CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,371 vulnerabilities with CWE-352
CVE-2021-4412 MEDIUM
WP Prayer <= 1.6.5 - Cross-Site Request Forgery via Missing Nonce Validation
CVSS 4.3
CVE-2021-4411 MEDIUM
WP EasyPay - Square for WordPress <= 3.2.0 - Cross-Site Request Forgery via wpep_download_transaction_in_excel()
CVSS 4.3
CVE-2021-4410 MEDIUM
Qtranslate Slug <= 1.1.18 - Cross-Site Request Forgery via save_postdata() Function
CVSS 4.3
CVE-2021-4409 MEDIUM
WooCommerce Etsy Integration <= 3.3.1 - Cross-Site Request Forgery via etcpf_delete_feed()
CVSS 4.3
CVE-2021-4408 MEDIUM
DW Question & Answer <= 1.5.8 - Cross-Site Request Forgery via update_answer() Function
CVSS 4.3
CVE-2021-4407 MEDIUM
Custom Banners <= 3.2.2 - Cross-Site Request Forgery via saveCustomFields() Function
CVSS 4.3
CVE-2021-4405 MEDIUM
ElasticPress <= 3.5.3 - Cross-Site Request Forgery via epio_send_autosuggest_allowed()
CVSS 4.3
CVE-2021-4404 MEDIUM
Event Espresso 4 Decaf <= 4.10.11 - Cross-Site Request Forgery via ajaxHandler() Function
CVSS 4.3
CVE-2021-4403 MEDIUM
Remove Schema < 1.5 - Cross-Site Request Forgery via Missing Nonce Validation
CVSS 4.3
CVE-2021-4402 MEDIUM
Multiple Roles <= 1.3.1 - Cross-Site Request Forgery via mu_add_roles_in_signup_meta
CVSS 4.3
CVE-2021-4401 HIGH
Style Kits < 1.8.0 - Cross-Site Request Forgery via update_posts_stylekit() Function
CVSS 8.8
CVE-2021-4400 MEDIUM
Better Search < 2.5.2 - Cross-Site Request Forgery via Settings Import/Export
CVSS 4.3
CVE-2021-4399 MEDIUM
Edwiser Bridge <= 2.0.6 - Cross-Site Request Forgery via Missing Nonce Validation
CVSS 4.3
CVE-2021-4398 MEDIUM
Amministrazione Trasparente <= 7.1 - Cross-Site Request Forgery via at_save_aturl_meta() Function
CVSS 4.3
CVE-2021-4397 MEDIUM
Staff Directory Plugin < 3.6 - Cross-Site Request Forgery via saveCustomFields()
CVSS 4.3
CVE-2021-4396 MEDIUM
Rucy <= 0.4.4 - Cross-Site Request Forgery via save_rc_post_meta() Function
CVSS 4.3
CVE-2021-4395 MEDIUM
Abandoned Cart Recovery for WooCommerce <= 1.0.4 - Cross-Site Request Forgery
CVSS 4.3
CVE-2021-4394 MEDIUM
Locations < 3.2.1 - Cross-Site Request Forgery via saveCustomFields() Function
CVSS 4.3
CVE-2021-4393 MEDIUM
eCommerce Product Catalog Plugin for WordPress <= 3.0.17 - Cross-Site Request Forgery via save() Function
CVSS 4.3
CVE-2021-4392 MEDIUM
eCommerce Product Catalog Plugin for WordPress <= 2.9.43 - Cross-Site Request Forgery via implecode_save_products_meta()
CVSS 4.3
CVE-2021-4391 MEDIUM
Ultimate Gift Cards for WooCommerce <= 2.1.1 - Cross-Site Request Forgery via mwb_wgm_save_post()
CVSS 4.3
CVE-2021-4390 MEDIUM
Contact Form 7 Style <= 3.2 - Cross-Site Request Forgery via Quick Edit Template
CVSS 4.3
CVE-2021-4389 MEDIUM
WP Travel < 4.4.7 - Cross-Site Request Forgery via save_meta_data() Function
CVSS 4.3
CVE-2021-4387 MEDIUM
Opal Estate <= 1.6.11 - Cross-Site Request Forgery via Feature Property Functions
CVSS 4.3
CVE-2021-4386 MEDIUM
WP Security Question <= 1.0.5 - Cross-Site Request Forgery via save() Function
CVSS 4.3
Details
Vulnerabilities 9,371
Exploit Likelihood Medium