CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,374 vulnerabilities with CWE-352
CVE-2020-36745 MEDIUM
WP Project Manager <= 2.4.0 - Cross-Site Request Forgery via do_updates() Function
CVSS 4.3
CVE-2020-36744 MEDIUM
NotificationX <= 1.8.2 - Cross-Site Request Forgery via generate_conversions() Function
CVSS 4.3
CVE-2020-36743 MEDIUM
WordPress Product Catalog Simple <1.5.13 - CSRF
CVSS 4.3
CVE-2020-36742 MEDIUM
WordPress Custom Field Template <2.5.1 - CSRF
CVSS 4.3
CVE-2020-36741 MEDIUM
MultiVendorX <= 3.5.7 - Cross-Site Request Forgery via submit_comment() Function
CVSS 4.3
CVE-2020-36740 MEDIUM
Radio Buttons for Taxonomies <2.0.5 - CSRF
CVSS 4.3
CVE-2020-36739 MEDIUM
Feed Them Social - WordPress <2.8.6 - CSRF
CVSS 4.3
CVE-2020-36738 MEDIUM
Cool Timeline < 2.0.3 - Cross-Site Request Forgery via ctl_save() Function
CVSS 4.3
CVE-2020-36737 MEDIUM
WordPress Import / Export Customizer Settings <1.0.3 - CSRF
CVSS 4.3
CVE-2020-36736 MEDIUM
WooCommerce Checkout & Funnel Builder <1.5.15 - CSRF
CVSS 4.3
CVE-2020-36735 MEDIUM
WP ERP < 1.6.3 - Cross-Site Request Forgery via Missing Nonce Validation
CVSS 4.3
CVE-2020-18409 MEDIUM
CatfishCMS 4.8.63 - Cross-Site Request Forgery via Admin Manage Endpoint
CVSS 6.8
CVE-2020-18416 MEDIUM
jymusic 2.0.0 - Cross-Site Request Forgery via Admin Config Endpoint
CVSS 6.8
CVE-2020-18418 HIGH
FeiFeiCMS v4.1.190209 - Cross-Site Request Forgery via Admin Account Creation
CVSS 8.8
CVE-2020-21366 HIGH
GreenCMS 2.3 - Cross-Site Request Forgery via adduser Function
CVSS 8.0
CVE-2020-21252 HIGH
HongCMS 3.0.0 - Cross-Site Request Forgery via Updateusers Parameter
CVSS 8.8
CVE-2020-20726 HIGH
Gila CMS 1.11.4 - Cross-Site Request Forgery via cm/update_rows/user Parameter
CVSS 8.8
CVE-2020-20502 MEDIUM
yzmcms 2.0 - Cross-Site Request Forgery via Token Check Function
CVSS 6.5
CVE-2020-36717 HIGH
Kali Forms < 2.1.1 - Cross-Site Request Forgery via Incorrect Nonce Handling
CVSS 8.8
CVE-2020-36707 HIGH
Coming Soon & Maintenance Mode Page <1.57 - CSRF
CVSS 8.8
CVE-2020-23363 HIGH
Verytops Verydows - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-36065 HIGH
FlyCms 1.0 - Cross-Site Request Forgery via Admin Account Creation
CVSS 8.8
CVE-2020-22334 MEDIUM
beescms v4 - Cross-Site Request Forgery via Admin Account Deletion
CVSS 6.5
CVE-2020-18131 HIGH
Bluethrust Clan Scripts v4 - CSRF
CVSS 8.8
CVE-2020-19803 HIGH
DoyoCMS 2.3 - Cross-Site Request Forgery via Background System Settings
CVSS 8.8
Details
Vulnerabilities 9,374
Exploit Likelihood Medium