CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,372 vulnerabilities with CWE-352
CVE-2021-44312 HIGH
Firmware Analysis and Comparison Tool - Cross-Site Request Forgery
CVSS 8.8
CVE-2021-24978 MEDIUM
OSMapper WordPress <2.1.5 - Info Disclosure
CVSS 5.3
CVE-2021-46426 MEDIUM
phpipam 1.4.4 - Cross-Site Request Forgery and Reflected Cross-Site Scripting via Subnets Functionality
CVSS 6.1
CVE-2021-43737 MEDIUM
xiaohuanxiong_cms 5.0.17 - Cross-Site Request Forgery
CVSS 6.5
CVE-2021-43738 HIGH
xiaohuanxiong_cms 5.0.17 - Cross-Site Request Forgery
CVSS 8.8
CVE-2021-40662 HIGH
Chamilo LMS 1.11.14 - Cross-Site Request Forgery leading to Remote Code Execution
CVSS 8.8
CVE-2021-24905 HIGH
Advanced Contact form 7 DB <1.8.7 - CSRF
CVSS 8.0
CVE-2021-45886 HIGH
PONTON X/P Messenger <3.11.2 - CSRF
CVSS 8.8
CVE-2021-25098 MEDIUM
Pricing Tables WordPress Plugin < 3.1.3 - Cross-Site Request Forgery via Post Removal
CVSS 6.5
CVE-2021-44321 MEDIUM
Mini-Inventory-and-Sales-Management-System - Cross-Site Request Forgery
CVSS 5.0
CVE-2021-25081 MEDIUM
WP Google Map < 1.8.4 - Cross-Site Request Forgery via AJAX Actions
CVSS 6.5
CVE-2021-25011 MEDIUM
WP Google Map < 1.8.1 - Authenticated Missing Authorization and CSRF in AJAX Actions
CVSS 5.7
CVE-2021-25010 CRITICAL
Post Snippets WP <3.1.4 - CSRF & XSS
CVSS 9.6
CVE-2021-24913 MEDIUM
Logo Showcase with Slick Slider WordPress plugin <2.0.1 - CSRF
CVSS 4.3
CVE-2021-24823 HIGH
Support Board < 3.3.6 - Cross-Site Request Forgery via include/ajax.php
CVSS 8.1
CVE-2021-24803 HIGH
Core Tweaks WP Setup < 4.1 - Cross-Site Request Forgery
CVSS 8.8
CVE-2021-24730 MEDIUM
Logo Showcase with Slick Slider WordPress plugin <1.2.5 - CSRF
CVSS 4.3
CVE-2021-24704 HIGH
Orange Form WordPress <1.0 - SQL Injection
CVSS 8.8
CVE-2021-24688 MEDIUM
Orange Form WordPress <1.0.1 - CSRF
CVSS 4.3
CVE-2021-4030 HIGH
Zyxel ARMOR Z1/Z2 Firmware - Cross-Site Request Forgery
CVSS 8.0
CVE-2021-45007 MEDIUM
Plesk 18.0.37 - Cross-Site Request Forgery
CVSS 6.5
CVE-2021-46252 MEDIUM
Scratch Wiki scratch-confirmaccount-v3 - CSRF
CVSS 6.5
CVE-2021-43941 MEDIUM
Atlassian Jira Server/Data Center <8.13.15 & <8.14.0-8.20.3 - CSRF
CVSS 6.5
CVE-2021-43953 MEDIUM
Atlassian Jira Server/Data Center <8.13.16 & 8.14.0-8.20.5 - CSRF
CVSS 4.3
CVE-2021-43952 MEDIUM
Atlassian Jira Server/Data Center <8.21.0 - CSRF
CVSS 4.3
Details
Vulnerabilities 9,372
Exploit Likelihood Medium