CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,337 vulnerabilities with CWE-352
CVE-2024-53946 HIGH
KuWFi 4G LTE AC900 router 1.0.13 - CSRF
CVSS 8.8
CVE-2024-4994 HIGH
GitLab CE/EE <16.11.5 & <17.0.3 & <17.1.1 - CSRF
CVSS 8.1
CVE-2024-54172 MEDIUM
IBM Sterling B2B Integrator & File Gateway <6.1.2.6, <6.2.0.4 - CSRF
CVSS 4.3
CVE-2024-12224 HIGH
servo/idna < 1.0.0 - Improper Validation of Unsafe Equivalence in Punycode
CVSS 8.8
CVE-2024-9711 MEDIUM
EKC Tournament Manager < 2.2.2 - Cross-Site Request Forgery in Settings Update
CVSS 5.4
CVE-2024-9709 MEDIUM
EKC Tournament Manager < 2.2.2 - Cross-Site Request Forgery in Settings Update
CVSS 5.4
CVE-2024-9450 MEDIUM
easync < 1.3.15 - Cross-Site Request Forgery in Settings Update
CVSS 6.5
CVE-2024-9233 MEDIUM
Logo Slider < 3.7.1 - Cross-Site Request Forgery in Settings Update
CVSS 4.3
CVE-2024-8398 MEDIUM
Simple Nav Archives < 2.1.3 - Cross-Site Request Forgery in Settings Update
CVSS 4.3
CVE-2024-8286 MEDIUM
webtoffee/gdpr_cookie_consent < 2.6.1 - Cross-Site Request Forgery via Bulk Actions
CVSS 6.5
CVE-2024-8245 MEDIUM
GamiPress - Reset User < 1.0.1 - Cross-Site Request Forgery in Settings Update
CVSS 4.3
CVE-2024-8094 MEDIUM
Ntz Antispam WordPress Plugin < 2.0e - Cross-Site Request Forgery in Settings Update
CVSS 6.5
CVE-2024-8090 MEDIUM
JavaScript Logic WordPress Plugin <= 0.1 - Cross-Site Request Forgery and Stored Cross-Site Scripting
CVSS 6.1
CVE-2024-8085 MEDIUM
PeoplePond < 1.1.9 - Cross-Site Request Forgery and Stored Cross-Site Scripting
CVSS 6.1
CVE-2024-8082 MEDIUM
Widgets Reset < 0.1 - Cross-Site Request Forgery in Settings Update
CVSS 4.3
CVE-2024-8050 MEDIUM
Custom Author Base WP <1.1.1 - CSRF
CVSS 4.3
CVE-2024-8032 MEDIUM
Smooth Gallery Replacement <1.0 - XSS
CVSS 6.1
CVE-2024-7984 MEDIUM
Joy Of Text Lite < 2.3.1 - Cross-Site Request Forgery in Settings Update
CVSS 4.3
CVE-2024-6719 HIGH
Offload Videos < 1.0.1 - Cross-Site Request Forgery in Settings Update
CVSS 8.1
CVE-2024-12750 MEDIUM
Competition Form < 2.0 - Cross-Site Request Forgery in Settings Update
CVSS 4.3
CVE-2024-12301 MEDIUM
JSP Store Locator < 1.0 - Cross-Site Request Forgery
CVSS 6.5
CVE-2024-12282 MEDIUM
wp-connect < 2.5.6 - Cross-Site Request Forgery and Stored Cross-Site Scripting
CVSS 6.1
CVE-2024-11719 MEDIUM
tarteaucitron-wp < 0.3.0 - Cross-Site Request Forgery and Stored Cross-Site Scripting
CVSS 6.1
CVE-2024-11373 MEDIUM
Connexion Logs < 3.0.2 - Cross-Site Request Forgery in Settings Update
CVSS 4.3
CVE-2024-10677 MEDIUM
Bluetrait Blue Trait Event Viewer < 2.0.2 - CSRF
CVSS 4.3
Details
Vulnerabilities 9,337
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits