CWE-352 Weakness

Filtered by CWE-352

Total 6248 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2023-43148	1 Spa-cart	1 Spa-cart	2024-09-18	8.1 High
SPA-Cart 1.9.0.3 has a Cross Site Request Forgery (CSRF) vulnerability that allows a remote attacker to delete all accounts.
CVE-2023-43149	1 Spa-cart	1 Spa-cart	2024-09-18	8.8 High
SPA-Cart 1.9.0.3 is vulnerable to Cross Site Request Forgery (CSRF) that allows a remote attacker to add an admin user with role status.
CVE-2023-7045	1 Gitlab	1 Gitlab	2024-09-18	5.4 Medium
A CSRF vulnerability exists within GitLab CE/EE from versions 13.11 before 16.10.6, from 16.11 before 16.11.3, from 17.0 before 17.0.1. By leveraging this vulnerability, an attacker could exfiltrate anti-CSRF tokens via the Kubernetes Agent Server (KAS).
CVE-2024-8120	1 Imagerecycle	1 Imagerecycle Pdf \& Image Compression	2024-09-17	4.7 Medium
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.14. This is due to missing or incorrect nonce validation on several functions in the class/class-image-otimizer.php file. This makes it possible for unauthenticated attackers to update plugin settings along with performing other actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVE-2023-41684	1 Felixwelberg	1 Sis Handball	2024-09-17	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Felix Welberg SIS Handball plugin <= 1.0.45 versions.
CVE-2023-41697	1 Nikunjsoni	1 Easy Wp Cleaner	2024-09-17	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Nikunj Soni Easy WP Cleaner plugin <= 1.9 versions.
CVE-2023-41730	1 Pressified	1 Sendpress	2024-09-17	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in SendPress Newsletters plugin <= 1.22.3.31 versions.
CVE-2023-41850	1 Sparro	1 Outbound Link Manager	2024-09-17	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Morris Bryant, Ruben Sargsyan Outbound Link Manager plugin <= 1.2 versions.
CVE-2023-41851	1 Dotsquares	1 Wp Custom Post Template	2024-09-17	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Dotsquares WP Custom Post Template <= 1.0 versions.
CVE-2023-41852	1 Mailmunch	1 Mailmunch	2024-09-17	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in MailMunch MailMunch – Grow your Email List plugin <= 3.1.2 versions.
CVE-2023-41853	1 Wpicalavailability	1 Wp Ical Availability	2024-09-17	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in WP iCal Availability plugin <= 1.0.3 versions.
CVE-2023-41854	1 Wpcentral	1 Wpcentral	2024-09-17	5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Softaculous Ltd. WpCentral plugin <= 1.5.7 versions.
CVE-2023-41858	1 Tychesoftwares	1 Order Delivery Date For Woocommerce	2024-09-17	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Ashok Rane Order Delivery Date for WP e-Commerce plugin <= 1.2 versions.
CVE-2023-41876	1 Wp Gallery Metabox Project	1 Wp Gallery Metabox	2024-09-17	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Hardik Kalathiya WP Gallery Metabox plugin <= 1.0.0 versions.
CVE-2023-44257	1 Mangboard	1 Mang Board	2024-09-17	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Hometory Mang Board WP plugin <= 1.7.6 versions.
CVE-2023-44259	1 Mediavine	1 Mediavine Control Panel	2024-09-17	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Mediavine Mediavine Control Panel plugin <= 2.10.2 versions.
CVE-2023-44261	1 Dineshkarki	1 Block Plugin Update	2024-09-17	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Dinesh Karki Block Plugin Update plugin <= 3.3 versions.
CVE-2023-45103	1 Yasglobalizer	1 Permalinks Customizer	2024-09-17	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in YAS Global Team Permalinks Customizer plugin <= 2.8.2 versions.
CVE-2023-45106	1 Urvanov	1 Urvanov Syntax Highlighter	2024-09-17	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Fedor Urvanov, Aram Kocharyan Urvanov Syntax Highlighter plugin <= 2.8.33 versions.
CVE-2024-43255	1 Stormhillmedia	1 Mybook Table Bookstore	2024-09-17	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in Stormhill Media MyBookTable Bookstore allows Cross-Site Scripting (XSS).This issue affects MyBookTable Bookstore: from n/a through 3.3.9.

« first previous Page 29 of 313. next last »