CWE-352
Medium likelihoodCross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
9,371 vulnerabilities with CWE-352
CVE-2021-4385
MEDIUM
WP Private Content Plus <= 3.1 - Cross-Site Request Forgery via save_groups() Function
CVSS 4.3
CVE-2021-4384
MEDIUM
WordPress Photo Gallery - Image Gallery <= 1.0.6 - Cross-Site Request Forgery
CVSS 4.3
CVE-2021-4373
HIGH
Better Search <= 2.5.2 - Cross-Site Request Forgery via Settings Import
CVSS 8.8
CVE-2021-4349
HIGH
WordPress Process Steps Template Designer <1.2.1 - CSRF
CVSS 8.8
CVE-2021-4333
MEDIUM
WP Statistics < 13.1.1 - Cross-Site Request Forgery via Missing Nonce Validation
CVSS 6.5
CVE-2021-34167
HIGH
taoCMS 3.0.2 - Cross-Site Request Forgery via admin.php
CVSS 8.8
CVE-2021-33396
MEDIUM
baijiacms 4.1.4 - Cross-Site Request Forgery via index.php
CVSS 6.5
CVE-2021-37234
MEDIUM
Modern Honey Network < 2021-10-30 - Unauthenticated Sensitive Information Exposure via Web API PUT Request
CVSS 6.5
CVE-2021-36570
HIGH
FUEL-CMS 1.4.13 - Cross-Site Request Forgery via Permissions Delete Endpoint
CVSS 8.8
CVE-2021-36569
HIGH
FUEL-CMS 1.4.13 - Cross-Site Request Forgery via User Deletion Endpoint
CVSS 8.8
CVE-2021-36444
HIGH
imcat 5.4 - Cross-Site Request Forgery via Add Administrator Page
CVSS 8.8
CVE-2021-36443
HIGH
imcat 5.4 - Cross-Site Request Forgery via Lack of Token Verification
CVSS 8.8
CVE-2021-21395
MEDIUM
OpenMage Magento < 19.4.22 - Cross-Site Request Forgery in Password Reset Form
CVSS 4.2
CVE-2021-4275
MEDIUM
pyambic-pentameter - Cross-Site Request Forgery
CVSS 4.3
CVE-2021-4268
MEDIUM
phpRedisAdmin < 1.18.0 - Cross-Site Request Forgery
CVSS 4.3
CVE-2021-29334
HIGH
Jizhicms - Cross-Site Request Forgery
CVSS 8.8
CVE-2021-36915
MEDIUM
Profile Builder WordPress plugin <= 3.6.0 - Cross-Site Request Forgery via JSON File Upload
CVSS 4.2
CVE-2021-36855
MEDIUM
Booking Ultra Pro <= 1.1.4 - Cross-Site Scripting via Cross-Site Request Forgery
CVSS 6.1
CVE-2021-36854
MEDIUM
Booking Ultra Pro <= 1.1.4 - Cross-Site Request Forgery
CVSS 5.4
CVE-2021-24890
HIGH
Scripts Organizer < 3.0 - Unauthenticated Arbitrary PHP File Write via saveScript AJAX Action
CVSS 8.8
CVE-2021-29823
MEDIUM
IBM Cognos Analytics 11.1.7, 11.2.0, 11.2.1 - Cross-Site Request Forgery
CVSS 6.5
CVE-2021-20468
MEDIUM
IBM Cognos Analytics <11.2.1 - CSRF
CVSS 6.5
CVE-2021-39394
MEDIUM
mm-wiki v0.2.1 - Cross-Site Request Forgery
CVSS 6.5
CVE-2021-36852
MEDIUM
ThimPress WP Hotel Booking <= 1.10.5 - Cross-Site Request Forgery
CVSS 4.3
CVE-2021-24912
MEDIUM
Transposh WordPress Translation <1.0.8 - XSS
CVSS 5.4
Details
Vulnerabilities
9,371
Exploit Likelihood
Medium