CWE-352
Medium likelihoodCross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
9,374 vulnerabilities with CWE-352
CVE-2021-41764
HIGH
streama <= 1.10.3 - Cross-Site Request Forgery via File Upload
CVSS 8.8
CVE-2021-34636
HIGH
Countdown and CountUp, WooCommerce Sales Timers < 1.5.7 - Cross-Site Request Forgery via save_theme Function
CVSS 8.8
CVE-2021-36877
MEDIUM
uListing <= 2.0.5 - Cross-Site Request Forgery to Modify User Roles
CVSS 4.3
CVE-2021-36876
MEDIUM
uListing <= 2.0.5 - Multiple Cross-Site Request Forgery Vulnerabilities
CVSS 5.4
CVE-2021-36878
MEDIUM
uListing <= 2.0.5 - Cross-Site Request Forgery in Settings Update
CVSS 4.3
CVE-2021-40108
HIGH
Concrete CMS < 8.5.6 - Cross-Site Request Forgery via Calendar Event Save Endpoint
CVSS 8.8
CVE-2021-3819
HIGH
firefly-iii < 5.6.1 - Cross-Site Request Forgery
CVSS 8.8
CVE-2021-31604
MEDIUM
openvpn-monitor < 1.1.3 - Cross-Site Request Forgery
CVSS 6.5
CVE-2021-29816
MEDIUM
IBM Jazz for Service Management 1.1.3.10 - Cross-Site Request Forgery
CVSS 6.5
CVE-2021-22953
MEDIUM
Concrete CMS < 8.5.5 - Cross-Site Request Forgery via Topic Cloning
CVSS 5.4
CVE-2021-22950
MEDIUM
Concrete CMS < 8.5.6 - Cross-Site Request Forgery via Comment Attachment Deletion
CVSS 6.5
CVE-2021-22949
MEDIUM
Concrete CMS < 8.5.5 - Cross-Site Request Forgery
CVSS 5.4
CVE-2021-41083
HIGH
Dada Mail < 11.16.0 - Cross-Site Request Forgery
CVSS 8.0
CVE-2021-24639
HIGH
OMGF WordPress Plugin < 4.5.4 - Authenticated Path Traversal and Arbitrary File Deletion via omgf_ajax_empty_dir
CVSS 8.1
CVE-2021-24636
HIGH
Print My Blog WordPress Plugin < 3.4.2 - Cross-Site Request Forgery via Missing Nonce Check
CVSS 8.1
CVE-2021-24618
MEDIUM
Donate With QRCode < 1.4.5 - Stored Cross-Site Scripting via QRCode Image Setting
CVSS 5.4
CVE-2021-24584
MEDIUM
Timetable and Event Schedule < 2.4.2 - Cross-Site Request Forgery and Stored Cross-Site Scripting
CVSS 5.4
CVE-2021-24583
MEDIUM
Timetable and Event Schedule WordPress Plugin < 2.4.2 - Improper Access Control in Timeslot Deletion
CVSS 4.3
CVE-2021-40965
HIGH
TinyFileManager <= 2.4.6 - Cross-Site Request Forgery
CVSS 8.8
CVE-2021-39209
HIGH
GLPI < 9.5.6 - Cross-Site Request Forgery Protection Bypass
CVSS 8.8
CVE-2021-23026
HIGH
BIG-IP 13.1.0-13.1.4 - Cross-Site Request Forgery via iControl SOAP
CVSS 8.8
CVE-2021-23050
HIGH
BIG-IP Advanced WAF/ASM <16.0.1.2 & 15.1.3 - CSRF
CVSS 7.5
CVE-2021-37201
HIGH
SINEC NMS < 1.0 SP1 - Cross-Site Request Forgery
CVSS 8.8
CVE-2021-39124
MEDIUM
Atlassian Jira Server and Data Center < 8.16.0 - Cross-Site Request Forgery via Retry Feature
CVSS 4.3
CVE-2021-24725
MEDIUM
Comment Link Remove and Other Comment Tools < 2.1.6 - Cross-Site Request Forgery in Delete Comments Functionality
CVSS 4.3
Details
Vulnerabilities
9,374
Exploit Likelihood
Medium