CWE-352
Medium likelihoodCross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
9,371 vulnerabilities with CWE-352
CVE-2022-41263
MEDIUM
SAP Business Objects <430 - Auth Bypass
CVSS 4.3
CVE-2022-3999
HIGH
DPD Baltic Shipping WordPress Plugin < 1.2.57 - Authenticated Arbitrary Option Deletion via AJAX Action
CVSS 8.1
CVE-2022-3946
MEDIUM
Welcart e-Commerce < 2.8.4 - Authenticated Missing Authorization in AJAX Shipping Method Management
CVSS 6.5
CVE-2022-3883
MEDIUM
stopbadbots < 7.24 - Authenticated Arbitrary Plugin Installation via AJAX Action
CVSS 6.5
CVE-2022-3882
MEDIUM
wp-memory < 2.46 - Authenticated Arbitrary Plugin Installation via CSRF
CVSS 6.5
CVE-2022-3881
MEDIUM
WP Tools Increase Maximum Limits, Repair, Server PHP Info, Javascri...
CVSS 5.7
CVE-2022-3880
MEDIUM
antihacker < 4.20 - Authenticated Plugin Installation via AJAX Action
CVSS 6.5
CVE-2022-3879
MEDIUM
Car Dealer WordPress Plugin < 3.05 - Authenticated Arbitrary Plugin Installation via AJAX Action
CVSS 6.5
CVE-2022-3853
MEDIUM
supra-csv-parser < 4.0.3 - Cross-Site Scripting
CVSS 5.4
CVE-2022-45980
HIGH
Tenda AX12 V22.03.01.21_CN - Cross-Site Request Forgery via SysToolRestoreSet
CVSS 8.8
CVE-2022-46688
MEDIUM
Jenkins Sonar Gerrit Plugin <377.v8f3808963dc5 - CSRF
CVSS 6.5
CVE-2022-41296
MEDIUM
IBM Db2U 3.5, 4.0, and 4.5 - Cross-Site Request Forgery
CVSS 6.5
CVE-2022-45228
LOW
Dragino Lora LG01 18ed40 IoT v4.3.4 - Cross-Site Request Forgery in Logout Page
CVSS 3.5
CVE-2022-4397
MEDIUM
zend-blog-2 - Cross-Site Request Forgery in Comment Handler
CVSS 4.3
CVE-2022-4349
MEDIUM
CTF-hacker pwn - Cross-Site Request Forgery in delete.html
CVSS 4.3
CVE-2022-41622
HIGH
F5 BIG-IP and BIG-IQ - Cross-Site Request Forgery via iControl SOAP
CVSS 8.8
CVE-2022-44849
HIGH
MetInfo v7.7 - Cross-Site Request Forgery in Administrator List
CVSS 8.8
CVE-2022-23475
HIGH
daloradius < 1.3 - Cross-Site Request Forgery and Cross-Site Scripting in mng-del.php
CVSS 8.8
CVE-2022-3926
MEDIUM
WP OAuth Server < 3.4.2 - Cross-Site Request Forgery via Secret Regeneration
CVSS 6.5
CVE-2022-45824
MEDIUM
Advanced Booking Calendar <= 1.7.1 - Cross-Site Request Forgery
CVSS 5.4
CVE-2022-43470
HIGH
+F FS040U <v2.3.4, +F FS020W <v4.0.0, +F FS030W <v3.3.5, +F FS040W ...
CVSS 7.3
CVE-2022-35730
MEDIUM
Oceanwp Sticky Header Plugin <1.0.8 - CSRF
CVSS 4.3
CVE-2022-4220
MEDIUM
Chained Quiz <= 1.3.2.4 - Cross-Site Request Forgery via list_questions() Function
CVSS 5.4
CVE-2022-4219
MEDIUM
Chained Quiz <= 1.3.2.4 - Cross-Site Request Forgery via Missing Nonce Validation
CVSS 5.4
CVE-2022-4218
MEDIUM
Chained Quiz < 1.3.2.4 - Unauthenticated Cross-Site Request Forgery via list_quizzes() Function
CVSS 5.4
Details
Vulnerabilities
9,371
Exploit Likelihood
Medium