CWE-352— Cross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.— MITRE CWE catalog
8,836 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-352page 24 of 177
- CVE-2017-18512HIGHCVSS 8.8EG 8.82019-08-14
The newsletter-by-supsystic plugin before 1.1.8 for WordPress has CSRF.
- CVE-2017-18513HIGHCVSS 8.8EG 8.82019-08-14
The responsive-menu plugin before 3.1.4 for WordPress has no CSRF protection mechanism for the admin interface.
- CVE-2017-18521HIGHCVSS 8.8EG 8.82019-08-21
The democracy-poll plugin before 5.4 for WordPress has CSRF via wp-admin/options-general.php?page=democracy-poll&subpage=l10n.
- CVE-2017-18523HIGHCVSS 8.8EG 8.82019-08-20
The eelv-newsletter plugin before 4.6.1 for WordPress has CSRF in the address book.
- CVE-2017-18544HIGHCVSS 8.8EG 8.82019-08-16
The invite-anyone plugin before 1.3.16 for WordPress has admin-panel CSRF.
- CVE-2017-18546HIGHCVSS 8.8EG 8.82019-08-16
The jayj-quicktag plugin before 1.3.2 for WordPress has CSRF.
- CVE-2017-18547HIGHCVSS 8.8EG 8.82019-08-16
The nelio-ab-testing plugin before 4.6.4 for WordPress has CSRF in experiment forms.
- CVE-2017-18569HIGHCVSS 8.8EG 8.82019-08-20
The my-wp-translate plugin before 1.0.4 for WordPress has CSRF.
- CVE-2017-18607HIGHCVSS 8.8EG 8.82019-09-10
The avada theme before 5.1.5 for WordPress has CSRF.
- CVE-2017-18703HIGHCVSS 8.8EG 8.82020-04-24
Certain NETGEAR devices are affected by CSRF. This affects D1500 before 1.0.0.25, D500 before 1.0.0.25, D6100 before 1.0.0.55, D7000 before 1.0.1.50, D7800 before 1.0.1.28, EX6100v2 before 1.0.1.60, EX6150v2 before 1.0.1.60, JNR1010v2 befo…
- CVE-2017-18708HIGHCVSS 8.8EG 8.82020-04-24
Certain NETGEAR devices are affected by CSRF. This affects R8300 before 1.0.2.94 and R8500 before 1.0.2.94.
- CVE-2017-18742HIGHCVSS 8.8EG 8.82020-04-23
Certain NETGEAR devices are affected by CSRF. This affects JR6150 before 1.0.1.10, R6050 before 1.0.1.10, R6250 before 1.0.4.12, R6300v2 before 1.0.4.8, R6700 before 1.0.1.16, R6900 before 1.0.1.16, R7300DST before 1.0.0.54, R7900 before 1…
- CVE-2017-18749HIGHCVSS 8.8EG 8.82020-04-23
Certain NETGEAR devices are affected by CSRF. This affects JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.44, R6050 before 1.0.1.10, R6100 before 1.0.1.16, R6220 before 1.1.0.50, R7500 before 1.0.0.112, R7500v2 …
- CVE-2017-18755HIGHCVSS 8.8EG 8.82020-04-22
Certain NETGEAR devices are affected by CSRF. This affects R6300v2 before 1.0.4.8, R6400v2 before 1.0.2.32, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000P before 1.0.0.86, R6900P before 1.0.0.56, R7300 before 1.0.0.54, R8300 before 1…
- CVE-2017-18768HIGHCVSS 8.8EG 8.82020-04-22
Certain NETGEAR devices are affected by CSRF. This affects EX6100 before 1.0.2.16_1.1.130, EX6100v2 before 1.0.1.70, EX6150v2 before 1.0.1.54, EX6200v2 before 1.0.1.50, EX6400 before 1.0.1.60, EX7300 before 1.0.1.60, and WN3000RPv3 before …
- CVE-2017-18775HIGHCVSS 8.8EG 8.82020-04-22
Certain NETGEAR devices are affected by CSRF. This affects R6100 before 1.0.1.12, R7500 before 1.0.0.108, WNDR3700v4 before 1.0.2.86, WNDR4300v1 before 1.0.2.88, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before …
- CVE-2017-18781HIGHCVSS 8.8EG 8.82020-04-22
