CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,355 vulnerabilities with CWE-352
CVE-2023-30607 MEDIUM
icinga_web_jira_integration 1.3.0-1.3.2 - Cross-Site Request Forgery in Template and Field Configuration Forms
CVSS 5.0
CVE-2023-31999 HIGH
fastify/oauth2 < 7.2.0 - Cross-Site Request Forgery via Static State Parameter
CVSS 8.8
CVE-2023-36162 HIGH
ZZCMS v.2023 and earlier - Cross-Site Request Forgery via adminlist.php Add Function
CVSS 8.8
CVE-2023-3407 MEDIUM
Subscribe2 < 10.40 - Cross-Site Request Forgery via Test Email Nonce Bypass
CVSS 4.3
CVE-2023-3427 MEDIUM
Salon Booking System < 8.4.6 - Cross-Site Request Forgery via Missing Nonce Validation
CVSS 5.4
CVE-2023-34839 MEDIUM
Issabel PBX 4.0.0-6 - Cross-Site Request Forgery via New User Creation
CVSS 6.8
CVE-2023-3411 MEDIUM
Image Map Pro Lite <= 1.0.0 - Cross-Site Request Forgery via ajax_store_save()
CVSS 6.1
CVE-2023-1722 CRITICAL
Yoga Class Registration System <1.0 - Command Injection
CVSS 9.1
CVE-2023-34028 MEDIUM
Pluginus Wolf - Wordpress Posts Bulk Editor And Manager Professional < 1.0.7 - CSRF
CVSS 4.3
CVE-2023-34927 MEDIUM
Casdoor < 1.331.0 - Cross-Site Request Forgery via Password Reset Endpoint
CVSS 6.5
CVE-2023-32960 HIGH
UpdraftPlus WordPress Backup Plugin <= 1.23.3 - Cross-Site Request Forgery Leading to Sitewide Cross-Site Scripting
CVSS 7.1
CVE-2023-35917 MEDIUM
WooCommerce PayPal Payments <2.0.4 - CSRF
CVSS 4.3
CVE-2023-23795 HIGH
Muneeb Form Builder <= 1.9.9.0 - Cross-Site Request Forgery Leading to Post/Page Deletion
CVSS 7.1
CVE-2023-2533 HIGH KEV
PaperCut NG/MF < 20.1.8 - Cross-Site Request Forgery
CVSS 8.4
CVE-2023-34373 MEDIUM
Zephyr Project Manager <= 3.3.93 - Cross-Site Request Forgery
CVSS 5.4
CVE-2023-30759 HIGH
Ricoh Printer Driver Packager NX 1.0.02-1.1.25 - Unauthenticated Arbitrary Code Execution via Modified Driver Package
CVSS 7.8
CVE-2023-27634 HIGH
Intrepidity < 1.5.1 - Cross-Site Request Forgery
CVSS 8.8
CVE-2023-25055 MEDIUM
Google XML Sitemap for Videos <= 2.6.1 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-25450 MEDIUM
GiveWP - Donation Plugin and Fundraising Platform <= 2.25.1 - Cross-Site Request Forgery via give_cache_flush
CVSS 5.4
CVE-2023-23802 MEDIUM
HasThemes HT Easy GA4 (Google Analytics 4) <= 1.0.6 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-25449 MEDIUM
cformsII <= 15.0.4 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-35030 HIGH
Liferay DXP 7.4.3.70-7.4.3.76 - Cross-Site Request Forgery via SEO Configuration BackURL Parameter
CVSS 8.8
CVE-2023-35148 MEDIUM
Jenkins Digital.ai App Management Publisher < 2.6 - Cross-Site Request Forgery
CVSS 6.5
CVE-2023-35141 HIGH
Jenkins < 2.400 - Cross-Site Request Forgery via Context Menu URL
CVSS 8.0
CVE-2023-3203 MEDIUM
MStore API < 3.9.6 - Cross-Site Request Forgery via mstore_update_limit_product Function
CVSS 4.3
Details
Vulnerabilities 9,355
Exploit Likelihood Medium