CWE-352— Cross-Site Request Forgery (CSRF)
8,631 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-352page 24 of 173
- CVE-2017-18544HIGHCVSS 8.8EG 8.82019-08-16
The invite-anyone plugin before 1.3.16 for WordPress has admin-panel CSRF.
- CVE-2017-18546HIGHCVSS 8.8EG 8.82019-08-16
The jayj-quicktag plugin before 1.3.2 for WordPress has CSRF.
- CVE-2017-18547HIGHCVSS 8.8EG 8.82019-08-16
The nelio-ab-testing plugin before 4.6.4 for WordPress has CSRF in experiment forms.
- CVE-2017-18569HIGHCVSS 8.8EG 8.82019-08-20
The my-wp-translate plugin before 1.0.4 for WordPress has CSRF.
- CVE-2017-18607HIGHCVSS 8.8EG 8.82019-09-10
The avada theme before 5.1.5 for WordPress has CSRF.
- CVE-2017-18703HIGHCVSS 8.8EG 8.82020-04-24
Certain NETGEAR devices are affected by CSRF. This affects D1500 before 1.0.0.25, D500 before 1.0.0.25, D6100 before 1.0.0.55, D7000 before 1.0.1.50, D7800 before 1.0.1.28, EX6100v2 before 1.0.1.60, EX6150v2 before 1.0.1.60, JNR1010v2 befo…
- CVE-2017-18708HIGHCVSS 8.8EG 8.82020-04-24
Certain NETGEAR devices are affected by CSRF. This affects R8300 before 1.0.2.94 and R8500 before 1.0.2.94.
- CVE-2017-18742HIGHCVSS 8.8EG 8.82020-04-23
Certain NETGEAR devices are affected by CSRF. This affects JR6150 before 1.0.1.10, R6050 before 1.0.1.10, R6250 before 1.0.4.12, R6300v2 before 1.0.4.8, R6700 before 1.0.1.16, R6900 before 1.0.1.16, R7300DST before 1.0.0.54, R7900 before 1…
- CVE-2017-18749HIGHCVSS 8.8EG 8.82020-04-23
Certain NETGEAR devices are affected by CSRF. This affects JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.44, R6050 before 1.0.1.10, R6100 before 1.0.1.16, R6220 before 1.1.0.50, R7500 before 1.0.0.112, R7500v2 …
- CVE-2017-18755HIGHCVSS 8.8EG 8.82020-04-22
Certain NETGEAR devices are affected by CSRF. This affects R6300v2 before 1.0.4.8, R6400v2 before 1.0.2.32, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000P before 1.0.0.86, R6900P before 1.0.0.56, R7300 before 1.0.0.54, R8300 before 1…
- CVE-2017-18768HIGHCVSS 8.8EG 8.82020-04-22
Certain NETGEAR devices are affected by CSRF. This affects EX6100 before 1.0.2.16_1.1.130, EX6100v2 before 1.0.1.70, EX6150v2 before 1.0.1.54, EX6200v2 before 1.0.1.50, EX6400 before 1.0.1.60, EX7300 before 1.0.1.60, and WN3000RPv3 before …
- CVE-2017-18775HIGHCVSS 8.8EG 8.82020-04-22
Certain NETGEAR devices are affected by CSRF. This affects R6100 before 1.0.1.12, R7500 before 1.0.0.108, WNDR3700v4 before 1.0.2.86, WNDR4300v1 before 1.0.2.88, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before …
- CVE-2017-18781HIGHCVSS 8.8EG 8.82020-04-22
Certain NETGEAR devices are affected by CSRF. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JNR1010v2 before 1.1.0.44, JWNR2010v5 before 1.1.0.44, JR6150 before 1.0.1.12, PR2000 before 1.0.0.20, R6020 before 1.0.0.26, R6050 b…
- CVE-2017-18782HIGHCVSS 8.8EG 8.82020-04-22
Certain NETGEAR devices are affected by CSRF. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JR6150 before 1.0.1.12, JNR1010v2 before 1.1.0.44, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6020 before 1.0.0.26, R6050 b…
- CVE-2017-18791HIGHCVSS 8.8EG 8.82020-04-21
Certain NETGEAR devices are affected by CSRF. This affects R6050/JR6150 before 1.0.1.7, PR2000 before 1.0.0.17, R6220 before 1.1.0.50, WNDR3700v5 before 1.1.0.48, JNR1010v2 before 1.1.0.40, JWNR2010v5 before 1.1.0.40, WNR1000v4 before 1.1.…
- CVE-2017-18842HIGHCVSS 8.8EG 8.82020-04-20
Certain NETGEAR devices are affected by CSRF. This affects R7300 before 1.0.0.54, R8500 before 1.0.2.94, DGN2200v1 before 1.0.0.55, and D2200D/D2200DW-1FRNAS before 1.0.0.32.
- CVE-2017-18848HIGHCVSS 8.8EG 8.82020-04-20
Certain NETGEAR devices are affected by CSRF. This affects R6300v2 before 1.0.0.36, AC1450 before 1.0.0.36, R7300 before 1.0.0.54, and R8500 before 1.0.2.94.
- CVE-2017-18852HIGHCVSS 8.8EG 8.82020-04-20
Certain NETGEAR devices are affected by CSRF and authentication bypass. This affects R7300DST before 1.0.0.54, R8300 before 1.0.2.100_1.0.82, R8500 before 1.0.2.100_1.0.82, and WNDR3400v3 before 1.0.1.14.
- CVE-2017-18861HIGHCVSS 8.0EG 8.02020-04-28
Certain NETGEAR devices are affected by CSRF. This affects ReadyNAS Surveillance 1.4.3-15-x86 and earlier and ReadyNAS Surveillance 1.1.4-5-ARM and earlier.
- CVE-2017-18903HIGHCVSS 8.8EG 8.82020-06-19
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. CSRF can occur if CORS is enabled.
- CVE-2017-20020MEDIUMCVSS 5.3EG 8.82022-06-09
A vulnerability, which was classified as problematic, has been found in Solare Solar-Log 2.8.4-56/3.5.2-85. Affected by this issue is some unknown functionality. The manipulation leads to cross site request forgery. The attack may be launc…
- CVE-2017-20045HIGHCVSS 7.3EG 8.82022-06-13
A vulnerability was found in Navetti PricePoint 4.6.0.0. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has…
- CVE-2017-20053MEDIUMCVSS 4.3EG 4.32022-06-16
A vulnerability was found in XYZScripts Contact Form Manager Plugin. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. The attack can be l…
- CVE-2017-20062MEDIUMCVSS 5.0EG 5.02022-06-20
A vulnerability was found in Elefant CMS 1.3.12-RC and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been …
- CVE-2017-20065MEDIUMCVSS 4.3EG 4.32022-06-20
A vulnerability was found in Supsystic Popup Plugin 1.7.6 and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit ha…
- CVE-2017-20088MEDIUMCVSS 4.3EG 4.32022-06-23
A vulnerability classified as problematic has been found in Atahualpa Theme. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely.
- CVE-2017-20090MEDIUMCVSS 4.3EG 8.82022-06-23
A vulnerability was found in Global Content Blocks Plugin 2.1.5. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely.
- CVE-2017-20091MEDIUMCVSS 4.3EG 6.52022-06-23
A vulnerability was found in File Manager Plugin 3.0.1. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely.
- CVE-2017-20093MEDIUMCVSS 4.3EG 4.32022-06-24
A vulnerability, which was classified as problematic, was found in Download Manager Plugin 2.8.99. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely.
- CVE-2017-20120MEDIUMCVSS 4.3EG 8.82022-06-29
A vulnerability classified as problematic was found in TrueConf Server 4.3.7. This vulnerability affects unknown code of the file /admin/service/stop/. The manipulation leads to cross-site request forgery. The attack can be initiated remot…
- CVE-2017-2613MEDIUMCVSS 5.4EG 5.42018-05-15
jenkins before versions 2.44, 2.32.2 is vulnerable to a user creation CSRF using GET by admins. While this user record was only retained until restart in most cases, administrators' web browsers could be manipulated to create a large numbe…
- CVE-2017-3187HIGHCVSS 8.8EG 8.82018-07-24
The dotCMS administration panel, versions 3.7.1 and earlier, are vulnerable to cross-site request forgery. The dotCMS administrator panel contains a cross-site request forgery (CSRF) vulnerability. An attacker can perform actions with the …
- CVE-2017-3965HIGHCVSS 8.8EG 8.82018-04-04
Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to perform unauthorized tasks such as retrieving internal syste…
- CVE-2017-4951HIGHCVSS 8.8EG 8.82018-01-29
VMware AirWatch Console (9.2.x before 9.2.2 and 9.1.x before 9.1.5) contains a Cross Site Request Forgery vulnerability when accessing the App Catalog. An attacker may exploit this issue by tricking users into installing a malicious applic…
- CVE-2017-5394HIGHCVSS 8.8EG 8.82018-06-11
A location bar spoofing attack where the location bar of loaded page will be shown over the content of another tab due to a series of JavaScript events combined with fullscreen mode. Note: This issue only affects Firefox for Android. Other…
- CVE-2017-5781HIGHCVSS 8.8EG 8.82018-02-15
A CSRF vulnerability in HPE Matrix Operating Environment version v7.6 was found.
- CVE-2017-5796HIGHCVSS 8.8EG 8.82018-02-15
A Remote Cross Site Request Forgery (CSRF) vulnerability in HPE 2620 Series Network Switches version RA.15.05.0006 was found.
- CVE-2017-7635HIGHCVSS 8.8EG 8.82018-06-05
QNAP NAS application Proxy Server through version 1.2.0 does not utilize CSRF protections.
- CVE-2017-7641HIGHCVSS 8.8EG 8.82018-03-08
QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier does not utilize CSRF protections.
- CVE-2017-7906HIGHCVSS 8.8EG 8.82018-06-06
In ABB IP GATEWAY 3.39 and prior, the web server does not sufficiently verify that a request was performed by the authenticated user, which may allow an attacker to launch a request impersonating that user.
- CVE-2017-8328HIGHCVSS 8.8EG 8.82019-06-18
An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of changing the administrative password for the web management interface. It seems that the …
- CVE-2017-8334HIGHCVSS 8.0EG 8.02019-06-18
An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of blocking IP addresses using the web management interface. It seems that the device does n…
- CVE-2017-8406HIGHCVSS 8.8EG 8.82019-07-02
An issue was discovered on D-Link DCS-1130 devices. The device provides a crossdomain.xml file with no restrictions on who can access the webserver. This allows an hosted flash file on any domain to make calls to the device's webserver and…
- CVE-2017-8407HIGHCVSS 8.8EG 8.82019-07-02
An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of changing the administrative password for the web management interface. It seems that the device does not implement any cross-site request…
- CVE-2017-9381HIGHCVSS 8.8EG 8.82019-06-17
An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a user with the capability of installing or deleting apps on the device using the web management interface. It seems that the device does not…
- CVE-2017-9414HIGHCVSS 8.8EG 8.82018-02-05
Cross-site request forgery (CSRF) vulnerability in the Subscribe to Podcast feature in Subsonic 6.1.1 allows remote attackers to hijack the authentication of unspecified victims for requests that conduct cross-site scripting (XSS) attacks …
- CVE-2017-9641HIGHCVSS 8.8EG 8.82018-05-25
PI Coresight 2016 R2 contains a cross-site request forgery vulnerability that may allow access to the PI system. OSIsoft recommends that users upgrade to PI Vision 2017 or greater to mitigate this vulnerability.
- CVE-2017-9963HIGHCVSS 8.1EG 8.12018-02-12
A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 for mul…
- CVE-2018-0107HIGHCVSS 8.8EG 8.82018-01-18
A vulnerability in the web framework of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to execute unwanted actions on an affected device. The vulnerability is due to a lack of cross-site request forgery (CSRF) …
- CVE-2018-0146MEDIUMCVSS 5.4EG 5.42018-02-22
A vulnerability in the Cisco Data Center Analytics Framework application could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to improper CSRF…
Map vulnerabilities like CWE-352 to your infrastructure
EchelonGraph correlates every CVE — across CWE-352 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →