Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-352

CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,344 vulnerabilities with CWE-352

CVE-2024-49794 MEDIUM

IBM ApplinX 11.1 - Cross-Site Request Forgery

CVE-2024-35138 MEDIUM

IBM Security Verify Access 10.0.0-10.0.8 - Cross-Site Request Forgery

CVE-2024-13510 MEDIUM

ShopSite <= 1.5.10 - Cross-Site Request Forgery via Missing Nonce Validation

CVE-2024-13356 MEDIUM

DSGVO All in one for WP <4.6 - CSRF

CVE-2024-13115 MEDIUM

WP Projects Portfolio with Client Testimonials <3.0 - CSRF

CVE-2024-56903 HIGH

Geovision GV-ASWeb <= 6.1.1.0 - Cross-Site Request Forgery via POST to GET Method Conversion

CVE-2024-56901 HIGH

Geovision GV-ASWeb <=6.1.1.0 - CSRF

CVE-2024-13096 MEDIUM

WP Finance WordPress Plugin < 1.3.6 - Cross-Site Request Forgery and Stored Cross-Site Scripting

CVE-2024-1211 MEDIUM

GitLab 10.6-16.9.6, 16.10-16.10.4, 16.11-16.11.1 - Cross-Site Request Forgery via JWT OmniAuth Provider

CVE-2024-13720 HIGH

WP Image Uploader <= 1.0.1 - Unauthenticated Arbitrary File Deletion via gky_image_uploader_main_function

CVE-2024-13707 HIGH

WP Image Uploader <= 1.0.1 - Cross-Site Request Forgery via gky_image_uploader_main_function

CVE-2024-13512 MEDIUM

Wonder FontAwesome < 0.8 - Cross-Site Request Forgery via Missing Nonce Validation

CVE-2024-13758 MEDIUM

CP Contact Form with PayPal <= 1.3.52 - Cross-Site Request Forgery via cp_contact_form_paypal_check_init_actions()

CVE-2024-12709 MEDIUM

Bulk Me Now! < 2.0 - Cross-Site Request Forgery

CVE-2024-54851 HIGH

Teedy <= 1.12 - Cross-Site Request Forgery

CVE-2024-13521 MEDIUM

MailUp Auto Subscription <1.1.0 - CSRF

CVE-2024-57373 HIGH

LifestyleStore 1.0 - Cross-Site Request Forgery

CVE-2024-48418 HIGH

Edimax BR-6476AC 1.06 - OS Command Injection via DDNS Configuration

CVE-2024-13057 HIGH

Dyn Business Panel <= 1.0.0 - Cross-Site Request Forgery and Stored Cross-Site Scripting

CVE-2024-12774 MEDIUM

Altra Side Menu < 2.0 - Cross-Site Request Forgery via Menu Deletion

CVE-2024-12436 MEDIUM

WP Customer Area < 8.2.4 - Cross-Site Request Forgery

CVE-2024-12280 MEDIUM

WP Customer Area < 8.2.4 - Cross-Site Request Forgery via Log Deletion

CVE-2024-11641 HIGH

VikBooking Hotel Booking Engine & PMS <1.7.2 - CSRF

CVE-2024-13709 MEDIUM

Linear <= 2.8.1 - Cross-Site Request Forgery via Missing Nonce Validation

CVE-2024-13683 MEDIUM

Automate Hub Free by Sperse.IO <= 1.7.0 - Cross-Site Request Forgery via Missing Nonce Validation

Previous Page 92 of 374 Next

Details

Vulnerabilities 9,344

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy