CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,374 vulnerabilities with CWE-352
CVE-2020-9322 HIGH
Statamic Core < 2.11.8 - Cross-Site Request Forgery and Stored Cross-Site Scripting via Username
CVSS 8.8
CVE-2020-10095 HIGH
Lexmark Devices - Cross-Site Request Forgery
CVSS 8.1
CVE-2020-28398 HIGH
RUGGEDCOM ROX -<V2.16.0 - Path Traversal
CVSS 8.8
CVE-2020-11919 HIGH
Siime Eye 14.1.00000001.3.330.0.0.3.14 - Cross-Site Request Forgery
CVSS 8.0
CVE-2020-36839 HIGH
WP Lead Plus X <0.99 - CSRF
CVSS 8.3
CVE-2020-36836 HIGH
WP Fastest Cache <0.9.0.2 - Privilege Escalation
CVSS 8.0
CVE-2020-36759 MEDIUM
Woody code snippets plugin <2.3.9 - CSRF
CVSS 4.3
CVE-2020-36758 MEDIUM
RSS Aggregator by Feedzy < 3.4.2 - Cross-Site Request Forgery via save_feedzy_post_type_meta()
CVSS 4.3
CVE-2020-36755 MEDIUM
Customizr <= 4.3.0 - Cross-Site Request Forgery via czr_fn_post_fields_save()
CVSS 4.3
CVE-2020-36754 MEDIUM
Paid Memberships Pro <= 2.4.2 - Cross-Site Request Forgery via pmpro_page_save()
CVSS 4.3
CVE-2020-36753 MEDIUM
Hueman <= 3.6.3 - Cross-Site Request Forgery via save_meta_box() Function
CVSS 4.3
CVE-2020-36751 MEDIUM
WordPress Coupon Creator <3.1 - CSRF
CVSS 4.3
CVE-2020-24922 HIGH
xxl-job 2.2.0 - Cross-Site Request Forgery in User Add Endpoint
CVSS 8.8
CVE-2020-23595 HIGH
yzmcms 5.6 - Cross-Site Request Forgery via sitemodel/add.html Endpoint
CVSS 8.8
CVE-2020-21881 MEDIUM
DuxCMS 2.1 - Cross-Site Request Forgery via article/admin/content/add
CVSS 6.5
CVE-2020-36761 MEDIUM
Top 10 < 2.10.4 - Cross-Site Request Forgery via tptn_export_tables()
CVSS 4.3
CVE-2020-36760 MEDIUM
Ocean Extra <= 1.6.5 - Cross-Site Request Forgery via add_core_extensions_bundle_validation()
CVSS 4.3
CVE-2020-36757 MEDIUM
WP Hotel Booking <= 1.10.1 - Cross-Site Request Forgery via admin_add_order_item()
CVSS 4.3
CVE-2020-36756 MEDIUM
10WebAnalytics <= 1.2.8 - Cross-Site Request Forgery via create_csv_file() Function
CVSS 4.3
CVE-2020-36752 MEDIUM
Coming Soon & Maintenance Mode Page <1.57 - CSRF
CVSS 4.3
CVE-2020-36750 MEDIUM
EWWW Image Optimizer <= 5.8.1 - Cross-Site Request Forgery via ewww_ngg_bulk_init() Function
CVSS 4.3
CVE-2020-36749 MEDIUM
Easy Testimonials <= 3.6.1 - Cross-Site Request Forgery via saveCustomFields() Function
CVSS 4.3
CVE-2020-36748 MEDIUM
Dokan < 3.0.9 - Cross-Site Request Forgery via Order Export Function
CVSS 4.3
CVE-2020-36747 MEDIUM
Lightweight Sidebar Manager <1.1.4 - CSRF
CVSS 4.3
CVE-2020-36746 MEDIUM
Menu Swapper plugin <1.1.0.2 - CSRF
CVSS 4.3
Details
Vulnerabilities 9,374
Exploit Likelihood Medium