CWE-352
Medium likelihoodCross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
9,374 vulnerabilities with CWE-352
CVE-2020-36745
MEDIUM
WP Project Manager <= 2.4.0 - Cross-Site Request Forgery via do_updates() Function
CVSS 4.3
CVE-2020-36744
MEDIUM
NotificationX <= 1.8.2 - Cross-Site Request Forgery via generate_conversions() Function
CVSS 4.3
CVE-2020-36743
MEDIUM
WordPress Product Catalog Simple <1.5.13 - CSRF
CVSS 4.3
CVE-2020-36742
MEDIUM
WordPress Custom Field Template <2.5.1 - CSRF
CVSS 4.3
CVE-2020-36741
MEDIUM
MultiVendorX <= 3.5.7 - Cross-Site Request Forgery via submit_comment() Function
CVSS 4.3
CVE-2020-36740
MEDIUM
Radio Buttons for Taxonomies <2.0.5 - CSRF
CVSS 4.3
CVE-2020-36739
MEDIUM
Feed Them Social - WordPress <2.8.6 - CSRF
CVSS 4.3
CVE-2020-36738
MEDIUM
Cool Timeline < 2.0.3 - Cross-Site Request Forgery via ctl_save() Function
CVSS 4.3
CVE-2020-36737
MEDIUM
WordPress Import / Export Customizer Settings <1.0.3 - CSRF
CVSS 4.3
CVE-2020-36736
MEDIUM
WooCommerce Checkout & Funnel Builder <1.5.15 - CSRF
CVSS 4.3
CVE-2020-36735
MEDIUM
WP ERP < 1.6.3 - Cross-Site Request Forgery via Missing Nonce Validation
CVSS 4.3
CVE-2020-18409
MEDIUM
CatfishCMS 4.8.63 - Cross-Site Request Forgery via Admin Manage Endpoint
CVSS 6.8
CVE-2020-18416
MEDIUM
jymusic 2.0.0 - Cross-Site Request Forgery via Admin Config Endpoint
CVSS 6.8
CVE-2020-18418
HIGH
FeiFeiCMS v4.1.190209 - Cross-Site Request Forgery via Admin Account Creation
CVSS 8.8
CVE-2020-21366
HIGH
GreenCMS 2.3 - Cross-Site Request Forgery via adduser Function
CVSS 8.0
CVE-2020-21252
HIGH
HongCMS 3.0.0 - Cross-Site Request Forgery via Updateusers Parameter
CVSS 8.8
CVE-2020-20726
HIGH
Gila CMS 1.11.4 - Cross-Site Request Forgery via cm/update_rows/user Parameter
CVSS 8.8
CVE-2020-20502
MEDIUM
yzmcms 2.0 - Cross-Site Request Forgery via Token Check Function
CVSS 6.5
CVE-2020-36717
HIGH
Kali Forms < 2.1.1 - Cross-Site Request Forgery via Incorrect Nonce Handling
CVSS 8.8
CVE-2020-36707
HIGH
Coming Soon & Maintenance Mode Page <1.57 - CSRF
CVSS 8.8
CVE-2020-23363
HIGH
Verytops Verydows - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-36065
HIGH
FlyCms 1.0 - Cross-Site Request Forgery via Admin Account Creation
CVSS 8.8
CVE-2020-22334
MEDIUM
beescms v4 - Cross-Site Request Forgery via Admin Account Deletion
CVSS 6.5
CVE-2020-18131
HIGH
Bluethrust Clan Scripts v4 - CSRF
CVSS 8.8
CVE-2020-19803
HIGH
DoyoCMS 2.3 - Cross-Site Request Forgery via Background System Settings
CVSS 8.8
Details
Vulnerabilities
9,374
Exploit Likelihood
Medium