CWE-352
Medium likelihoodCross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
9,363 vulnerabilities with CWE-352
CVE-2022-4849
MEDIUM
memos < 0.9.1 - Cross-Site Request Forgery
CVSS 6.5
CVE-2022-4846
MEDIUM
memos < 0.9.1 - Cross-Site Request Forgery
CVSS 6.5
CVE-2022-4845
MEDIUM
memos < 0.9.1 - Cross-Site Request Forgery
CVSS 4.3
CVE-2022-4844
HIGH
memos < 0.9.1 - Cross-Site Request Forgery
CVSS 8.8
CVE-2022-4766
MEDIUM
dolibarr_project_timesheet < 4.5.6 - Cross-Site Request Forgery in Form Handler
CVSS 4.3
CVE-2022-46491
MEDIUM
nbnbk - Cross-Site Request Forgery in Add Administrator Function
CVSS 6.5
CVE-2022-4646
MEDIUM
rdiffweb < 2.5.4 - Cross-Site Request Forgery
CVSS 6.5
CVE-2022-4633
MEDIUM
Auto Upload Images < 3.3.1 - Cross-Site Request Forgery in Settings Handler
CVSS 4.3
CVE-2022-4125
MEDIUM
Popup Manager < 1.6.6 - Unauthenticated Cross-Site Request Forgery and Stored Cross-Site Scripting
CVSS 4.3
CVE-2022-4124
MEDIUM
Popup Manager < 1.6.6 - Unauthenticated Popup Deletion via Missing Authorization
CVSS 4.3
CVE-2022-4024
MEDIUM
Registration Forms WP <3.8.1.3 - CSRF
CVSS 6.5
CVE-2022-4604
MEDIUM
wp-english-wp-admin < 1.5.2 - Cross-Site Request Forgery in register_endpoints Function
CVSS 4.3
CVE-2022-4564
MEDIUM
University of Central Florida Materia <9.0.0 - CSRF
CVSS 4.3
CVE-2022-3427
HIGH
Corner Ad < 1.0.56 - Cross-Site Request Forgery via Missing Nonce Validation
CVSS 8.8
CVE-2022-46074
HIGH
Helmet Store Showroom 1.0 - Unauthenticated Cross-Site Request Forgery
CVSS 8.8
CVE-2022-46062
MEDIUM
Gym Management System <0.0.1 - CSRF
CVSS 4.5
CVE-2022-46059
MEDIUM
AeroCMS v0.0.1 - Cross-Site Request Forgery
CVSS 6.5
CVE-2022-41263
MEDIUM
SAP Business Objects <430 - Auth Bypass
CVSS 4.3
CVE-2022-3999
HIGH
DPD Baltic Shipping WordPress Plugin < 1.2.57 - Authenticated Arbitrary Option Deletion via AJAX Action
CVSS 8.1
CVE-2022-3946
MEDIUM
Welcart e-Commerce < 2.8.4 - Authenticated Missing Authorization in AJAX Shipping Method Management
CVSS 6.5
CVE-2022-3883
MEDIUM
stopbadbots < 7.24 - Authenticated Arbitrary Plugin Installation via AJAX Action
CVSS 6.5
CVE-2022-3882
MEDIUM
wp-memory < 2.46 - Authenticated Arbitrary Plugin Installation via CSRF
CVSS 6.5
CVE-2022-3881
MEDIUM
WP Tools Increase Maximum Limits, Repair, Server PHP Info, Javascri...
CVSS 5.7
CVE-2022-3880
MEDIUM
antihacker < 4.20 - Authenticated Plugin Installation via AJAX Action
CVSS 6.5
CVE-2022-3879
MEDIUM
Car Dealer WordPress Plugin < 3.05 - Authenticated Arbitrary Plugin Installation via AJAX Action
CVSS 6.5
Details
Vulnerabilities
9,363
Exploit Likelihood
Medium