CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,386 vulnerabilities with CWE-352
CVE-2014-9276
MediaWiki <1.19.22, 1.20.x-1.22.x before 1.22.14, 1.23.x before 1.2...
CVE-2014-9460
WP-ViperGB < 1.3.10 - Cross-Site Request Forgery and Cross-Site Scripting
CVE-2014-9459
e107 2.0 alpha2 - Cross-Site Request Forgery via AdminObserver Function
CVE-2014-9454
WordPress Simple Sticky Footer <1.3.3 - CSRF
CVE-2014-9441
Lightbox Photo Gallery 1.0 - Cross-Site Request Forgery via Plugin Settings
CVE-2014-9438
vBulletin 4.2.2 - Cross-Site Request Forgery in Moderator Control Panel
CVE-2014-9437
Sliding Social Icons 1.61 - Cross-Site Request Forgery
CVE-2014-9431
Smoothwall Express <3.1,3.0 SP3 - CSRF
CVE-2014-8144
doorkeeper < 1.4.1 - Cross-Site Request Forgery
CVE-2014-9401
WP Limit Posts Automatically <0.7 - CSRF
CVE-2014-9400
Wp Unique Article Header Image <1.0 - CSRF
CVE-2014-9399
TweetScribe < 1.1 - Cross-Site Request Forgery via tweetscribe_username Parameter
CVE-2014-9398
Twitter LiveBlog plugin <1.1.2 - CSRF
CVE-2014-9397
twimp-wp < 0.1 - Cross-Site Request Forgery via message_format Parameter
CVE-2014-9396
simpleflickr < 3.0.3 - Cross-Site Request Forgery
CVE-2014-9395
Simplelife < 1.2 - Cross-Site Request Forgery via simplehoverback Parameter
CVE-2014-9394
PWGRandom < 1.11 - Cross-Site Request Forgery via pwgrandom_title or pwgrandom_category Parameter
CVE-2014-9393
Post to Twitter < 0.7 - Cross-Site Request Forgery via idptt_twitter_username or idptt_tweet_prefix Parameter
CVE-2014-9392
PictoBrowser < 0.3.1 - Cross-Site Request Forgery via Flickr User Parameter
CVE-2014-9391
gSlideShow < 0.1 - Cross-Site Request Forgery via RSS Display Time or Transition Time Parameter
CVE-2014-6168
IBM Security Identity Manager 5.1 - Authenticated Cross-Site Request Forgery
CVE-2014-9414
W3 Total Cache < 0.9.4 - Cross-Site Request Forgery via Empty Nonce
CVE-2014-9413
IP Ban 1.2.3 - Cross-Site Request Forgery via ip_list, user_agent_list, or redirect_url Parameter
CVE-2014-9334
Bird Feeder 1.2.3 - Cross-Site Request Forgery
CVE-2014-6187
IBM WebSphere Service Registry and Repository CSRF (6.3.x-6.3.0.5, 7.0.x-7.0.0.5, 7.5.x-7.5.0.3, 8.0.x-8.0.0.2)
Details
Vulnerabilities 9,386
Exploit Likelihood Medium