Certain NETGEAR devices are affected by CSRF. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JNR1010v2 before 1.1.0.44, JWNR2010v5 before 1.1.0.44, JR6150 before 1.0.1.12, PR2000 before 1.0.0.20, R6020 before 1.0.0.26, R6050 b…
- CVE-2017-18782HIGHCVSS 8.8EG 8.82020-04-22
Certain NETGEAR devices are affected by CSRF. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JR6150 before 1.0.1.12, JNR1010v2 before 1.1.0.44, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6020 before 1.0.0.26, R6050 b…
- CVE-2017-18791HIGHCVSS 8.8EG 8.82020-04-21
Certain NETGEAR devices are affected by CSRF. This affects R6050/JR6150 before 1.0.1.7, PR2000 before 1.0.0.17, R6220 before 1.1.0.50, WNDR3700v5 before 1.1.0.48, JNR1010v2 before 1.1.0.40, JWNR2010v5 before 1.1.0.40, WNR1000v4 before 1.1.…
- CVE-2017-18842HIGHCVSS 8.8EG 8.82020-04-20
Certain NETGEAR devices are affected by CSRF. This affects R7300 before 1.0.0.54, R8500 before 1.0.2.94, DGN2200v1 before 1.0.0.55, and D2200D/D2200DW-1FRNAS before 1.0.0.32.
- CVE-2017-18848HIGHCVSS 8.8EG 8.82020-04-20
Certain NETGEAR devices are affected by CSRF. This affects R6300v2 before 1.0.0.36, AC1450 before 1.0.0.36, R7300 before 1.0.0.54, and R8500 before 1.0.2.94.
- CVE-2017-18852HIGHCVSS 8.8EG 8.82020-04-20
Certain NETGEAR devices are affected by CSRF and authentication bypass. This affects R7300DST before 1.0.0.54, R8300 before 1.0.2.100_1.0.82, R8500 before 1.0.2.100_1.0.82, and WNDR3400v3 before 1.0.1.14.
- CVE-2017-18861HIGHCVSS 8.0EG 8.02020-04-28
Certain NETGEAR devices are affected by CSRF. This affects ReadyNAS Surveillance 1.4.3-15-x86 and earlier and ReadyNAS Surveillance 1.1.4-5-ARM and earlier.
- CVE-2017-18903HIGHCVSS 8.8EG 8.82020-06-19
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. CSRF can occur if CORS is enabled.
- CVE-2017-20020MEDIUMCVSS 5.3EG 8.82022-06-09
A vulnerability, which was classified as problematic, has been found in Solare Solar-Log 2.8.4-56/3.5.2-85. Affected by this issue is some unknown functionality. The manipulation leads to cross site request forgery. The attack may be launc…
- CVE-2017-20045HIGHCVSS 7.3EG 8.82022-06-13
A vulnerability was found in Navetti PricePoint 4.6.0.0. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has…
- CVE-2017-20053MEDIUMCVSS 4.3EG 4.32022-06-16
A vulnerability was found in XYZScripts Contact Form Manager Plugin. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. The attack can be l…
- CVE-2017-20062MEDIUMCVSS 5.0EG 5.02022-06-20
A vulnerability was found in Elefant CMS 1.3.12-RC and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been …
- CVE-2017-20065MEDIUMCVSS 4.3EG 4.32022-06-20
A vulnerability was found in Supsystic Popup Plugin 1.7.6 and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit ha…
- CVE-2017-20088MEDIUMCVSS 4.3EG 4.32022-06-23
A vulnerability classified as problematic has been found in Atahualpa Theme. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely.
- CVE-2017-20090MEDIUMCVSS 4.3EG 8.82022-06-23
A vulnerability was found in Global Content Blocks Plugin 2.1.5. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely.
- CVE-2017-20091MEDIUMCVSS 4.3EG 6.52022-06-23
A vulnerability was found in File Manager Plugin 3.0.1. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely.
