CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,381 vulnerabilities with CWE-352
CVE-2018-5656 HIGH
weblizar-pinterest-feeds <1.1.1 - CSRF
CVSS 8.8
CVE-2018-5368 HIGH
WordPress SrbTransLatin <1.46 - CSRF
CVSS 8.8
CVE-2018-5361 HIGH
WPGlobus < 1.9.7 - Cross-Site Request Forgery via wp-admin/options.php
CVSS 8.8
CVE-2018-0785 MEDIUM
ASP.NET Core 1.0, 1.1, 2.0 - Cross-Site Request Forgery
CVSS 6.5
CVE-2018-5301 MEDIUM
Magento < 2.0.10 and 2.1.x < 2.1.2 - Cross-Site Request Forgery
CVSS 6.5
CVE-2018-5285 HIGH
ImageInject plugin 1.15 for WordPress - CSRF
CVSS 8.8
CVE-2018-5073 MEDIUM
advanced_real_estate_script - Cross-Site Request Forgery via admin/movieedit.php
CVSS 6.8
CVE-2017-20221 MEDIUM
Telesquare SKT LTE Router SDT-CS3B1 CSRF System Command Execution
CVSS 4.3
CVE-2017-20120 MEDIUM
TrueConf Server 4.3.7 - Cross-Site Request Forgery in Admin Service Stop Endpoint
CVSS 4.3
CVE-2017-20093 MEDIUM
Download Manager Plugin 2.8.99 - CSRF
CVSS 4.3
CVE-2017-20091 MEDIUM
File Manager Plugin 3.0.1 - Cross-Site Request Forgery
CVSS 4.3
CVE-2017-20090 MEDIUM
Global Content Blocks Plugin <2.1.5 - CSRF
CVSS 4.3
CVE-2017-20088 MEDIUM
Atahualpa Theme < 3.7.24 - Cross-Site Request Forgery
CVSS 4.3
CVE-2017-20065 MEDIUM
Supsystic Popup Plugin <1.7.6 - CSRF
CVSS 4.3
CVE-2017-20062 MEDIUM
Elefant CMS < 1.3.13 - Cross-Site Request Forgery
CVSS 5.0
CVE-2017-20053 MEDIUM
XYZScripts Contact Form Manager Plugin - CSRF
CVSS 4.3
CVE-2017-20045 HIGH
Navetti PricePoint 4.6.0.0 - Cross-Site Request Forgery
CVSS 7.3
CVE-2017-20020 MEDIUM
Solar-Log Firmware - Cross-Site Request Forgery
CVSS 5.3
CVE-2017-18903 HIGH
Mattermost Server <4.0.0-3.9.2 - CSRF
CVSS 8.8
CVE-2017-18861 HIGH
NETGEAR ReadyNAS Surveillance < 1.4.3-15 and < 1.1.4-5 - Cross-Site Request Forgery
CVSS 8.0
CVE-2017-18703 HIGH
NETGEAR Multiple Routers and Extenders - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-18708 HIGH
NETGEAR R8300 and R8500 Firmware < 1.0.2.94 - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-18749 HIGH
NETGEAR Multiple Routers - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-18742 HIGH
NETGEAR JR6150/R6050/R6250/R6300/R6700/R6900/R7300DST/R7900/R8000/R8500 Firmware - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-18755 HIGH
NETGEAR Multiple Routers - Cross-Site Request Forgery
CVSS 8.8
Details
Vulnerabilities 9,381
Exploit Likelihood Medium