CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,355 vulnerabilities with CWE-352
CVE-2023-22693 MEDIUM
WP Google Tag Manager <= 1.1 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-25976 MEDIUM
CRM Perks Integration for Contact Form 7 and Zoho CRM, Bigin <= 1.2.2 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-25971 MEDIUM
FixBD Educare < 1.4.1 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-24007 MEDIUM
TheOnlineHero - Tom Skroza Admin Block Country <7.1.4 - CSRF
CVSS 4.3
CVE-2023-23714 MEDIUM
Uncanny Toolkit for LearnDash <= 3.6.4.1 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-30484 MEDIUM
uPress Enable Accessibility <= 1.4 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-25474 MEDIUM
About Me 3000 Widget < 2.2.6 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-26014 MEDIUM
Minify HTML <= 2.1.7 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-26011 MEDIUM
Read More Excerpt Link <= 1.6 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-33359 MEDIUM
Piwigo 13.6.0 - Cross-Site Request Forgery in Add Tags Function
CVSS 4.3
CVE-2023-25056 MEDIUM
Feed Them Social <= 3.0.2 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-23713 MEDIUM
Theme Tweaker <= 5.20 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-23705 MEDIUM
WordPress Books Gallery <= 4.4.8 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-25707 MEDIUM
VikBooking Hotel Booking Engine & PMS <= 1.5.12 - Cross-Site Request Forgery
CVSS 6.3
CVE-2023-25481 MEDIUM
Podlove Subscribe button <= 1.3.7 - Cross-Site Request Forgery
CVSS 5.4
CVE-2023-25472 MEDIUM
Podlove Podcast Publisher <= 3.8.3 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-23724 MEDIUM
WP Email Capture <= 3.9.3 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-23706 MEDIUM
miniOrange WordPress Social Login and Register <= 7.5.14 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-27387 HIGH
Tandd Tr-71w Firmware - CSRF
CVSS 8.8
CVE-2023-31708 MEDIUM
EyouCMS 1.6.2 - Cross-Site Request Forgery via Upload Software Format Function
CVSS 4.3
CVE-2023-2505 HIGH
birddog a300_firmware mini_firmware 4k_quad_firmware studio_r3_firmware - Cross-Site Request Forgery
CVSS 7.7
CVE-2023-25448 MEDIUM
Archivist - Custom Archive Templates <= 1.7.4 - Cross-Site Request Forgery
CVSS 5.4
CVE-2023-25447 MEDIUM
ColorWay <= 4.2.3 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-23797 MEDIUM
SecondLineThemes Auto YouTube Importer <= 1.0.3 - Cross-Site Request Forgery
CVSS 5.4
CVE-2023-23813 MEDIUM
My Calendar <= 3.4.3 - Cross-Site Request Forgery
CVSS 5.4
Details
Vulnerabilities 9,355
Exploit Likelihood Medium