CWE-352
Medium likelihoodCross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
9,355 vulnerabilities with CWE-352
CVE-2023-30607
MEDIUM
icinga_web_jira_integration 1.3.0-1.3.2 - Cross-Site Request Forgery in Template and Field Configuration Forms
CVSS 5.0
CVE-2023-31999
HIGH
fastify/oauth2 < 7.2.0 - Cross-Site Request Forgery via Static State Parameter
CVSS 8.8
CVE-2023-36162
HIGH
ZZCMS v.2023 and earlier - Cross-Site Request Forgery via adminlist.php Add Function
CVSS 8.8
CVE-2023-3407
MEDIUM
Subscribe2 < 10.40 - Cross-Site Request Forgery via Test Email Nonce Bypass
CVSS 4.3
CVE-2023-3427
MEDIUM
Salon Booking System < 8.4.6 - Cross-Site Request Forgery via Missing Nonce Validation
CVSS 5.4
CVE-2023-34839
MEDIUM
Issabel PBX 4.0.0-6 - Cross-Site Request Forgery via New User Creation
CVSS 6.8
CVE-2023-3411
MEDIUM
Image Map Pro Lite <= 1.0.0 - Cross-Site Request Forgery via ajax_store_save()
CVSS 6.1
CVE-2023-1722
CRITICAL
Yoga Class Registration System <1.0 - Command Injection
CVSS 9.1
CVE-2023-34028
MEDIUM
Pluginus Wolf - Wordpress Posts Bulk Editor And Manager Professional < 1.0.7 - CSRF
CVSS 4.3
CVE-2023-34927
MEDIUM
Casdoor < 1.331.0 - Cross-Site Request Forgery via Password Reset Endpoint
CVSS 6.5
CVE-2023-32960
HIGH
UpdraftPlus WordPress Backup Plugin <= 1.23.3 - Cross-Site Request Forgery Leading to Sitewide Cross-Site Scripting
CVSS 7.1
CVE-2023-35917
MEDIUM
WooCommerce PayPal Payments <2.0.4 - CSRF
CVSS 4.3
CVE-2023-23795
HIGH
Muneeb Form Builder <= 1.9.9.0 - Cross-Site Request Forgery Leading to Post/Page Deletion
CVSS 7.1
CVE-2023-2533
HIGH
KEV
PaperCut NG/MF < 20.1.8 - Cross-Site Request Forgery
CVSS 8.4
CVE-2023-34373
MEDIUM
Zephyr Project Manager <= 3.3.93 - Cross-Site Request Forgery
CVSS 5.4
CVE-2023-30759
HIGH
Ricoh Printer Driver Packager NX 1.0.02-1.1.25 - Unauthenticated Arbitrary Code Execution via Modified Driver Package
CVSS 7.8
CVE-2023-27634
HIGH
Intrepidity < 1.5.1 - Cross-Site Request Forgery
CVSS 8.8
CVE-2023-25055
MEDIUM
Google XML Sitemap for Videos <= 2.6.1 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-25450
MEDIUM
GiveWP - Donation Plugin and Fundraising Platform <= 2.25.1 - Cross-Site Request Forgery via give_cache_flush
CVSS 5.4
CVE-2023-23802
MEDIUM
HasThemes HT Easy GA4 (Google Analytics 4) <= 1.0.6 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-25449
MEDIUM
cformsII <= 15.0.4 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-35030
HIGH
Liferay DXP 7.4.3.70-7.4.3.76 - Cross-Site Request Forgery via SEO Configuration BackURL Parameter
CVSS 8.8
CVE-2023-35148
MEDIUM
Jenkins Digital.ai App Management Publisher < 2.6 - Cross-Site Request Forgery
CVSS 6.5
CVE-2023-35141
HIGH
Jenkins < 2.400 - Cross-Site Request Forgery via Context Menu URL
CVSS 8.0
CVE-2023-3203
MEDIUM
MStore API < 3.9.6 - Cross-Site Request Forgery via mstore_update_limit_product Function
CVSS 4.3
Details
Vulnerabilities
9,355
Exploit Likelihood
Medium