CWE-352
Medium likelihoodCross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
9,371 vulnerabilities with CWE-352
CVE-2021-4412
MEDIUM
WP Prayer <= 1.6.5 - Cross-Site Request Forgery via Missing Nonce Validation
CVSS 4.3
CVE-2021-4411
MEDIUM
WP EasyPay - Square for WordPress <= 3.2.0 - Cross-Site Request Forgery via wpep_download_transaction_in_excel()
CVSS 4.3
CVE-2021-4410
MEDIUM
Qtranslate Slug <= 1.1.18 - Cross-Site Request Forgery via save_postdata() Function
CVSS 4.3
CVE-2021-4409
MEDIUM
WooCommerce Etsy Integration <= 3.3.1 - Cross-Site Request Forgery via etcpf_delete_feed()
CVSS 4.3
CVE-2021-4408
MEDIUM
DW Question & Answer <= 1.5.8 - Cross-Site Request Forgery via update_answer() Function
CVSS 4.3
CVE-2021-4407
MEDIUM
Custom Banners <= 3.2.2 - Cross-Site Request Forgery via saveCustomFields() Function
CVSS 4.3
CVE-2021-4405
MEDIUM
ElasticPress <= 3.5.3 - Cross-Site Request Forgery via epio_send_autosuggest_allowed()
CVSS 4.3
CVE-2021-4404
MEDIUM
Event Espresso 4 Decaf <= 4.10.11 - Cross-Site Request Forgery via ajaxHandler() Function
CVSS 4.3
CVE-2021-4403
MEDIUM
Remove Schema < 1.5 - Cross-Site Request Forgery via Missing Nonce Validation
CVSS 4.3
CVE-2021-4402
MEDIUM
Multiple Roles <= 1.3.1 - Cross-Site Request Forgery via mu_add_roles_in_signup_meta
CVSS 4.3
CVE-2021-4401
HIGH
Style Kits < 1.8.0 - Cross-Site Request Forgery via update_posts_stylekit() Function
CVSS 8.8
CVE-2021-4400
MEDIUM
Better Search < 2.5.2 - Cross-Site Request Forgery via Settings Import/Export
CVSS 4.3
CVE-2021-4399
MEDIUM
Edwiser Bridge <= 2.0.6 - Cross-Site Request Forgery via Missing Nonce Validation
CVSS 4.3
CVE-2021-4398
MEDIUM
Amministrazione Trasparente <= 7.1 - Cross-Site Request Forgery via at_save_aturl_meta() Function
CVSS 4.3
CVE-2021-4397
MEDIUM
Staff Directory Plugin < 3.6 - Cross-Site Request Forgery via saveCustomFields()
CVSS 4.3
CVE-2021-4396
MEDIUM
Rucy <= 0.4.4 - Cross-Site Request Forgery via save_rc_post_meta() Function
CVSS 4.3
CVE-2021-4395
MEDIUM
Abandoned Cart Recovery for WooCommerce <= 1.0.4 - Cross-Site Request Forgery
CVSS 4.3
CVE-2021-4394
MEDIUM
Locations < 3.2.1 - Cross-Site Request Forgery via saveCustomFields() Function
CVSS 4.3
CVE-2021-4393
MEDIUM
eCommerce Product Catalog Plugin for WordPress <= 3.0.17 - Cross-Site Request Forgery via save() Function
CVSS 4.3
CVE-2021-4392
MEDIUM
eCommerce Product Catalog Plugin for WordPress <= 2.9.43 - Cross-Site Request Forgery via implecode_save_products_meta()
CVSS 4.3
CVE-2021-4391
MEDIUM
Ultimate Gift Cards for WooCommerce <= 2.1.1 - Cross-Site Request Forgery via mwb_wgm_save_post()
CVSS 4.3
CVE-2021-4390
MEDIUM
Contact Form 7 Style <= 3.2 - Cross-Site Request Forgery via Quick Edit Template
CVSS 4.3
CVE-2021-4389
MEDIUM
WP Travel < 4.4.7 - Cross-Site Request Forgery via save_meta_data() Function
CVSS 4.3
CVE-2021-4387
MEDIUM
Opal Estate <= 1.6.11 - Cross-Site Request Forgery via Feature Property Functions
CVSS 4.3
CVE-2021-4386
MEDIUM
WP Security Question <= 1.0.5 - Cross-Site Request Forgery via save() Function
CVSS 4.3
Details
Vulnerabilities
9,371
Exploit Likelihood
Medium