CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,363 vulnerabilities with CWE-352
CVE-2022-46867 MEDIUM
Chasil Universal Star Rating <2.1.0 - CSRF
CVSS 4.3
CVE-2022-46854 MEDIUM
Obox Launchpad - Coming Soon & Maintenance Mode Plugin <= 1.0.13 - Cross-Site Request Forgery
CVSS 5.4
CVE-2022-38063 MEDIUM
Social Login WP < 5.0.0.0 - Cross-Site Request Forgery
CVSS 5.4
CVE-2022-47427 MEDIUM
My Calendar <= 3.3.24.1 - Cross-Site Request Forgery
CVSS 5.4
CVE-2022-47443 MEDIUM
Daniel Powney Multi Rating <= 5.0.5 - Cross-Site Request Forgery
CVSS 4.3
CVE-2022-47422 MEDIUM
Accept Stripe Donation - AidWP < 3.1.5 - Cross-Site Request Forgery
CVSS 4.3
CVE-2022-47147 MEDIUM
Kesz1 Technologies ipBlockList <= 1.0 - CSRF
CVSS 5.4
CVE-2022-47143 MEDIUM
Themeisle Multiple Page Generator Plugin - MPG <= 3.3.9 - Cross-Site Request Forgery
CVSS 4.3
CVE-2022-47141 MEDIUM
Seerox WP Dynamic Keywords Injector <= 2.3.15 - CSRF
CVSS 5.4
CVE-2022-47154 MEDIUM
Pi Websolution CSS JS Manager <= 2.4.49 - CSRF
CVSS 4.3
CVE-2022-47163 LOW
WP CSV to Database < 2.6 - Cross-Site Request Forgery
CVSS 3.1
CVE-2022-47162 MEDIUM
Dannie Herdyawan DH - Anti AdBlocker <= 36 - CSRF
CVSS 4.3
CVE-2022-47155 MEDIUM
Supsystic Slider by Supsystic <= 1.8.5 - Cross-Site Request Forgery
CVSS 4.3
CVE-2022-47440 MEDIUM
Joseph C Dolson My Tickets <= 1.9.10 - Cross-Site Request Forgery
CVSS 4.3
CVE-2022-47166 MEDIUM
Void Contact Form 7 Widget For Elementor Page Builder <= 2.1.1 - CSRF
CVSS 4.3
CVE-2022-4265 HIGH
Replyable < 2.2.10 - Authenticated Object Injection and Cross-Site Request Forgery via Prompt Dismiss Notice
CVSS 8.8
CVE-2022-48309 MEDIUM
Sophos Connect < 2.2.90 - Cross-Site Request Forgery
CVSS 4.3
CVE-2022-47148 MEDIUM
WP Overnight PDF Invoices & Packing Slips for WooCommerce <= 3.2.5 ...
CVSS 4.3
CVE-2022-46806 MEDIUM
VillaTheme Cart All In One For WooCommerce <= 1.1.10 - CSRF
CVSS 5.4
CVE-2022-46805 MEDIUM
WP Trio Conditional Shipping <2.3.1 - CSRF
CVSS 5.4
CVE-2022-46798 MEDIUM
HasThemes ShopLentor <= 2.5.1 - CSRF
CVSS 5.4
CVE-2022-46797 MEDIUM
Conversios All-in-one Google Analytics, Pixels and Product Feed Manager for WooCommerce <= 5.2.3 - CSRF
CVSS 5.4
CVE-2022-45804 MEDIUM
RoboSoft Photo Gallery, Images, Slider in Rbs Image Gallery <= 3.2.9 - Cross-Site Request Forgery
CVSS 4.3
CVE-2022-45068 MEDIUM
Mercado Pago payments for WooCommerce <= 6.3.1 - Cross-Site Request Forgery
CVSS 4.3
CVE-2022-40198 MEDIUM
StandaloneTech TeraWallet - For WooCommerce <= 1.3.24 - Cross-Site Request Forgery
CVSS 4.3
Details
Vulnerabilities 9,363
Exploit Likelihood Medium