CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,372 vulnerabilities with CWE-352
CVE-2021-43156 MEDIUM
ProjectWorlds Online Book Store PHP 1.0 - CSRF
CVSS 6.5
CVE-2021-24981 HIGH
Directorist < 7.0.6.2 - Cross-Site Request Forgery to Remote File Upload
CVSS 7.5
CVE-2021-43846 MEDIUM
Solidus_frontend <3.1.5-2.11.14 - CSRF
CVSS 5.3
CVE-2021-36887 MEDIUM
tarteaucitron.js < 1.5.4 - Cross-Site Request Forgery via tarteaucitronEmail and tarteaucitronPass Parameters
CVSS 6.1
CVE-2021-4131 HIGH
live_helper_chat < 2.0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2021-4130 HIGH
snipe-it < 5.3.6 - Cross-Site Request Forgery
CVSS 8.8
CVE-2021-26800 MEDIUM
phpgurukul user management system in php using stored procedure V1.0 - Cross-Site Request Forgery in Change-password.php
CVSS 6.5
CVE-2021-41260 HIGH
Galette < 0.9.6 - Cross-Site Request Forgery
CVSS 8.2
CVE-2021-4123 MEDIUM
livehelperchat < 2.0 - Cross-Site Request Forgery
CVSS 6.5
CVE-2021-45017 HIGH
catfish-cms < 6.3.0 - Cross-Site Request Forgery via Menu URL Parameter
CVSS 8.8
CVE-2021-44942 MEDIUM
glFusion CMS 1.7.9 - Cross-Site Request Forgery in Blacklist Plugin
CVSS 4.3
CVE-2021-24945 HIGH
LikeBtn WordPress <2.6.38 - Info Disclosure
CVSS 8.0
CVE-2021-24922 CRITICAL
Pixel Cat WordPress Plugin < 2.6.2 - Cross-Site Request Forgery and Stored Cross-Site Scripting
CVSS 9.0
CVE-2021-24836 MEDIUM
Temporary Login Without Password < 1.7.1 - Authenticated Missing Authorization in Settings Update
CVSS 4.3
CVE-2021-24818 MEDIUM
WP Limits < 1.0 - Cross-Site Request Forgery in Settings Save
CVSS 4.3
CVE-2021-24795 MEDIUM
Filter Portfolio Gallery <1.5 - CSRF
CVSS 6.5
CVE-2021-24790 MEDIUM
Contact Form Advanced Database <1.0.8 - CSRF
CVSS 4.3
CVE-2021-24784 MEDIUM
WP Admin Logo Changer < 1.0 - Cross-Site Request Forgery via Settings Update
CVSS 6.5
CVE-2021-24780 MEDIUM
Single Post Exporter < 1.1.1 - Cross-Site Request Forgery in Settings Save
CVSS 4.3
CVE-2021-4092 MEDIUM
Yetiforce CRM < 6.3.0 - Cross-Site Request Forgery
CVSS 4.3
CVE-2021-4082 MEDIUM
pimcore < 10.2.6 - Cross-Site Request Forgery
CVSS 4.3
CVE-2021-4033 MEDIUM
Kimai2 < 1.16.7 - Cross-Site Request Forgery
CVSS 6.5
CVE-2021-4049 MEDIUM
live_helper_chat < 2.0 - Cross-Site Request Forgery
CVSS 6.5
CVE-2021-31631 HIGH
b2evolution CMS 7.2.3 - Cross-Site Request Forgery via User Login Page
CVSS 8.8
CVE-2021-35242 HIGH
SolarWinds Serv-U < 15.2.5 - Cross-Site Request Forgery via Session Token
CVSS 8.3
Details
Vulnerabilities 9,372
Exploit Likelihood Medium