CWE-352
Medium likelihoodCross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
9,374 vulnerabilities with CWE-352
CVE-2021-33338
HIGH
Liferay Portal/DXP <7.3.2-7.2 - CSRF
CVSS 7.5
CVE-2021-36543
MEDIUM
SeedDMS 5.1.0-5.1.22 and 6.0.0-6.0.15 - Cross-Site Request Forgery in Document Unlock
CVSS 4.3
CVE-2021-36542
MEDIUM
SeedDMS 5.1.0-5.1.22 and 6.0.0-6.0.15 - Cross-Site Request Forgery in Document Locking
CVSS 4.3
CVE-2021-35343
MEDIUM
SeedDMS 5.1.0-5.1.22 and 6.0.0-6.0.15 - Cross-Site Request Forgery via /op/op.Ajax.php
CVSS 4.3
CVE-2021-34637
HIGH
Post Index < 0.7.5 - Cross-Site Request Forgery via OptionsPage Function
CVSS 8.8
CVE-2021-34632
HIGH
SEO Backlinks < 4.0.1 - Cross-Site Request Forgery via loc_config Function
CVSS 8.8
CVE-2021-34628
HIGH
Admin Custom Login <= 3.2.7 - Cross-Site Request Forgery via loginbgSave Action
CVSS 8.8
CVE-2021-29757
HIGH
IBM QRadar User Behavior Analytics 4.1.1 - Cross-Site Request Forgery
CVSS 8.8
CVE-2021-24504
MEDIUM
Wplearnmanager WP Learn Manager < 1.1.2 - CSRF
CVSS 6.1
CVE-2021-24477
MEDIUM
Migrate Users < 1.0.1 - Stored Cross-Site Scripting and Cross-Site Request Forgery via Delimiter Option
CVSS 6.1
CVE-2021-20786
MEDIUM
GroupSession 2.2.0-5.0.9 and GroupSession byCloud/ZION 3.0.3-5.0.9 - Cross-Site Request Forgery
CVSS 4.3
CVE-2021-20783
HIGH
Optical BB unit E-WMTA2.3 - Cross-Site Request Forgery
CVSS 8.8
CVE-2021-32776
MEDIUM
Combodo iTop < 2.7.4 - Cross-Site Request Forgery via CSRF Token Reuse
CVSS 6.8
CVE-2021-21407
HIGH
Combodo iTop < 2.7.4 - Cross-Site Request Forgery Token Bypass via Portal
CVSS 8.0
CVE-2021-34619
HIGH
Stock Manager for WooCommerce <= 2.5.7 - Cross-Site Request Forgery to Arbitrary File Upload via Import-Export
CVSS 8.8
CVE-2021-32774
MEDIUM
miraheze/datadump < 2021-07-07 - Cross-Site Request Forgery
CVSS 6.1
CVE-2021-20782
HIGH
Software License Manager <4.4.6 - CSRF
CVSS 8.8
CVE-2021-20781
HIGH
WordPress Meta Data Filter & Taxonomies Filter < 1.2.8 and < 2.2.8 - Cross-Site Request Forgery
CVSS 8.8
CVE-2021-24434
MEDIUM
Glass WordPress Plugin <= 1.3.2 - Stored Cross-Site Scripting and Cross-Site Request Forgery via Settings
CVSS 6.1
CVE-2021-34620
HIGH
WP Fluent Forms < 3.6.67 - Cross-Site Request Forgery leading to Stored Cross-Site Scripting and Privilege Escalation
CVSS 8.8
CVE-2021-22224
HIGH
GitLab 13.12.0-13.12.5 - Cross-Site Request Forgery via GraphQL API
CVSS 7.1
CVE-2021-20780
HIGH
WPCS - WordPress Currency Switcher <1.1.6 - CSRF
CVSS 8.8
CVE-2021-20779
HIGH
WordPress Email Template Designer - WP HTML Mail <3.0.8 - CSRF
CVSS 8.8
CVE-2021-24388
MEDIUM
VikRentCar Car Rental Management System < 1.1.7 - Stored Cross-Site Scripting and Cross-Site Request Forgery
CVSS 5.4
CVE-2021-32730
MEDIUM
XWiki Platform <12.10.5, 13.0-13.1 - CSRF
CVSS 5.7
Details
Vulnerabilities
9,374
Exploit Likelihood
Medium