CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,357 vulnerabilities with CWE-352
CVE-2023-22678 MEDIUM
Superior FAQ <= 1.0.2 - Cross-Site Request Forgery
CVSS 5.4
CVE-2023-22681 MEDIUM
Aarvanshinfotech Online Exam Software: eExamhall < 4.0 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-1472 MEDIUM
RapidLoad Power-Up for Autoptimize <= 1.7.1 - Cross-Site Request Forgery via AJAX Actions
CVSS 6.3
CVE-2023-25968 MEDIUM
Client Portal - Private user pages and login <= 1.1.8 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-25709 MEDIUM
Plainware Locatoraid Store Locator <= 3.9.11 - Cross-Site Request Forgery
CVSS 5.4
CVE-2023-25708 MEDIUM
Rextheme WP VR - 360 Panorama and Virtual Tour Builder For WordPress <= 8.2.7 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-27234 MEDIUM
jizhicms 2.4.5 - Cross-Site Request Forgery in /Sys/index.html
CVSS 6.5
CVE-2023-24920 MEDIUM
Microsoft Dynamics 365 (on-premises) - XSS
CVSS 5.4
CVE-2023-27073 MEDIUM
Online Food Ordering System v1.0 - CSRF
CVSS 6.5
CVE-2023-25170 MEDIUM
PrestaShop < 8.0.1 - Cross-Site Request Forgery via Session Fixation
CVSS 5.0
CVE-2023-25973 MEDIUM
Auto Affiliate Links <= 6.3.0.2 - Cross-Site Request Forgery
CVSS 5.4
CVE-2023-23711 MEDIUM
A2 Hosting A2 Optimized WP <= 3.0.4 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-22700 MEDIUM
PixelYourSite - Your smart PIXEL (TAG) Manager <= 9.3.0 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-25991 MEDIUM
RegistrationMagic < 5.1.9.2 - Cross-Site Request Forgery
CVSS 5.4
CVE-2023-1346 MEDIUM
RapidLoad Power-Up for Autoptimize <= 1.7.1 - Cross-Site Request Forgery via Clear Page Cache Function
CVSS 4.3
CVE-2023-1345 MEDIUM
RapidLoad Power-Up for Autoptimize <= 1.7.1 - Cross-Site Request Forgery via queue_posts Function
CVSS 4.3
CVE-2023-1344 MEDIUM
RapidLoad Power-Up for Autoptimize <= 1.7.1 - Unauthenticated Cross-Site Request Forgery via uucss_update_rule Function
CVSS 4.3
CVE-2023-1343 MEDIUM
RapidLoad Power-Up for Autoptimize <= 1.7.1 - Cross-Site Request Forgery via attach_rule Function
CVSS 4.3
CVE-2023-1342 MEDIUM
RapidLoad Power-Up for Autoptimize <= 1.7.1 - Cross-Site Request Forgery via ucss_connect Function
CVSS 4.3
CVE-2023-1341 MEDIUM
RapidLoad Power-Up for Autoptimize <= 1.7.1 - Unauthenticated Cross-Site Request Forgery via ajax_deactivate Function
CVSS 4.3
CVE-2023-1340 MEDIUM
RapidLoad Power-Up for Autoptimize <= 1.7.1 - Cross-Site Request Forgery via clear_uucss_logs Function
CVSS 4.3
CVE-2023-1205 HIGH
NETGEAR Nighthawk WiFi6 Router < 1.0.10.94 - Cross-Site Request Forgery
CVSS 8.8
CVE-2023-27490 HIGH
next-auth < 4.20.1 - Authentication Bypass via OAuth CSRF Protection Failure
CVSS 8.1
CVE-2023-23984 MEDIUM
Wow-Company Bubble Menu <= 3.0.1 - CSRF
CVSS 4.3
CVE-2023-23974 MEDIUM
Fullworks Quick Event Manager <= 9.7.4 - CSRF
CVSS 4.3
Details
Vulnerabilities 9,357
Exploit Likelihood Medium