM
Ozette Plugins Simple Mobile URL Redirect <1.7.2 - CSRF
CVSS 4.3
CVE-2023-23869 MEDIUM
Amit Agarwal Google XML Sitemap for Mobile <= 1.6.1 - CSRF
CVSS 4.3
CVE-2023-23804 MEDIUM
HasThemes HT Feed <= 1.2.7 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-23787 MEDIUM
Premmerce Redirect Manager <= 1.0.9 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-22695 MEDIUM
Custom Field Template <= 2.5.8 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-22694 MEDIUM
BigContact Contact Page <= 1.5.8 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-22673 MEDIUM
MageNet Website Monetization by MageNet <= 1.0.29.1 - Cross-Site Request Forgery
CVSS 5.4
CVE-2023-20180 MEDIUM
Cisco Webex Meetings - Unauthenticated Cross-Site Request Forgery
CVSS 4.3
CVE-2023-36256 MEDIUM
Online Examination System Project 1.0 - CSRF
CVSS 6.5
CVE-2023-25201 HIGH
MultiTech Conduit AP MTCAP2-L4E1-868-042A v6.0.0 - Cross-Site Request Forgery via Script Upload
CVSS 8.8
CVE-2023-35120 HIGH
PiiGAB M-Bus 900s Firmware - Cross-Site Request Forgery
CVSS 8.8
CVE-2023-37131 MEDIUM
YznCMS 1.1.0 - Cross-Site Request Forgery in Admin Profile Update
CVSS 6.5
Details
Vulnerabilities 9,355
Exploit Likelihood Medium