CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,357 vulnerabilities with CWE-352
CVE-2023-20130 MEDIUM
Cisco Prime Infrastructure/EPNM - XSS/CSRF
CVSS 6.5
CVE-2023-1871 MEDIUM
YourChannel WordPress <1.2.3 - CSRF
CVSS 5.4
CVE-2023-1870 MEDIUM
YourChannel WordPress <1.2.3 - CSRF
CVSS 4.3
CVE-2023-1867 MEDIUM
YourChannel WordPress <1.2.3 - CSRF
CVSS 5.4
CVE-2023-1866 MEDIUM
YourChannel WordPress <1.2.3 - CSRF
CVSS 5.4
CVE-2023-0480 HIGH
VitalPBX 3.2.3-8 - Unauthenticated Cross-Site Request Forgery
CVSS 8.8
CVE-2023-29003 HIGH
SvelteKit < 1.15.1 - CSRF Protection Bypass via Content-Type Header
CVSS 8.8
CVE-2023-28848 MEDIUM
Nextcloud user_oidc 1.0.0-1.3.0 - Cross-Site Request Forgery via State Token Bypass
CVSS 4.8
CVE-2023-1330 MEDIUM
Redirection < 1.1.4 - Cross-Site Request Forgery via Redirect Addition
CVSS 6.5
CVE-2023-0820 HIGH
User Role by BestWebSoft < 1.6.7 - Cross-Site Request Forgery in Role Capability Update
CVSS 8.8
CVE-2023-28676 HIGH
Jenkins Convert To Pipeline Plugin <1.0 - CSRF
CVSS 8.8
CVE-2023-28674 HIGH
Jenkins OctoPerf Load Testing Plugin <4.5.2 - CSRF
CVSS 8.8
CVE-2023-28671 MEDIUM
Jenkins OctoPerf Load Testing Plugin <4.5.0 - CSRF
CVSS 4.3
CVE-2023-23861 MEDIUM
German Mesky GMAce <= 1.5.2 - Cross-Site Request Forgery
CVSS 5.4
CVE-2023-1509 HIGH
GMAce <= 1.5.2 - Cross-Site Request Forgery via wp_ajax_gmace_manager AJAX Action
CVSS 8.8
CVE-2023-28718 HIGH
Osprey Pump Controller <1.01 - CSRF
CVSS 7.1
CVE-2023-1089 MEDIUM
Coupon Zen WordPress Plugin < 1.0.6 - Cross-Site Request Forgery via Plugin Activation
CVSS 4.3
CVE-2023-0498 MEDIUM
WP Education < 1.2.7 - Cross-Site Request Forgery via Plugin Activation
CVSS 4.3
CVE-2023-0497 MEDIUM
HT Portfolio < 1.1.6 - Cross-Site Request Forgery via Plugin Activation
CVSS 4.3
CVE-2023-0336 MEDIUM
OoohBoi Steroids for Elementor < 2.1.5 - Unauthenticated Attachment Deletion via CSRF and Broken Access Control
CVSS 6.5
CVE-2023-0335 MEDIUM
WP Shamsi < 4.3.3 - Missing Authorization and CSRF via Attachment Deletion
CVSS 6.5
CVE-2023-28335 HIGH
moodle 4.1.0-4.1.2 - Cross-Site Request Forgery via Database Activity Template Reset Link
CVSS 8.8
CVE-2023-20113 MEDIUM
Cisco SD-WAN vManage Software - CSRF
CVSS 6.5
CVE-2023-0870 HIGH
OpenNMS Horizon < 31.0.6 and Meridian 2020.1.0-2020.1.33 - Cross-Site Request Forgery
CVSS 8.1
CVE-2023-23721 MEDIUM
Admin Log <= 1.50 - Cross-Site Request Forgery
CVSS 4.3
Details
Vulnerabilities 9,357
Exploit Likelihood Medium