CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,371 vulnerabilities with CWE-352
CVE-2021-4385 MEDIUM
WP Private Content Plus <= 3.1 - Cross-Site Request Forgery via save_groups() Function
CVSS 4.3
CVE-2021-4384 MEDIUM
WordPress Photo Gallery - Image Gallery <= 1.0.6 - Cross-Site Request Forgery
CVSS 4.3
CVE-2021-4373 HIGH
Better Search <= 2.5.2 - Cross-Site Request Forgery via Settings Import
CVSS 8.8
CVE-2021-4349 HIGH
WordPress Process Steps Template Designer <1.2.1 - CSRF
CVSS 8.8
CVE-2021-4333 MEDIUM
WP Statistics < 13.1.1 - Cross-Site Request Forgery via Missing Nonce Validation
CVSS 6.5
CVE-2021-34167 HIGH
taoCMS 3.0.2 - Cross-Site Request Forgery via admin.php
CVSS 8.8
CVE-2021-33396 MEDIUM
baijiacms 4.1.4 - Cross-Site Request Forgery via index.php
CVSS 6.5
CVE-2021-37234 MEDIUM
Modern Honey Network < 2021-10-30 - Unauthenticated Sensitive Information Exposure via Web API PUT Request
CVSS 6.5
CVE-2021-36570 HIGH
FUEL-CMS 1.4.13 - Cross-Site Request Forgery via Permissions Delete Endpoint
CVSS 8.8
CVE-2021-36569 HIGH
FUEL-CMS 1.4.13 - Cross-Site Request Forgery via User Deletion Endpoint
CVSS 8.8
CVE-2021-36444 HIGH
imcat 5.4 - Cross-Site Request Forgery via Add Administrator Page
CVSS 8.8
CVE-2021-36443 HIGH
imcat 5.4 - Cross-Site Request Forgery via Lack of Token Verification
CVSS 8.8
CVE-2021-21395 MEDIUM
OpenMage Magento < 19.4.22 - Cross-Site Request Forgery in Password Reset Form
CVSS 4.2
CVE-2021-4275 MEDIUM
pyambic-pentameter - Cross-Site Request Forgery
CVSS 4.3
CVE-2021-4268 MEDIUM
phpRedisAdmin < 1.18.0 - Cross-Site Request Forgery
CVSS 4.3
CVE-2021-29334 HIGH
Jizhicms - Cross-Site Request Forgery
CVSS 8.8
CVE-2021-36915 MEDIUM
Profile Builder WordPress plugin <= 3.6.0 - Cross-Site Request Forgery via JSON File Upload
CVSS 4.2
CVE-2021-36855 MEDIUM
Booking Ultra Pro <= 1.1.4 - Cross-Site Scripting via Cross-Site Request Forgery
CVSS 6.1
CVE-2021-36854 MEDIUM
Booking Ultra Pro <= 1.1.4 - Cross-Site Request Forgery
CVSS 5.4
CVE-2021-24890 HIGH
Scripts Organizer < 3.0 - Unauthenticated Arbitrary PHP File Write via saveScript AJAX Action
CVSS 8.8
CVE-2021-29823 MEDIUM
IBM Cognos Analytics 11.1.7, 11.2.0, 11.2.1 - Cross-Site Request Forgery
CVSS 6.5
CVE-2021-20468 MEDIUM
IBM Cognos Analytics <11.2.1 - CSRF
CVSS 6.5
CVE-2021-39394 MEDIUM
mm-wiki v0.2.1 - Cross-Site Request Forgery
CVSS 6.5
CVE-2021-36852 MEDIUM
ThimPress WP Hotel Booking <= 1.10.5 - Cross-Site Request Forgery
CVSS 4.3
CVE-2021-24912 MEDIUM
Transposh WordPress Translation <1.0.8 - XSS
CVSS 5.4
Details
Vulnerabilities 9,371
Exploit Likelihood Medium