CWE-352
Medium likelihoodCross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
9,357 vulnerabilities with CWE-352
CVE-2023-20130
MEDIUM
Cisco Prime Infrastructure/EPNM - XSS/CSRF
CVSS 6.5
CVE-2023-1871
MEDIUM
YourChannel WordPress <1.2.3 - CSRF
CVSS 5.4
CVE-2023-1870
MEDIUM
YourChannel WordPress <1.2.3 - CSRF
CVSS 4.3
CVE-2023-1867
MEDIUM
YourChannel WordPress <1.2.3 - CSRF
CVSS 5.4
CVE-2023-1866
MEDIUM
YourChannel WordPress <1.2.3 - CSRF
CVSS 5.4
CVE-2023-0480
HIGH
VitalPBX 3.2.3-8 - Unauthenticated Cross-Site Request Forgery
CVSS 8.8
CVE-2023-29003
HIGH
SvelteKit < 1.15.1 - CSRF Protection Bypass via Content-Type Header
CVSS 8.8
CVE-2023-28848
MEDIUM
Nextcloud user_oidc 1.0.0-1.3.0 - Cross-Site Request Forgery via State Token Bypass
CVSS 4.8
CVE-2023-1330
MEDIUM
Redirection < 1.1.4 - Cross-Site Request Forgery via Redirect Addition
CVSS 6.5
CVE-2023-0820
HIGH
User Role by BestWebSoft < 1.6.7 - Cross-Site Request Forgery in Role Capability Update
CVSS 8.8
CVE-2023-28676
HIGH
Jenkins Convert To Pipeline Plugin <1.0 - CSRF
CVSS 8.8
CVE-2023-28674
HIGH
Jenkins OctoPerf Load Testing Plugin <4.5.2 - CSRF
CVSS 8.8
CVE-2023-28671
MEDIUM
Jenkins OctoPerf Load Testing Plugin <4.5.0 - CSRF
CVSS 4.3
CVE-2023-23861
MEDIUM
German Mesky GMAce <= 1.5.2 - Cross-Site Request Forgery
CVSS 5.4
CVE-2023-1509
HIGH
GMAce <= 1.5.2 - Cross-Site Request Forgery via wp_ajax_gmace_manager AJAX Action
CVSS 8.8
CVE-2023-28718
HIGH
Osprey Pump Controller <1.01 - CSRF
CVSS 7.1
CVE-2023-1089
MEDIUM
Coupon Zen WordPress Plugin < 1.0.6 - Cross-Site Request Forgery via Plugin Activation
CVSS 4.3
CVE-2023-0498
MEDIUM
WP Education < 1.2.7 - Cross-Site Request Forgery via Plugin Activation
CVSS 4.3
CVE-2023-0497
MEDIUM
HT Portfolio < 1.1.6 - Cross-Site Request Forgery via Plugin Activation
CVSS 4.3
CVE-2023-0336
MEDIUM
OoohBoi Steroids for Elementor < 2.1.5 - Unauthenticated Attachment Deletion via CSRF and Broken Access Control
CVSS 6.5
CVE-2023-0335
MEDIUM
WP Shamsi < 4.3.3 - Missing Authorization and CSRF via Attachment Deletion
CVSS 6.5
CVE-2023-28335
HIGH
moodle 4.1.0-4.1.2 - Cross-Site Request Forgery via Database Activity Template Reset Link
CVSS 8.8
CVE-2023-20113
MEDIUM
Cisco SD-WAN vManage Software - CSRF
CVSS 6.5
CVE-2023-0870
HIGH
OpenNMS Horizon < 31.0.6 and Meridian 2020.1.0-2020.1.33 - Cross-Site Request Forgery
CVSS 8.1
CVE-2023-23721
MEDIUM
Admin Log <= 1.50 - Cross-Site Request Forgery
CVSS 4.3
Details
Vulnerabilities
9,357
Exploit Likelihood
Medium