CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,357 vulnerabilities with CWE-352
CVE-2023-23797 MEDIUM
SecondLineThemes Auto YouTube Importer <= 1.0.3 - Cross-Site Request Forgery
CVSS 5.4
CVE-2023-23813 MEDIUM
My Calendar <= 3.4.3 - Cross-Site Request Forgery
CVSS 5.4
CVE-2023-23712 MEDIUM
User Meta Manager <= 3.4.9 - Cross-Site Request Forgery
CVSS 5.4
CVE-2023-23680 MEDIUM
WP-TopBar < 5.36 - Cross-Site Request Forgery
CVSS 5.4
CVE-2023-22714 MEDIUM
Supsystic Coming Soon by Supsystic <= 1.7.10 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-22709 MEDIUM
SRS Simple Hits Counter <= 1.1.0 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-22692 MEDIUM
Name Directory < 1.27.1 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-22688 MEDIUM
Abdul Ibad WP Tabs Slides <= 2.0.3 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-32589 MEDIUM
PingOnline Dyslexiefont Free <= 1.0.0 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-24414 MEDIUM
RoboSoft Photo Gallery, Images, Slider in Rbs Image Gallery <= 3.2.11 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-23890 HIGH
LJ Apps WP Airbnb Review Slider <3.2 - CSRF
CVSS 7.1
CVE-2023-22689 MEDIUM
Auto Affiliate Links <= 6.3 - Cross-Site Request Forgery
CVSS 4.6
CVE-2023-2736 HIGH
Groundhogg <= 2.7.9.8 - Cross-Site Request Forgery via ajax_edit_contact Function
CVSS 7.5
CVE-2023-2717 MEDIUM
Groundhogg <= 2.7.9.8 - Cross-Site Request Forgery via Missing Nonce Validation
CVSS 5.4
CVE-2023-27430 MEDIUM
Ramon Fincken Mass Delete Unused Tags <= 2.0.0 - Cross-Site Request Forgery
CVSS 5.4
CVE-2023-27423 MEDIUM
Ramon Fincken Auto Prune Posts <= 1.8.0 - Cross-Site Request Forgery
CVSS 5.4
CVE-2023-25698 MEDIUM
Studio Wombat Shoppable Images <= 1.2.3 - Cross-Site Request Forgery
CVSS 5.4
CVE-2023-2608 LOW
Multiple Page Generator Plugin <3.3.17 - CSRF leading to SQL Injection
CVSS 3.1
CVE-2023-2528 MEDIUM
Contact Form by Supsystic <= 1.7.24 - Cross-Site Request Forgery via AJAX Action Handler
CVSS 5.4
CVE-2023-2631 MEDIUM
Jenkins Code Dx Plugin <3.1.0 - SSRF
CVSS 4.3
CVE-2023-2195 MEDIUM
Jenkins Code Dx Plugin <3.1.0 - CSRF
CVSS 4.3
CVE-2023-33006 MEDIUM
Jenkins WSO2 Oauth Plugin < 1.0 - Cross-Site Request Forgery
CVSS 5.4
CVE-2023-33003 MEDIUM
Jenkins Tag Profiler Plugin < 0.2 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-32998 HIGH
Jenkins AppSpider Plugin <= 1.0.15 - Cross-Site Request Forgery via HTTP POST Request
CVSS 8.8
CVE-2023-32995 HIGH
Jenkins SAML Single Sign On Plugin < 2.0.0 - Cross-Site Request Forgery via Email API
CVSS 8.8
Details
Vulnerabilities 9,357
Exploit Likelihood Medium