CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,374 vulnerabilities with CWE-352
CVE-2021-33338 HIGH
Liferay Portal/DXP <7.3.2-7.2 - CSRF
CVSS 7.5
CVE-2021-36543 MEDIUM
SeedDMS 5.1.0-5.1.22 and 6.0.0-6.0.15 - Cross-Site Request Forgery in Document Unlock
CVSS 4.3
CVE-2021-36542 MEDIUM
SeedDMS 5.1.0-5.1.22 and 6.0.0-6.0.15 - Cross-Site Request Forgery in Document Locking
CVSS 4.3
CVE-2021-35343 MEDIUM
SeedDMS 5.1.0-5.1.22 and 6.0.0-6.0.15 - Cross-Site Request Forgery via /op/op.Ajax.php
CVSS 4.3
CVE-2021-34637 HIGH
Post Index < 0.7.5 - Cross-Site Request Forgery via OptionsPage Function
CVSS 8.8
CVE-2021-34632 HIGH
SEO Backlinks < 4.0.1 - Cross-Site Request Forgery via loc_config Function
CVSS 8.8
CVE-2021-34628 HIGH
Admin Custom Login <= 3.2.7 - Cross-Site Request Forgery via loginbgSave Action
CVSS 8.8
CVE-2021-29757 HIGH
IBM QRadar User Behavior Analytics 4.1.1 - Cross-Site Request Forgery
CVSS 8.8
CVE-2021-24504 MEDIUM
Wplearnmanager WP Learn Manager < 1.1.2 - CSRF
CVSS 6.1
CVE-2021-24477 MEDIUM
Migrate Users < 1.0.1 - Stored Cross-Site Scripting and Cross-Site Request Forgery via Delimiter Option
CVSS 6.1
CVE-2021-20786 MEDIUM
GroupSession 2.2.0-5.0.9 and GroupSession byCloud/ZION 3.0.3-5.0.9 - Cross-Site Request Forgery
CVSS 4.3
CVE-2021-20783 HIGH
Optical BB unit E-WMTA2.3 - Cross-Site Request Forgery
CVSS 8.8
CVE-2021-32776 MEDIUM
Combodo iTop < 2.7.4 - Cross-Site Request Forgery via CSRF Token Reuse
CVSS 6.8
CVE-2021-21407 HIGH
Combodo iTop < 2.7.4 - Cross-Site Request Forgery Token Bypass via Portal
CVSS 8.0
CVE-2021-34619 HIGH
Stock Manager for WooCommerce <= 2.5.7 - Cross-Site Request Forgery to Arbitrary File Upload via Import-Export
CVSS 8.8
CVE-2021-32774 MEDIUM
miraheze/datadump < 2021-07-07 - Cross-Site Request Forgery
CVSS 6.1
CVE-2021-20782 HIGH
Software License Manager <4.4.6 - CSRF
CVSS 8.8
CVE-2021-20781 HIGH
WordPress Meta Data Filter & Taxonomies Filter < 1.2.8 and < 2.2.8 - Cross-Site Request Forgery
CVSS 8.8
CVE-2021-24434 MEDIUM
Glass WordPress Plugin <= 1.3.2 - Stored Cross-Site Scripting and Cross-Site Request Forgery via Settings
CVSS 6.1
CVE-2021-34620 HIGH
WP Fluent Forms < 3.6.67 - Cross-Site Request Forgery leading to Stored Cross-Site Scripting and Privilege Escalation
CVSS 8.8
CVE-2021-22224 HIGH
GitLab 13.12.0-13.12.5 - Cross-Site Request Forgery via GraphQL API
CVSS 7.1
CVE-2021-20780 HIGH
WPCS - WordPress Currency Switcher <1.1.6 - CSRF
CVSS 8.8
CVE-2021-20779 HIGH
WordPress Email Template Designer - WP HTML Mail <3.0.8 - CSRF
CVSS 8.8
CVE-2021-24388 MEDIUM
VikRentCar Car Rental Management System < 1.1.7 - Stored Cross-Site Scripting and Cross-Site Request Forgery
CVSS 5.4
CVE-2021-32730 MEDIUM
XWiki Platform <12.10.5, 13.0-13.1 - CSRF
CVSS 5.7
Details
Vulnerabilities 9,374
Exploit Likelihood Medium