CWE-352
9,349 CVEs • Abstraction: Compound • Likelihood of Exploit: Medium
Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
CVEs (9,349)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Unitegallery 1Unite Gallery Lite Nov 21, 2024 Sep 26, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQL injection via wp-admin/admin.php galleryid or id parameters. |
1Unitegallery 1Unite Gallery Lite Nov 21, 2024 Sep 26, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQL injection via wp-admin/admin-ajax.php in a unitegallery_ajax_action operation. |
1Wp Accurate Form Data Project 1Wp Accurate Form Data Nov 21, 2024 Sep 26, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The accurate-form-data-real-time-form-validation plugin 1.2 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=Accu_Data_WP. |
The avenirsoft-directdownload plugin 1.0 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=avenir_plugin. |
1Bookmarkify Project 1Bookmarkify Nov 21, 2024 Sep 26, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The bookmarkify plugin 2.9.2 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=bookmarkify.php. |
The monetize plugin through 1.03 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=monetize-zones-new. |
1Vivwebsolutions 1Dynamic Widgets Nov 27, 2024 Sep 26, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The dynamic-widgets plugin before 1.5.11 for WordPress has CSRF with resultant XSS via the wp-admin/themes.php?page=dynwid-config page_limit parameter. |
1Kiwi Logo Carousel Project 1Kiwi Logo Carousel Nov 21, 2024 Sep 26, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The kiwi-logo-carousel plugin before 1.7.2 for WordPress has CSRF with resultant XSS via the wp-admin/edit.php?post_type=kwlogos&page=kwlogos_settings tab or tab_flags_order parameter. |
1Wp Social Bookmarking Light Project 1Wp Social Bookmarking Light Nov 21, 2024 Sep 26, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The wp-social-bookmarking-light plugin before 1.7.10 for WordPress has CSRF with resultant XSS via configuration parameters for Tumblr, Twitter, Facebook, etc. in wp-admin/options-general.php?page=wp-social-bookmarking-l...Show more |
1Thealpinepress 1Alpine Photo Tile For Instagram Nov 21, 2024 Sep 26, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The alpine-photo-tile-for-instagram plugin before 1.2.7.6 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=alpine-photo-tile-for-instagram-settings tab parameter. |
1Qtranslate X Project 1Qtranslate X Nov 21, 2024 Sep 26, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The qtranslate-x plugin before 3.4.4 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=qtranslate-x json_config_files or json_custom_i18n_config parameter. |
1Yithemes 1Yith Maintenance Mode Nov 21, 2024 Sep 26, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The yith-maintenance-mode plugin before 1.2.0 for WordPress has CSRF with resultant XSS via the wp-admin/themes.php?page=yith-maintenance-mode panel_page parameter. |
1Wplegalpages 1Wp Legal Pages Nov 21, 2024 Sep 26, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The wplegalpages plugin before 1.1 for WordPress has CSRF with resultant XSS via wp-admin/admin.php?page=legal-pages lp-domain-name, lp-business-name, lp-phone, lp-street, lp-city-state, lp-country, lp-email, lp-address,...Show more |
1Googmonify Project 1Googmonify Nov 21, 2024 Sep 26, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The googmonify plugin through 0.5.1 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=googmonify.php PID or AID parameter. |
The social-locker plugin before 4.2.5 for WordPress has CSRF with resultant XSS via the wp-admin/edit.php?post_type=opanda-item&page=license-manager-sociallocker-next licensekey parameter. |
The multicons plugin before 3.0 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=multicons%2Fmulticons.php global_url or admin_url parameter. |
The PlugNedit Adaptive Editor plugin before 6.2.0 for WordPress has CSRF with resultant XSS via wp-admin/admin-ajax.php?action=simple_fields_field_type_post_dialog_load plugnedit_width, pnemedcount, PlugneditBGColor, Plu...Show more |
1Olevmedia 1Olevmedia Shortcodes Nov 21, 2024 Sep 26, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The olevmedia-shortcodes plugin before 1.1.9 for WordPress has CSRF with resultant XSS via the wp-admin/admin-ajax.php?action=omsc_popup id parameter. |
The Watu Pro plugin before 4.9.0.8 for WordPress has CSRF that allows an attacker to delete quizzes. |
1Slidervilla 1Testimonial Slider Nov 21, 2024 Sep 26, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The testimonial-slider plugin through 1.2.1 for WordPress has CSRF with resultant XSS. |