- CVE-2017-20093MEDIUMCVSS 4.3EG 4.32022-06-24
A vulnerability, which was classified as problematic, was found in Download Manager Plugin 2.8.99. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely.
- CVE-2017-20120MEDIUMCVSS 4.3EG 8.82022-06-29
A vulnerability classified as problematic was found in TrueConf Server 4.3.7. This vulnerability affects unknown code of the file /admin/service/stop/. The manipulation leads to cross-site request forgery. The attack can be initiated remot…
- CVE-2017-20221MEDIUMCVSS 4.3EG 4.32026-03-16
Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains a cross-site request forgery vulnerability that allows authenticated attackers to execute arbitrary system commands by exploiting missing request validation. Attackers can craft ma…
- CVE-2017-2613MEDIUMCVSS 5.4EG 5.42018-05-15
jenkins before versions 2.44, 2.32.2 is vulnerable to a user creation CSRF using GET by admins. While this user record was only retained until restart in most cases, administrators' web browsers could be manipulated to create a large numbe…
- CVE-2017-3187HIGHCVSS 8.8EG 8.82018-07-24
The dotCMS administration panel, versions 3.7.1 and earlier, are vulnerable to cross-site request forgery. The dotCMS administrator panel contains a cross-site request forgery (CSRF) vulnerability. An attacker can perform actions with the …
- CVE-2017-3965HIGHCVSS 8.8EG 8.82018-04-04
Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to perform unauthorized tasks such as retrieving internal syste…
- CVE-2017-4951HIGHCVSS 8.8EG 8.82018-01-29
VMware AirWatch Console (9.2.x before 9.2.2 and 9.1.x before 9.1.5) contains a Cross Site Request Forgery vulnerability when accessing the App Catalog. An attacker may exploit this issue by tricking users into installing a malicious applic…
- CVE-2017-5394HIGHCVSS 8.8EG 8.82018-06-11
A location bar spoofing attack where the location bar of loaded page will be shown over the content of another tab due to a series of JavaScript events combined with fullscreen mode. Note: This issue only affects Firefox for Android. Other…
- CVE-2017-5781HIGHCVSS 8.8EG 8.82018-02-15
A CSRF vulnerability in HPE Matrix Operating Environment version v7.6 was found.
- CVE-2017-5796HIGHCVSS 8.8EG 8.82018-02-15
A Remote Cross Site Request Forgery (CSRF) vulnerability in HPE 2620 Series Network Switches version RA.15.05.0006 was found.
- CVE-2017-7635HIGHCVSS 8.8EG 8.82018-06-05
QNAP NAS application Proxy Server through version 1.2.0 does not utilize CSRF protections.
- CVE-2017-7641HIGHCVSS 8.8EG 8.82018-03-08
QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier does not utilize CSRF protections.
- CVE-2017-7906HIGHCVSS 8.8EG 8.82018-06-06
In ABB IP GATEWAY 3.39 and prior, the web server does not sufficiently verify that a request was performed by the authenticated user, which may allow an attacker to launch a request impersonating that user.
- CVE-2017-8328HIGHCVSS 8.8EG 8.82019-06-18
An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of changing the administrative password for the web management interface. It seems that the …
- CVE-2017-8334HIGHCVSS 8.0EG 8.02019-06-18
An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of blocking IP addresses using the web management interface. It seems that the device does n…
- CVE-2017-8406HIGHCVSS 8.8EG 8.82019-07-02
An issue was discovered on D-Link DCS-1130 devices. The device provides a crossdomain.xml file with no restrictions on who can access the webserver. This allows an hosted flash file on any domain to make calls to the device's webserver and…
- CVE-2017-8407HIGHCVSS 8.8EG 8.82019-07-02
An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of changing the administrative password for the web management interface. It seems that the device does not implement any cross-site request…
- CVE-2017-9381HIGHCVSS 8.8EG 8.82019-06-17
An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a user with the capability of installing or deleting apps on the device using the web management interface. It seems that the device does not…
Map vulnerabilities like CWE-352 to your infrastructure
EchelonGraph correlates every CVE — across CWE-352 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →