CWE-352 Weakness

Filtered by CWE-352

Total 6247 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2015-1391	1 Hp	1 Airwave	2024-09-30	8.8 High
Aruba AirWave before 8.0.7 allows bypass of a CSRF protection mechanism.
CVE-2023-49855	1 Binarycarpenter	1 Menu Bar Cart Icon For Woocommerce	2024-09-30	6.5 Medium
Cross-Site Request Forgery (CSRF) vulnerability in BinaryCarpenter Menu Bar Cart Icon For WooCommerce By Binary Carpenter.This issue affects Menu Bar Cart Icon For WooCommerce By Binary Carpenter: from n/a through 1.49.3.
CVE-2023-47787	1 Automattic	1 Woocommerce Bookings	2024-09-30	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Bookings.This issue affects WooCommerce Bookings: from n/a through 2.0.3.
CVE-2023-49821	1 Livechat	1 Livechat	2024-09-30	5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in LiveChat LiveChat – WP live chat plugin for WordPress.This issue affects LiveChat – WP live chat plugin for WordPress: from n/a through 4.5.15.
CVE-2024-47315	1 Givewp	1 Givewp	2024-09-30	5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in GiveWP.This issue affects GiveWP: from n/a through 3.15.1.
CVE-2023-23473	1 Ibm	1 Infosphere Information Server	2024-09-30	5.3 Medium
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 245400.
CVE-2023-31174	1 Selinc	1 Sel-5037 Sel Grid Configurator	2024-09-30	7.4 High
A Cross-Site Request Forgery (CSRF) vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5037 SEL Grid Configurator: before 4.5.0.20.
CVE-2023-35096	1 Mycred	1 Mycred	2024-09-30	5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in myCred plugin <= 2.5 versions.
CVE-2023-35880	1 Woocommerce	1 Brands	2024-09-30	5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Brands plugin <= 1.6.49 versions.
CVE-2023-31216	1 Ultimatemember	1 Ultimate Member	2024-09-30	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Ultimate Member plugin <= 2.6.0 versions.
CVE-2023-36511	1 Woocommerce	1 Woocommerce Order Barcodes	2024-09-30	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Order Barcodes plugin <= 1.6.4 versions.
CVE-2023-36513	1 Woocommerce	1 Automatewoo	2024-09-30	5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce AutomateWoo plugin <= 5.7.5 versions.
CVE-2023-36514	1 Woocommerce	1 Shipping Multiple Addresses	2024-09-30	6.5 Medium
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Shipping Multiple Addresses plugin <= 3.8.5 versions.
CVE-2022-47172	1 Hasthemes	1 Woolentor - Woocommerce Elementor Addons \+ Builder	2024-09-30	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in HasThemes ShopLentor plugin <= 2.6.2 versions.
CVE-2023-34005	1 Etoilewebdesign	1 Front End Users	2024-09-30	6.5 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Etoile Web Design Front End Users plugin <= 3.2.24 versions.
CVE-2023-37974	1 Wp Social Autoconnect Project	1 Wp Social Autoconnect	2024-09-30	5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Justin Klein WP Social AutoConnect plugin <= 4.6.1 versions.
CVE-2024-7862	2 Blogintroduction Wordpress Plugin, Kimhuebel	2 Blogintroduction Wordpress Plugin, Blogintroduction-wordpress-plugin	2024-09-30	4.3 Medium
The blogintroduction-wordpress-plugin WordPress plugin through 0.3.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVE-2024-3083	1 Proges	2 Sensor Net Connect Firmware V2, Sensor Net Connect V2	2024-09-30	8.3 High
A “CWE-352: Cross-Site Request Forgery (CSRF)” can be exploited by remote attackers to perform state-changing operations with administrative privileges by luring authenticated victims into visiting a malicious web page.
CVE-2024-8044	2 Rubayathasan, Wordpress Plugin	2 Infolinks Ad Wrap, Infolinks Ad Wrap	2024-09-30	5.7 Medium
The infolinks Ad Wrap WordPress plugin through 1.0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVE-2023-37985	1 Fivestarplugins	1 Five Star Restaurant Menu	2024-09-30	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in FiveStarPlugins Restaurant Menu and Food Ordering plugin <= 2.4.6 versions.

« first previous Page 20 of 313. next last »