CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,363 vulnerabilities with CWE-352
CVE-2023-1341 MEDIUM
RapidLoad Power-Up for Autoptimize <= 1.7.1 - Unauthenticated Cross-Site Request Forgery via ajax_deactivate Function
CVSS 4.3
CVE-2023-1340 MEDIUM
RapidLoad Power-Up for Autoptimize <= 1.7.1 - Cross-Site Request Forgery via clear_uucss_logs Function
CVSS 4.3
CVE-2023-1205 HIGH
NETGEAR Nighthawk WiFi6 Router < 1.0.10.94 - Cross-Site Request Forgery
CVSS 8.8
CVE-2023-27490 HIGH
next-auth < 4.20.1 - Authentication Bypass via OAuth CSRF Protection Failure
CVSS 8.1
CVE-2023-23984 MEDIUM
Wow-Company Bubble Menu <= 3.0.1 - CSRF
CVSS 4.3
CVE-2023-23974 MEDIUM
Fullworks Quick Event Manager <= 9.7.4 - CSRF
CVSS 4.3
CVE-2023-23973 MEDIUM
a3rev Software Contact People <= 3.7.0 - CSRF
CVSS 4.3
CVE-2023-27295 MEDIUM
OpenCATS - Cross-Site Request Forgery via Missing CSRF Token
CVSS 5.4
CVE-2023-23983 MEDIUM
wpdevart Responsive Vertical Icon Menu <= 1.5.8 - CSRF
CVSS 5.4
CVE-2023-23865 MEDIUM
Stripe Payments For WooCommerce <= 1.4.10 - CSRF
CVSS 4.3
CVE-2023-24419 HIGH
Strategy11 Form Builder <= 5.5.6 - CSRF
CVSS 7.1
CVE-2023-23992 MEDIUM
AutomatorWP <= 2.5.0 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-1028 MEDIUM
WP Meta SEO <= 4.5.3 - Cross-Site Request Forgery via setIgnore Function
CVSS 4.3
CVE-2023-1068 MEDIUM
Read More Excerpt Link < 1.6.0 - Cross-Site Request Forgery via Missing Nonce Validation
CVSS 4.3
CVE-2023-1033 HIGH
froxlor < 2.0.11 - Cross-Site Request Forgery
CVSS 8.8
CVE-2023-1029 MEDIUM
WP Meta SEO <= 4.5.3 - Cross-Site Request Forgery via regenerateSitemaps Function
CVSS 4.3
CVE-2023-0999 MEDIUM
Sales Tracker Management System 1.0 - Cross-Site Request Forgery in User List Page
CVSS 4.3
CVE-2023-20011 HIGH
Cisco APIC - Cross-Site Request Forgery
CVSS 8.8
CVE-2023-24415 MEDIUM
QuantumCloud AI ChatBot <4.2.8 - CSRF
CVSS 5.4
CVE-2023-0988 MEDIUM
SourceCodester Online Pizza Ordering System 1.0 - Cross-Site Request Forgery in admin/ajax.php
CVSS 4.3
CVE-2023-24384 MEDIUM
WpDevArt Organization chart <= 1.4.4 - CSRF
CVSS 4.3
CVE-2023-23659 MEDIUM
MainWP Matomo Extension <= 4.0.4 - Cross-Site Request Forgery
CVSS 4.3
CVE-2023-25569 MEDIUM
Apollo < 2.1.0 - Cross-Site Request Forgery via Role Assignment
CVSS 5.7
CVE-2023-24388 MEDIUM
WpDevArt Booking calendar <3.2.3 - CSRF
CVSS 4.3
CVE-2023-23899 MEDIUM
HasThemes Extensions For CF7 <2.0.8 - CSRF
CVSS 4.3
Details
Vulnerabilities 9,363
Exploit Likelihood Medium