CWE-352
Medium likelihoodCross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
9,385 vulnerabilities with CWE-352
CVE-2015-10109
MEDIUM
Video Playlist and Gallery Plugin <1.137 - CSRF
CVSS 4.3
CVE-2015-10108
MEDIUM
meitar Inline Google Spreadsheet Viewer Plugin <0.9.6 - CSRF
CVSS 4.3
CVE-2015-10081
MEDIUM
arnoldle submitByMailPlugin <1.0b2.9 - CSRF
CVSS 4.3
CVE-2015-1785
MEDIUM
NextGEN Gallery < 2.0.77.3 - Unauthenticated Arbitrary File Upload and Cross-Site Request Forgery
CVSS 6.5
CVE-2015-20105
CRITICAL
ClickBank Affiliate Ads < 1.20 - Cross-Site Request Forgery and Stored Cross-Site Scripting
CVSS 9.6
CVE-2015-10001
MEDIUM
WP-Stats < 2.52 - Cross-Site Request Forgery and Stored Cross-Site Scripting
CVSS 4.3
CVE-2015-8536
HIGH
Lenovo Solution Center <3.3.002 - CSRF
CVSS 8.8
CVE-2015-1583
HIGH
ATutor 2.2 - Cross-Site Request Forgery
CVSS 8.8
CVE-2015-5686
HIGH
Puppet Enterprise Console 3.x - CSRF
CVSS 8.8
CVE-2015-5483
HIGH
Private Only plugin 3.5.1 for WordPress - CSRF
CVSS 8.8
CVE-2015-5595
MEDIUM
zenphoto < 1.4.9 - Cross-Site Request Forgery in admin.php
CVSS 6.5
CVE-2015-3140
HIGH
Synametrics SynaMan Syncrify SynTail - Cross-Site Request Forgery
CVSS 8.8
CVE-2015-9498
HIGH
wps_hide_login < 1.1 - Cross-Site Request Forgery in Option Value Saving
CVSS 8.8
CVE-2015-9497
HIGH
Ad Inserter < 1.5.3 - Cross-Site Request Forgery with Resultant Cross-Site Scripting via Options Page
CVSS 8.8
CVE-2015-9455
HIGH
buddypress-activity-plus < 1.6.2 - Cross-Site Request Forgery via bpfb_remove_temp_images Action
CVSS 8.1
CVE-2015-9447
MEDIUM
unite_gallery_lite < 1.5 - Cross-Site Request Forgery and SQL Injection via Gallery ID Parameter
CVSS 6.5
CVE-2015-9445
HIGH
unite_gallery_lite < 1.5 - Cross-Site Request Forgery and SQL Injection via unitegallery_ajax_action
CVSS 8.8
CVE-2015-9443
MEDIUM
WP Accurate Form Data 1.2 - Cross-Site Request Forgery with Resultant Cross-Site Scripting via Options Page
CVSS 6.5
CVE-2015-9442
MEDIUM
avenirsoft directdownload 1.0 - Cross-Site Request Forgery with Resultant Cross-Site Scripting via Admin Page
CVSS 6.5
CVE-2015-9441
MEDIUM
bookmarkify 2.9.2 - Cross-Site Request Forgery with Resultant Cross-Site Scripting via Options Page
CVSS 6.5
CVE-2015-9440
MEDIUM
monetize < 1.03 - Cross-Site Request Forgery with Resultant Cross-Site Scripting via Admin Zone Creation
CVSS 6.5
CVE-2015-9437
MEDIUM
dynamic-widgets < 1.5.11 - Cross-Site Request Forgery with Resultant Cross-Site Scripting via Page Limit Parameter
CVSS 6.5
CVE-2015-9434
MEDIUM
kiwi-logo-carousel < 1.7.2 - Cross-Site Request Forgery with Resultant Cross-Site Scripting via Settings Tab Parameter
CVSS 6.5
CVE-2015-9433
MEDIUM
wp-social-bookmarking-light < 1.7.10 - CSRF with Resultant XSS via Configuration Parameters
CVSS 6.5
CVE-2015-9432
MEDIUM
alpine-photo-tile-for-instagram < 1.2.7.6 - CSRF with Resultant XSS via Settings Tab
CVSS 6.5
Details
Vulnerabilities
9,385
Exploit Likelihood
Medium