CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,371 vulnerabilities with CWE-352
CVE-2022-41615 MEDIUM
WordPress Store Locator <1.4.5 - XSS
CVSS 6.1
CVE-2022-40695 MEDIUM
SEO Redirection Plugin <= 8.9 - Cross-Site Request Forgery
CVSS 5.4
CVE-2022-41805 MEDIUM
Booster for WooCommerce <= 5.6.6 - CSRF
CVSS 5.4
CVE-2022-40687 MEDIUM
Creative Mail by Constant Contact <= 1.5.4 - Cross-Site Request Forgery
CVSS 5.4
CVE-2022-40686 MEDIUM
Creative Mail by Constant Contact <= 1.5.4 - Cross-Site Request Forgery
CVSS 5.4
CVE-2022-38075 MEDIUM
Mantenimiento web plugin <= 0.13 - CSRF/XSS
CVSS 6.1
CVE-2022-40192 HIGH
wpForo Forum <= 2.0.9 - Cross-Site Request Forgery
CVSS 7.1
CVE-2022-45072 MEDIUM
WPML Multilingual CMS <= 4.5.13 - Cross-Site Request Forgery
CVSS 4.3
CVE-2022-45071 MEDIUM
WPML Multilingual CMS <= 4.5.13 - Cross-Site Request Forgery
CVSS 5.4
CVE-2022-42246 HIGH
duofox_cms 0.0.4 - Cross-Site Request Forgery
CVSS 8.8
CVE-2022-4021 HIGH
Permalink Manager Lite <2.2.20.1 - CSRF
CVSS 8.8
CVE-2022-4014 MEDIUM
FeehiCMS - Cross-Site Request Forgery in Post My Comment Tab
CVSS 4.3
CVE-2022-4013 MEDIUM
Hospital Management Center - Cross-Site Request Forgery in appointment.php
CVSS 4.3
CVE-2022-45398 MEDIUM
Jenkins Cluster Statistics Plugin < 0.4.6 - Cross-Site Request Forgery
CVSS 4.3
CVE-2022-45393 LOW
Jenkins Delete log Plugin < 1.0 - Cross-Site Request Forgery
CVSS 3.5
CVE-2022-3240 HIGH
WordPress Follow Me Plugin <3.1.1 - CSRF
CVSS 8.8
CVE-2022-35613 HIGH
Konker Platform 2.3.9 - Cross-Site Request Forgery
CVSS 8.8
CVE-2022-44389 MEDIUM
EyouCMS V1.5.9-UTF8-SP1 - Cross-Site Request Forgery via Edit Admin Profile Module
CVSS 6.5
CVE-2022-44387 HIGH
EyouCMS V1.5.9-UTF8-SP1 - Cross-Site Request Forgery via Edit Member Basic Information
CVSS 8.8
CVE-2022-43323 HIGH
EyouCMS V1.5.9-UTF8-SP1 - Cross-Site Request Forgery via Top Up Balance Component
CVSS 8.8
CVE-2022-43693 HIGH
Concrete CMS < 8.5.10 - Cross-Site Request Forgery via OAuth State Parameter Omission
CVSS 8.8
CVE-2022-3632 MEDIUM
DigitialPixies OAuth Client < 1.1.0 - Cross-Site Request Forgery
CVSS 6.5
CVE-2022-3538 MEDIUM
Webmaster Tools Verification <1.2 - CSRF
CVSS 6.5
CVE-2022-2449 MEDIUM
resmush.it Image Optimizer < 0.4.7 - Cross-Site Request Forgery
CVSS 6.5
CVE-2022-3978 MEDIUM
NodeBB < 2.5.8 - Cross-Site Request Forgery via /register/abort Endpoint
CVSS 4.3
Details
Vulnerabilities 9,371
Exploit Likelihood Medium