CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,371 vulnerabilities with CWE-352
CVE-2021-47730 HIGH
Selea Targa IP OCR-ANPR Camera - CSRF
CVSS 8.8
CVE-2021-47723 HIGH
STVS ProVision 5.9.10 - Cross-Site Request Forgery
CVSS 8.8
CVE-2021-47702 MEDIUM
OpenBMCS 2.4 - Cross-Site Request Forgery via sendFeedback.php Endpoint
CVSS 4.3
CVE-2021-27704 MEDIUM
Appspace 6.2.4 - Incorrect Access Control via Password Reset Page
CVSS 6.5
CVE-2021-27701 MEDIUM
SOCIFI Socifi Guest wifi - Cross-Site Request Forgery via Socifi wifi portal
CVSS 4.7
CVE-2021-45785 MEDIUM
TruDesk Help Desk/Ticketing Solution v1.1.11 - CSRF
CVSS 6.5
CVE-2021-28656 MEDIUM
Apache Zeppelin < 0.9.0 - Cross-Site Request Forgery in Credential Page
CVSS 5.4
CVE-2021-29050 HIGH
Liferay Portal < 7.3.6 and DXP 7.2 < 7.2.10.fp11 - Cross-Site Request Forgery in Terms of Use Page
CVSS 8.8
CVE-2021-25117 MEDIUM
WP-PostRatings <1.86.1 - Info Disclosure
CVSS 4.8
CVE-2021-24870 MEDIUM
WP Fastest Cache < 0.9.5 - CSRF & Stored XSS via wpfc_save_cdn_integration
CVSS 6.1
CVE-2021-4418 MEDIUM
Custom CSS, JS & PHP < 2.0.7 - Cross-Site Request Forgery via save() Function
CVSS 4.3
CVE-2021-4427 MEDIUM
Vuukle Comments, Reactions, Share Bar, Revenue <= 3.4.31 - Cross-Site Request Forgery via Missing Nonce Validation
CVSS 4.3
CVE-2021-4426 MEDIUM
Absolute Reviews <= 1.0.8 - Cross-Site Request Forgery via metabox_review_save()
CVSS 4.3
CVE-2021-4425 MEDIUM
Defender Security < 2.4.6 - Cross-Site Request Forgery via verify_otp_login_time() Function
CVSS 4.3
CVE-2021-4424 MEDIUM
Slider Hero < 8.2.0 - Cross-Site Request Forgery via qc_slider_hero_duplicate() Function
CVSS 4.3
CVE-2021-4423 MEDIUM
RAYS Grid <= 1.2.2 - Cross-Site Request Forgery via rsgd_insert_update() Function
CVSS 4.3
CVE-2021-4422 MEDIUM
Post SMTP < 2.0.20 - Cross-Site Request Forgery via CSV Export Function
CVSS 4.3
CVE-2021-4421 MEDIUM
Advanced Popups <= 1.1.1 - Cross-Site Request Forgery via metabox_popup_save()
CVSS 4.3
CVE-2021-4420 MEDIUM
Sell Media <= 2.5.5 - Cross-Site Request Forgery via sell_media_process() Function
CVSS 4.3
CVE-2021-4419 MEDIUM
WP-Backgrounds Lite <= 2.3 - Cross-Site Request Forgery via ino_save_data() Function
CVSS 4.3
CVE-2021-4417 MEDIUM
Forminator < 1.13.5 - Cross-Site Request Forgery via Export Schedule Function
CVSS 5.4
CVE-2021-4416 MEDIUM
wp-mpdf <= 3.5.1 - Cross-Site Request Forgery via mpdf_admin_savepost() Function
CVSS 4.3
CVE-2021-4415 MEDIUM
Sunshine Photo Cart <= 2.8.28 - Cross-Site Request Forgery via sunshine_products_quicksave_post()
CVSS 4.3
CVE-2021-4414 MEDIUM
Abandoned Cart Lite for WooCommerce <= 5.8.5 - Cross-Site Request Forgery via wcal_preview_emails() Function
CVSS 4.3
CVE-2021-4413 MEDIUM
Process Steps Template Designer <= 1.2.1 - Cross-Site Request Forgery via Missing Nonce Validation
CVSS 4.3
Details
Vulnerabilities 9,371
Exploit Likelihood Medium