CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,355 vulnerabilities with CWE-352
CVE-2023-3201 MEDIUM
MStore API < 3.9.6 - Cross-Site Request Forgery via mstore_update_new_order_title Function
CVSS 4.3
CVE-2023-3200 MEDIUM
MStore API < 3.9.6 - Cross-Site Request Forgery via mstore_update_new_order_message Function
CVSS 4.3
CVE-2023-3198 MEDIUM
MStore API < 3.9.6 - Cross-Site Request Forgery via mstore_update_status_order_message
CVSS 4.3
CVE-2023-30901 MEDIUM
Siemens Q200 Firmware < 2.70 - CSRF
CVSS 4.3
CVE-2023-2563 MEDIUM
Contact Forms by Cimatti <= 1.5.7 - Cross-Site Request Forgery via _accua_forms_form_edit_action
CVSS 4.3
CVE-2023-2277 MEDIUM
WP Directory Kit <= 1.1.9 - Cross-Site Request Forgery via Missing Nonce Validation
CVSS 6.1
CVE-2023-2286 MEDIUM
WP Activity Log < 4.5.0 - Cross-Site Request Forgery via ajax_run_cleanup Function
CVSS 4.3
CVE-2023-2285 MEDIUM
WP Activity Log Premium <= 4.5.0 - Cross-Site Request Forgery via ajax_switch_db Function
CVSS 4.3
CVE-2023-2896 MEDIUM
WP EasyCart <= 5.4.8 - Cross-Site Request Forgery via process_duplicate_product Function
CVSS 4.3
CVE-2023-2895 MEDIUM
WP EasyCart <= 5.4.8 - Cross-Site Request Forgery via Bulk Product Activation
CVSS 4.3
CVE-2023-2894 MEDIUM
WP EasyCart <= 5.4.8 - Cross-Site Request Forgery via Bulk Deactivate Product Function
CVSS 4.3
CVE-2023-2893 MEDIUM
WP EasyCart <= 5.4.8 - Cross-Site Request Forgery via process_deactivate_product Function
CVSS 4.3
CVE-2023-2892 MEDIUM
WP EasyCart <= 5.4.8 - Cross-Site Request Forgery via Bulk Delete Product Function
CVSS 6.5
CVE-2023-2891 MEDIUM
WP EasyCart <= 5.4.8 - Cross-Site Request Forgery via process_delete_product Function
CVSS 6.5
CVE-2023-2599 LOW
Active Directory Integration / LDAP Integration < 4.1.4 - CSRF leading to Time-Based SQL Injection
CVSS 3.1
CVE-2023-2526 MEDIUM
Easy Google Maps <= 1.11.7 - Cross-Site Request Forgery via AJAX Action Handler
CVSS 5.4
CVE-2023-2087 MEDIUM
Essential Blocks <= 4.0.6 - Cross-Site Request Forgery via Missing Nonce Validation
CVSS 4.3
CVE-2023-2067 MEDIUM
Announcement & Notification Banner - Bulletin < 3.7.0 - Cross-Site Request Forgery via Missing Nonce Validation
CVSS 6.3
CVE-2023-1807 MEDIUM
Elementor Addons, Widgets and Enhancements - Stax <1.4.3 - CSRF
CVSS 4.3
CVE-2023-0832 MEDIUM
Under Construction < 3.96 - Cross-Site Request Forgery via admin_action_install_weglot
CVSS 4.3
CVE-2023-0831 MEDIUM
Under Construction < 3.96 - Cross-Site Request Forgery via admin_action_ucp_dismiss_notice
CVSS 4.3
CVE-2023-0729 MEDIUM
Wicked Folders < 2.18.16 - Cross-Site Request Forgery via ajax_save_sort_order Function
CVSS 5.4
CVE-2023-0292 MEDIUM
Quiz And Survey Master <8.0.8 - CSRF
CVSS 5.4
CVE-2023-31200 MEDIUM
PTC Vuforia Studio < 9.9 - Cross-Site Request Forgery
CVSS 5.7
CVE-2023-33409 MEDIUM
minical 1.0.0 - Cross-Site Request Forgery via Company Settings Controller
CVSS 6.5
Details
Vulnerabilities 9,355
Exploit Likelihood Medium