CWE-352
Medium likelihoodCross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
9,372 vulnerabilities with CWE-352
CVE-2021-24968
MEDIUM
Ultimate FAQ < 2.1.2 - Authenticated Missing Authorization via AJAX Actions
CVSS 5.7
CVE-2021-24936
HIGH
WP Extra File Types < 0.5.1 - Cross-Site Request Forgery and Stored Cross-Site Scripting
CVSS 8.0
CVE-2021-24696
HIGH
Simple Download Monitor <3.9.9 - CSRF
CVSS 8.8
CVE-2021-46028
MEDIUM
mblog <= 3.5.0 - Cross-Site Request Forgery in Article Management
CVSS 4.3
CVE-2021-46027
MEDIUM
mysiteforme - Cross-Site Request Forgery in Blog Management
CVSS 6.5
CVE-2021-44777
MEDIUM
Email Tracker WordPress Plugin <= 5.2.6 - Cross-Site Request Forgery Leading to Email Entry Deletion
CVSS 5.4
CVE-2021-43353
HIGH
Crisp Live Chat WordPress <0.32 - CSRF
CVSS 8.8
CVE-2021-4164
HIGH
calibre-web < 0.6.15 - Cross-Site Request Forgery
CVSS 8.8
CVE-2021-25025
MEDIUM
EventCalendar < 1.1.51 - Missing Authorization and CSRF in add_calendar_event AJAX Action
CVSS 4.3
CVE-2021-23227
MEDIUM
Alexander Fuchs PHP Everywhere <= 2.0.2 - CSRF
CVSS 5.4
CVE-2021-41597
HIGH
SuiteCRM 7.10.0-7.10.35 - Cross-Site Request Forgery via UpgradeWizard
CVSS 8.8
CVE-2021-37198
HIGH
Siemens COMOS < 10.2, 10.3 < 10.3.3.3, 10.4 < 10.4.1 - Cross-Site Request Forgery in Web Component
CVSS 8.8
CVE-2021-25053
HIGH
WP Coder < 2.5.2 - Cross-Site Request Forgery Leading to Remote Code Execution via Arbitrary File Inclusion
CVSS 8.8
CVE-2021-25052
HIGH
Button Generator < 2.3.3 - Cross-Site Request Forgery Leading to Remote Code Execution via Arbitrary File Inclusion
CVSS 8.8
CVE-2021-25051
HIGH
Modal Window < 5.2.2 - Cross-Site Request Forgery Leading to Remote Code Execution via Arbitrary File Inclusion
CVSS 8.8
CVE-2021-25032
CRITICAL
PublishPress Capabilities <2.3.1 - CSRF
CVSS 9.8
CVE-2021-46147
HIGH
MediaWiki < 1.35.5, 1.36.x < 1.36.3, 1.37.x < 1.37.1 - Cross-Site Request Forgery
CVSS 8.8
CVE-2021-34086
HIGH
Ultimaker S3/S5/3 Firmware < 6.3/5.2.16 - Cross-Site Request Forgery
CVSS 8.8
CVE-2021-46080
MEDIUM
Vehicle Service Management System 1.0 - CSRF
CVSS 4.8
CVE-2021-20165
HIGH
Trendnet TEW-827DRU 2.08B01 - Cross-Site Request Forgery via Improper Token Validation
CVSS 8.8
CVE-2021-24988
MEDIUM
WP RSS Aggregator < 4.19.3 - Authenticated Stored Cross-Site Scripting via wprss_dismiss_addon_notice AJAX Action
CVSS 5.4
CVE-2021-4168
HIGH
showdoc < 2.9.15 - Cross-Site Request Forgery
CVSS 8.8
CVE-2021-4162
MEDIUM
archivy < 1.6.1 - Cross-Site Request Forgery
CVSS 4.3
CVE-2021-36886
MEDIUM
Contact Form 7 Database Addon - CFDB7 <= 1.2.5.9 - Cross-Site Request Forgery
CVSS 6.5
CVE-2021-43158
MEDIUM
ProjectWorlds Online Shopping System PHP 1.0 - CSRF
CVSS 4.3
Details
Vulnerabilities
9,372
Exploit Likelihood
Medium