CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,363 vulnerabilities with CWE-352
CVE-2022-47611 MEDIUM
Hover Image < 1.4.1 - Cross-Site Request Forgery
CVSS 4.3
CVE-2022-47183 MEDIUM
StylistWP Extra Block Design - CSRF
CVSS 5.4
CVE-2022-47167 MEDIUM
Aram Kocharyan Crayon Syntax Highlighter <= 2.8.4 - CSRF
CVSS 5.4
CVE-2022-45376 MEDIUM
XootiX Side Cart Woocommerce (Ajax) < 2.1 - Cross-Site Request Forgery
CVSS 4.3
CVE-2022-45079 MEDIUM
Loginizer <= 1.7.5 - Cross-Site Request Forgery
CVSS 4.7
CVE-2022-45076 MEDIUM
Flexible Elementor Panel <= 2.3.8 - Cross-Site Request Forgery
CVSS 4.3
CVE-2022-44739 MEDIUM
Quick Restaurant Reservations <= 1.5.4 - Cross-Site Request Forgery
CVSS 5.3
CVE-2022-41608 MEDIUM
Thomas Belser Asgaros Forum <= 2.2.0 - CSRF
CVSS 5.4
CVE-2022-47609 MEDIUM
Nicearma DNUI < 2.8.1 - Cross-Site Request Forgery
CVSS 6.3
CVE-2022-47142 MEDIUM
Plugincraft Mediamatic - Media Library Folders <= 2.8.1 - Cross-Site Request Forgery
CVSS 4.3
CVE-2022-47134 MEDIUM
Bill Erickson Gallery Metabox <1.5 - CSRF
CVSS 4.3
CVE-2022-45846 MEDIUM
Image Map Pro for WordPress - Interactive SVG Image Map Builder < 5.6.9 - Cross-Site Request Forgery
CVSS 5.4
CVE-2022-40724 MEDIUM
PingFederate 10.3.0-10.3.10 - Cross-Site Request Forgery via Local Identity Profiles Endpoint
CVSS 6.4
CVE-2022-45080 MEDIUM
KrishaWeb Add Multiple Marker <= 1.2 - Cross-Site Request Forgery
CVSS 5.4
CVE-2022-45074 MEDIUM
Activity Reactions For Buddypress <= 1.0.22 - Cross-Site Request Forgery
CVSS 4.3
CVE-2022-4944 MEDIUM
kodcloud kodexplorer < 4.49 - Cross-Site Request Forgery
CVSS 4.3
CVE-2022-46793 MEDIUM
AdTribes.Io Product Feed PRO for WooCommerce <= 12.4.4 - CSRF
CVSS 5.4
CVE-2022-4941 MEDIUM
WCFM Membership < 2.9.10 - Cross-Site Request Forgery via Missing Nonce Checks
CVSS 6.3
CVE-2022-4938 MEDIUM
WCFM Frontend Manager for WooCommerce <= 6.6.0 - Cross-Site Request Forgery via Missing Nonce Checks
CVSS 6.3
CVE-2022-4936 MEDIUM
WCFM Marketplace < 3.4.12 - Cross-Site Request Forgery via Missing Nonce Checks
CVSS 6.3
CVE-2022-41633 MEDIUM
PeepSo < 6.0.3.0 - Cross-Site Request Forgery
CVSS 5.4
CVE-2022-42447 CRITICAL
HCL Compass 2.0.0-2.0.2 - Cross-Origin Resource Sharing Misconfiguration
CVSS 9.6
CVE-2022-38077 MEDIUM
Popup Anything - A Marketing Popup and Lead Generation Conversions <= 2.2.1 - Cross-Site Request Forgery
CVSS 4.3
CVE-2022-30705 MEDIUM
Pankaj Jha WordPress Ping Optimizer <= 2.35.1.2.3 - CSRF
CVSS 5.4
CVE-2022-4148 MEDIUM
dash10 oauth_server < 4.3.0 - Authenticated Arbitrary Client Deletion via CSRF
CVSS 4.3
Details
Vulnerabilities 9,363
Exploit Likelihood Medium