CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,363 vulnerabilities with CWE-352
CVE-2022-4849 MEDIUM
memos < 0.9.1 - Cross-Site Request Forgery
CVSS 6.5
CVE-2022-4846 MEDIUM
memos < 0.9.1 - Cross-Site Request Forgery
CVSS 6.5
CVE-2022-4845 MEDIUM
memos < 0.9.1 - Cross-Site Request Forgery
CVSS 4.3
CVE-2022-4844 HIGH
memos < 0.9.1 - Cross-Site Request Forgery
CVSS 8.8
CVE-2022-4766 MEDIUM
dolibarr_project_timesheet < 4.5.6 - Cross-Site Request Forgery in Form Handler
CVSS 4.3
CVE-2022-46491 MEDIUM
nbnbk - Cross-Site Request Forgery in Add Administrator Function
CVSS 6.5
CVE-2022-4646 MEDIUM
rdiffweb < 2.5.4 - Cross-Site Request Forgery
CVSS 6.5
CVE-2022-4633 MEDIUM
Auto Upload Images < 3.3.1 - Cross-Site Request Forgery in Settings Handler
CVSS 4.3
CVE-2022-4125 MEDIUM
Popup Manager < 1.6.6 - Unauthenticated Cross-Site Request Forgery and Stored Cross-Site Scripting
CVSS 4.3
CVE-2022-4124 MEDIUM
Popup Manager < 1.6.6 - Unauthenticated Popup Deletion via Missing Authorization
CVSS 4.3
CVE-2022-4024 MEDIUM
Registration Forms WP <3.8.1.3 - CSRF
CVSS 6.5
CVE-2022-4604 MEDIUM
wp-english-wp-admin < 1.5.2 - Cross-Site Request Forgery in register_endpoints Function
CVSS 4.3
CVE-2022-4564 MEDIUM
University of Central Florida Materia <9.0.0 - CSRF
CVSS 4.3
CVE-2022-3427 HIGH
Corner Ad < 1.0.56 - Cross-Site Request Forgery via Missing Nonce Validation
CVSS 8.8
CVE-2022-46074 HIGH
Helmet Store Showroom 1.0 - Unauthenticated Cross-Site Request Forgery
CVSS 8.8
CVE-2022-46062 MEDIUM
Gym Management System <0.0.1 - CSRF
CVSS 4.5
CVE-2022-46059 MEDIUM
AeroCMS v0.0.1 - Cross-Site Request Forgery
CVSS 6.5
CVE-2022-41263 MEDIUM
SAP Business Objects <430 - Auth Bypass
CVSS 4.3
CVE-2022-3999 HIGH
DPD Baltic Shipping WordPress Plugin < 1.2.57 - Authenticated Arbitrary Option Deletion via AJAX Action
CVSS 8.1
CVE-2022-3946 MEDIUM
Welcart e-Commerce < 2.8.4 - Authenticated Missing Authorization in AJAX Shipping Method Management
CVSS 6.5
CVE-2022-3883 MEDIUM
stopbadbots < 7.24 - Authenticated Arbitrary Plugin Installation via AJAX Action
CVSS 6.5
CVE-2022-3882 MEDIUM
wp-memory < 2.46 - Authenticated Arbitrary Plugin Installation via CSRF
CVSS 6.5
CVE-2022-3881 MEDIUM
WP Tools Increase Maximum Limits, Repair, Server PHP Info, Javascri...
CVSS 5.7
CVE-2022-3880 MEDIUM
antihacker < 4.20 - Authenticated Plugin Installation via AJAX Action
CVSS 6.5
CVE-2022-3879 MEDIUM
Car Dealer WordPress Plugin < 3.05 - Authenticated Arbitrary Plugin Installation via AJAX Action
CVSS 6.5
Details
Vulnerabilities 9,363
Exploit Likelihood Medium