CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,372 vulnerabilities with CWE-352
CVE-2021-24446 MEDIUM
Remove Footer Credit < 1.0.6 - Cross-Site Request Forgery and Stored Cross-Site Scripting
CVSS 5.4
CVE-2021-46366 HIGH
Magnolia CMS <6.2.3 - CSRF,Open Redirect
CVSS 8.8
CVE-2021-22954 HIGH
Concrete CMS < 9.0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2021-45326 HIGH
Gitea < 1.5.2 - Cross-Site Request Forgery via API Routes
CVSS 8.8
CVE-2021-25108 HIGH
IP2Location Country Blocker <2.26.6 - CSRF
CVSS 7.1
CVE-2021-25095 HIGH
IP2Location Country Blocker <2.26.5 - CSRF
CVSS 7.1
CVE-2021-24993 MEDIUM
The Ultimate Product Catalog WP <5.0.26 - CSRF
CVSS 6.5
CVE-2021-24947 MEDIUM
RVM WordPress <6.4.2 - Info Disclosure
CVSS 6.5
CVE-2021-24879 HIGH
SupportCandy WordPress <2.2.7 - CSRF
CVSS 8.8
CVE-2021-24843 MEDIUM
SupportCandy WordPress <2.2.7 - CSRF
CVSS 6.5
CVE-2021-32732 HIGH
XWiki <12.10.4,13.2RC0 - Info Disclosure
CVSS 7.5
CVE-2021-46398 HIGH
FileBrowser < 2.18.0 - Cross-Site Request Forgery via Malicious HTML Webpage
CVSS 8.8
CVE-2021-45268 HIGH
Backdrop CMS 1.20 - Cross-Site Request Forgery to Remote Code Execution via Malicious Add-on Upload
CVSS 8.8
CVE-2021-39044 HIGH
IBM Financial Transaction Manager 3.2.4 - Cross-Site Request Forgery
CVSS 8.8
CVE-2021-25097 MEDIUM
LabTools < 1.0 - Authenticated Cross-Site Request Forgery in Publication Deletion
CVSS 6.5
CVE-2021-25092 MEDIUM
Link Library < 7.2.8 - Cross-Site Request Forgery via Settings Reset
CVSS 6.5
CVE-2021-25072 MEDIUM
NextScripts: Social Networks Auto-Poster <4.3.25 - CSRF
CVSS 6.5
CVE-2021-24763 HIGH
Perfect Survey WordPress <1.5.2 - CSRF & XSS
CVSS 8.8
CVE-2021-24761 MEDIUM
Error Log Viewer <1.1.2 - Path Traversal
CVSS 6.5
CVE-2021-22725 HIGH
Schneider Electric EVlink Firmware < 3.4.0.2 - Cross-Site Request Forgery via POST Requests
CVSS 8.8
CVE-2021-22724 HIGH
Schneider Electric EVlink Firmware < 3.4.0.2 - Cross-Site Request Forgery via POST Requests
CVSS 8.8
CVE-2021-44122 HIGH
SPIP 4.0.0 - Cross-Site Request Forgery in ecrire/public/aiguiller.php
CVSS 8.8
CVE-2021-25073 HIGH
WP125 < 1.5.5 - Cross-Site Request Forgery in Ad Deletion Action
CVSS 8.8
CVE-2021-25013 MEDIUM
Qubely < 1.7.8 - Authenticated Arbitrary Post Deletion via qubely_delete_saved_block AJAX Action
CVSS 6.5
CVE-2021-24989 MEDIUM
WordPress PayPal Plugin <1.3.4 - CSRF
CVSS 6.5
Details
Vulnerabilities 9,372
Exploit Likelihood Medium