CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,385 vulnerabilities with CWE-352
CVE-2015-10109 MEDIUM
Video Playlist and Gallery Plugin <1.137 - CSRF
CVSS 4.3
CVE-2015-10108 MEDIUM
meitar Inline Google Spreadsheet Viewer Plugin <0.9.6 - CSRF
CVSS 4.3
CVE-2015-10081 MEDIUM
arnoldle submitByMailPlugin <1.0b2.9 - CSRF
CVSS 4.3
CVE-2015-1785 MEDIUM
NextGEN Gallery < 2.0.77.3 - Unauthenticated Arbitrary File Upload and Cross-Site Request Forgery
CVSS 6.5
CVE-2015-20105 CRITICAL
ClickBank Affiliate Ads < 1.20 - Cross-Site Request Forgery and Stored Cross-Site Scripting
CVSS 9.6
CVE-2015-10001 MEDIUM
WP-Stats < 2.52 - Cross-Site Request Forgery and Stored Cross-Site Scripting
CVSS 4.3
CVE-2015-8536 HIGH
Lenovo Solution Center <3.3.002 - CSRF
CVSS 8.8
CVE-2015-1583 HIGH
ATutor 2.2 - Cross-Site Request Forgery
CVSS 8.8
CVE-2015-5686 HIGH
Puppet Enterprise Console 3.x - CSRF
CVSS 8.8
CVE-2015-5483 HIGH
Private Only plugin 3.5.1 for WordPress - CSRF
CVSS 8.8
CVE-2015-5595 MEDIUM
zenphoto < 1.4.9 - Cross-Site Request Forgery in admin.php
CVSS 6.5
CVE-2015-3140 HIGH
Synametrics SynaMan Syncrify SynTail - Cross-Site Request Forgery
CVSS 8.8
CVE-2015-9498 HIGH
wps_hide_login < 1.1 - Cross-Site Request Forgery in Option Value Saving
CVSS 8.8
CVE-2015-9497 HIGH
Ad Inserter < 1.5.3 - Cross-Site Request Forgery with Resultant Cross-Site Scripting via Options Page
CVSS 8.8
CVE-2015-9455 HIGH
buddypress-activity-plus < 1.6.2 - Cross-Site Request Forgery via bpfb_remove_temp_images Action
CVSS 8.1
CVE-2015-9447 MEDIUM
unite_gallery_lite < 1.5 - Cross-Site Request Forgery and SQL Injection via Gallery ID Parameter
CVSS 6.5
CVE-2015-9445 HIGH
unite_gallery_lite < 1.5 - Cross-Site Request Forgery and SQL Injection via unitegallery_ajax_action
CVSS 8.8
CVE-2015-9443 MEDIUM
WP Accurate Form Data 1.2 - Cross-Site Request Forgery with Resultant Cross-Site Scripting via Options Page
CVSS 6.5
CVE-2015-9442 MEDIUM
avenirsoft directdownload 1.0 - Cross-Site Request Forgery with Resultant Cross-Site Scripting via Admin Page
CVSS 6.5
CVE-2015-9441 MEDIUM
bookmarkify 2.9.2 - Cross-Site Request Forgery with Resultant Cross-Site Scripting via Options Page
CVSS 6.5
CVE-2015-9440 MEDIUM
monetize < 1.03 - Cross-Site Request Forgery with Resultant Cross-Site Scripting via Admin Zone Creation
CVSS 6.5
CVE-2015-9437 MEDIUM
dynamic-widgets < 1.5.11 - Cross-Site Request Forgery with Resultant Cross-Site Scripting via Page Limit Parameter
CVSS 6.5
CVE-2015-9434 MEDIUM
kiwi-logo-carousel < 1.7.2 - Cross-Site Request Forgery with Resultant Cross-Site Scripting via Settings Tab Parameter
CVSS 6.5
CVE-2015-9433 MEDIUM
wp-social-bookmarking-light < 1.7.10 - CSRF with Resultant XSS via Configuration Parameters
CVSS 6.5
CVE-2015-9432 MEDIUM
alpine-photo-tile-for-instagram < 1.2.7.6 - CSRF with Resultant XSS via Settings Tab
CVSS 6.5
Details
Vulnerabilities 9,385
Exploit Likelihood Medium