CWE-352
Medium likelihoodCross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
9,372 vulnerabilities with CWE-352
CVE-2021-24446
MEDIUM
Remove Footer Credit < 1.0.6 - Cross-Site Request Forgery and Stored Cross-Site Scripting
CVSS 5.4
CVE-2021-46366
HIGH
Magnolia CMS <6.2.3 - CSRF,Open Redirect
CVSS 8.8
CVE-2021-22954
HIGH
Concrete CMS < 9.0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2021-45326
HIGH
Gitea < 1.5.2 - Cross-Site Request Forgery via API Routes
CVSS 8.8
CVE-2021-25108
HIGH
IP2Location Country Blocker <2.26.6 - CSRF
CVSS 7.1
CVE-2021-25095
HIGH
IP2Location Country Blocker <2.26.5 - CSRF
CVSS 7.1
CVE-2021-24993
MEDIUM
The Ultimate Product Catalog WP <5.0.26 - CSRF
CVSS 6.5
CVE-2021-24947
MEDIUM
RVM WordPress <6.4.2 - Info Disclosure
CVSS 6.5
CVE-2021-24879
HIGH
SupportCandy WordPress <2.2.7 - CSRF
CVSS 8.8
CVE-2021-24843
MEDIUM
SupportCandy WordPress <2.2.7 - CSRF
CVSS 6.5
CVE-2021-32732
HIGH
XWiki <12.10.4,13.2RC0 - Info Disclosure
CVSS 7.5
CVE-2021-46398
HIGH
FileBrowser < 2.18.0 - Cross-Site Request Forgery via Malicious HTML Webpage
CVSS 8.8
CVE-2021-45268
HIGH
Backdrop CMS 1.20 - Cross-Site Request Forgery to Remote Code Execution via Malicious Add-on Upload
CVSS 8.8
CVE-2021-39044
HIGH
IBM Financial Transaction Manager 3.2.4 - Cross-Site Request Forgery
CVSS 8.8
CVE-2021-25097
MEDIUM
LabTools < 1.0 - Authenticated Cross-Site Request Forgery in Publication Deletion
CVSS 6.5
CVE-2021-25092
MEDIUM
Link Library < 7.2.8 - Cross-Site Request Forgery via Settings Reset
CVSS 6.5
CVE-2021-25072
MEDIUM
NextScripts: Social Networks Auto-Poster <4.3.25 - CSRF
CVSS 6.5
CVE-2021-24763
HIGH
Perfect Survey WordPress <1.5.2 - CSRF & XSS
CVSS 8.8
CVE-2021-24761
MEDIUM
Error Log Viewer <1.1.2 - Path Traversal
CVSS 6.5
CVE-2021-22725
HIGH
Schneider Electric EVlink Firmware < 3.4.0.2 - Cross-Site Request Forgery via POST Requests
CVSS 8.8
CVE-2021-22724
HIGH
Schneider Electric EVlink Firmware < 3.4.0.2 - Cross-Site Request Forgery via POST Requests
CVSS 8.8
CVE-2021-44122
HIGH
SPIP 4.0.0 - Cross-Site Request Forgery in ecrire/public/aiguiller.php
CVSS 8.8
CVE-2021-25073
HIGH
WP125 < 1.5.5 - Cross-Site Request Forgery in Ad Deletion Action
CVSS 8.8
CVE-2021-25013
MEDIUM
Qubely < 1.7.8 - Authenticated Arbitrary Post Deletion via qubely_delete_saved_block AJAX Action
CVSS 6.5
CVE-2021-24989
MEDIUM
WordPress PayPal Plugin <1.3.4 - CSRF
CVSS 6.5
Details
Vulnerabilities
9,372
Exploit Likelihood
Medium