CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,385 vulnerabilities with CWE-352
CVE-2015-9431 MEDIUM
qtranslate-x < 3.4.4 - Cross-Site Request Forgery with Resultant Cross-Site Scripting via JSON Config Parameters
CVSS 6.5
CVE-2015-9429 MEDIUM
yith_maintenance_mode < 1.2.0 - Cross-Site Request Forgery with Resultant Cross-Site Scripting via panel_page Parameter
CVSS 6.5
CVE-2015-9428 MEDIUM
WP Legal Pages < 1.1 - Cross-Site Request Forgery with Resultant Cross-Site Scripting via Admin Settings Parameters
CVSS 6.5
CVE-2015-9427 MEDIUM
googmonify < 0.5.1 - Cross-Site Request Forgery with Resultant Cross-Site Scripting via PID or AID Parameter
CVSS 6.5
CVE-2015-9425 MEDIUM
Social Locker < 4.2.5 - Cross-Site Request Forgery with Resultant Cross-Site Scripting via License Key Parameter
CVSS 5.4
CVE-2015-9424 MEDIUM
multicons < 3.0 - Cross-Site Request Forgery with Resultant Cross-Site Scripting via global_url or admin_url Parameter
CVSS 6.5
CVE-2015-9422 MEDIUM
PlugNedit < 6.2.0 - Cross-Site Request Forgery with Resultant Cross-Site Scripting via Admin-AJAX Parameters
CVSS 6.5
CVE-2015-9421 MEDIUM
olevmedia_shortcodes < 1.1.9 - Cross-Site Request Forgery with Resultant Cross-Site Scripting via id Parameter
CVSS 6.5
CVE-2015-9418 MEDIUM
Kibokolabs Watupro < 4.9.0.8 - CSRF
CVSS 4.3
CVE-2015-9417 MEDIUM
testimonial-slider < 1.2.1 - Cross-Site Request Forgery with Resultant Cross-Site Scripting
CVSS 6.5
CVE-2015-9413 MEDIUM
eshop < 6.3.13 - Cross-Site Request Forgery with Resultant Cross-Site Scripting via Title Parameter
CVSS 6.5
CVE-2015-9409 MEDIUM
alo-easymail < 2.6.01 - Cross-Site Request Forgery with Resultant Cross-Site Scripting
CVSS 6.5
CVE-2015-9408 MEDIUM
xpinner-lite < 2.2 - Cross-Site Request Forgery with Resultant Cross-Site Scripting via Options Page
CVSS 6.5
CVE-2015-9394 HIGH
Users Ultra Membership < 1.5.63 - Cross-Site Request Forgery via action=package_add_new
CVSS 8.8
CVE-2015-9388 MEDIUM
mtouch_quiz < 3.1.3 - Cross-Site Request Forgery with Resultant Cross-Site Scripting via wp-admin/edit.php
CVSS 6.5
CVE-2015-9387 MEDIUM
mtouch_quiz < 3.1.3 - Cross-Site Request Forgery via wp-admin/options-general.php
CVSS 6.5
CVE-2015-9380 HIGH
10web Photo Gallery < 1.2.42 - Cross-Site Request Forgery
CVSS 8.8
CVE-2015-9343 HIGH
wp-rollback < 1.2.3 - Cross-Site Request Forgery
CVSS 8.8
CVE-2015-9332 MEDIUM
WordPress Uninstall Plugin < 1.2 - Cross-Site Request Forgery via admin-ajax.php
CVSS 6.5
CVE-2015-9322 HIGH
erident-custom-login-and-dashboard < 3.5 - Cross-Site Request Forgery
CVSS 8.8
CVE-2015-9309 HIGH
weplugins/wp_maps < 2.3.10 - Cross-Site Request Forgery in Add/Edit Category Feature
CVSS 8.8
CVE-2015-9308 HIGH
weplugins/wp_maps < 2.3.10 - Cross-Site Request Forgery in Add/Edit Map Feature
CVSS 8.8
CVE-2015-9307 HIGH
weplugins/wp_maps < 2.3.10 - Cross-Site Request Forgery in Add/Edit Location Feature
CVSS 8.8
CVE-2015-9292 HIGH
6kbbs 7.1 and 8.0 - Cross-Site Request Forgery via portalchannel_ajax.php or admin.php
CVSS 8.8
CVE-2015-9284 HIGH
omniauth < 2.0.0 - Cross-Site Request Forgery in Ruby on Rails Request Phase
CVSS 8.8
Details
Vulnerabilities 9,385
Exploit Likelihood Medium