CWE-352 Weakness

Filtered by CWE-352

Total 6248 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2023-38381	1 Wp-flybox Project	1 Wp-flybox	2024-09-20	5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Cyle Conoly WP-FlyBox plugin <= 6.46 versions.
CVE-2022-46841	1 Soflyy	1 Oxygen	2024-09-20	5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Soflyy Oxygen Builder plugin <= 4.4 versions.
CVE-2023-40210	1 Sean-barton	1 Sb Child List	2024-09-20	5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Sean Barton (Tortoise IT) SB Child List plugin <= 4.5 versions.
CVE-2023-40202	1 Codemiq	1 Wp Html Mail	2024-09-20	5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Hannes Etzelstorfer // codemiq WP HTML Mail plugin <= 3.4.1 versions.
CVE-2023-40201	1 Futuriowp	1 Futurio Extra	2024-09-20	6.5 Medium
Cross-Site Request Forgery (CSRF) vulnerability in FuturioWP Futurio Extra plugin <= 1.8.4 versions leads to activation of arbitrary plugin.
CVE-2023-40198	1 Antsanchez	1 Easy Cookie Law	2024-09-20	5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Antsanchez Easy Cookie Law plugin <= 3.1 versions.
CVE-2023-40199	1 Crudlab	1 Wp Like Button	2024-09-20	5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in CRUDLab WP Like Button plugin <= 1.7.0 versions.
CVE-2023-40212	1 Multidots	1 Product Attachment For Woocommerce	2024-09-20	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Product Attachment for WooCommerce plugin <= 2.1.8 versions.
CVE-2023-39159	1 Multidots	1 Fraud Prevention For Woocommerce	2024-09-20	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Fraud Prevention For Woocommerce plugin <= 2.1.5 versions.
CVE-2023-41693	1 Plainviewplugins	1 Mycryptocheckout	2024-09-20	5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in edward_plainview MyCryptoCheckout plugin <= 2.125 versions.
CVE-2023-41244	1 Buildfail	1 Localize Remote Images	2024-09-20	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Buildfail Localize Remote Images plugin <= 1.0.9 versions.
CVE-2023-39158	1 Multidots	1 Banner Management For Woocommerce	2024-09-20	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Banner Management For WooCommerce plugin <= 2.4.2 versions.
CVE-2024-46362	1 Frogcms Project	1 Frogcms	2024-09-20	8.8 High
FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/create_directory
CVE-2024-46085	1 Frogcms Project	1 Frogcms	2024-09-20	8.8 High
FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/rename
CVE-2023-39923	1 Radiustheme	1 The Post Grid	2024-09-19	5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme The Post Grid plugin <= 7.2.7 versions.
CVE-2023-39165	1 Fetchdesigns	1 Sign-up Sheets	2024-09-19	5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Fetch Designs Sign-up Sheets plugin <= 2.2.8 versions.
CVE-2023-39917	1 Ays-pro	1 Photo Gallery	2024-09-19	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Photo Gallery Team Photo Gallery by Ays – Responsive Image Gallery plugin <= 5.2.6 versions.
CVE-2023-39989	1 Draftpress	1 Header Footer Code Manager	2024-09-19	5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in 99robots Header Footer Code Manager plugin <= 1.1.34 versions.
CVE-2024-6862	2 Lunary, Lunary-ai	2 Lunary, Lunary-ai\/lunary	2024-09-19	8.1 High
A Cross-Site Request Forgery (CSRF) vulnerability exists in lunary-ai/lunary version 1.2.34 due to overly permissive CORS settings. This vulnerability allows an attacker to sign up for and create projects or use the instance as if they were a user with local access. The main attack vector is for instances hosted locally on personal machines, which are not publicly accessible. The CORS settings in the backend permit all origins, exposing unauthenticated endpoints to CSRF attacks.
CVE-2023-45374	1 Mediawiki	1 Mediawiki	2024-09-19	5.3 Medium
An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It does not check for the anti-CSRF edit token in Special:SportsTeamsManager and Special:UpdateFavoriteTeams.

« first previous Page 25 of 313. next last »