CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,384 vulnerabilities with CWE-352
CVE-2016-10902 HIGH
wp_customer_reviews < 3.0.9 - Cross-Site Request Forgery in Admin Tools
CVSS 8.8
CVE-2016-10915 HIGH
popup-by-supsystic < 1.7.9 - Cross-Site Request Forgery
CVSS 8.8
CVE-2016-10914 HIGH
add-from-server < 3.3.2 - Cross-Site Request Forgery via File Import
CVSS 8.8
CVE-2016-10885 HIGH
wp-editor < 1.2.6 - Cross-Site Request Forgery
CVSS 8.8
CVE-2016-10884 HIGH
simple-membership < 3.3.3 - Cross-Site Request Forgery
CVSS 8.8
CVE-2016-10883 MEDIUM
simple-add-pages-or-posts < 1.7 - Cross-Site Request Forgery for User Deletion
CVSS 6.5
CVE-2016-10882 HIGH
google-doc-embedder < 2.6.2 - Cross-Site Request Forgery
CVSS 8.8
CVE-2016-10876 HIGH
wp_database_backup < 4.3.1 - Cross-Site Request Forgery
CVSS 8.8
CVE-2016-10874 HIGH
wp-database-backup < 4.3.3 - Cross-Site Request Forgery
CVSS 8.8
CVE-2016-10865 MEDIUM
Lightbox Plus Colorbox < 2.7.2 - Cross-Site Request Forgery via Admin Page
CVSS 6.1
CVE-2016-10863 HIGH
Edimax Wi-Fi Extender - Cross-Site Request Forgery via goform/formwlencryptvxd
CVSS 8.8
CVE-2016-10862 HIGH
Neet AirStream NAS1.1 - Unauthenticated Root Account Access via Hardcoded Password
CVSS 8.8
CVE-2016-10861 MEDIUM
Neet AirStream NAS1.1 - Cross-Site Request Forgery via Settings Binary
CVSS 6.5
CVE-2016-10766 HIGH
edx-platform < 2016-06-06 - Cross-Site Request Forgery
CVSS 8.8
CVE-2016-10757 HIGH
Readaxo - Cross-Site Request Forgery
CVSS 8.8
CVE-2016-10756 HIGH
Kliqqi Cms - Cross-Site Request Forgery
CVSS 8.8
CVE-2016-10738 HIGH
Zenbership v107 - Cross-Site Request Forgery via Event Add Function
CVSS 8.8
CVE-2016-7067 MEDIUM
Monit < 5.20.0 - Cross-Site Request Forgery
CVSS 6.5
CVE-2016-6578 HIGH
CodeLathe FileCloud <13.0.0.32841 - CSRF
CVSS 8.8
CVE-2016-6557 HIGH
ASUS RP-AC52 <1.0.1.1s - Auth Bypass
CVSS 8.8
CVE-2016-10522 HIGH
rails_admin < 1.1.1 - Cross-Site Request Forgery
CVSS 8.8
CVE-2016-10529 HIGH
Droppy < 3.5.0 - Cross-Site Request Forgery via WebSocket Requests
CVSS 8.8
CVE-2016-0272 HIGH
IBM Financial Transaction Manager 2.1.1.2 and 3.0.0.x < fp0013 - Cross-Site Request Forgery
CVSS 8.0
CVE-2016-0295 HIGH
IBM BigFix Platform 9.0-9.5 < 9.5.2 - Cross-Site Request Forgery
CVSS 8.8
CVE-2016-0348 HIGH
IBM TRIRIGA Application Platform <3.4 - CSRF
CVSS 8.0
Details
Vulnerabilities 9,384
Exploit Likelihood Medium