CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,371 vulnerabilities with CWE-352
CVE-2022-45130 MEDIUM
Plesk Obsidian - Cross-Site Request Forgery via REST API
CVSS 6.5
CVE-2022-43031 HIGH
dedecms v6.1.9 - Cross-Site Request Forgery
CVSS 8.8
CVE-2022-43488 MEDIUM
Advanced Dynamic Pricing for WooCommerce <= 4.1.5 - CSRF
CVSS 5.4
CVE-2022-44741 MEDIUM
Testimonial Slider <= 1.3.1 - Cross-Site Request Forgery leading to Cross-Site Scripting
CVSS 6.1
CVE-2022-43491 MEDIUM
WordPress Advanced Dynamic Pricing <4.1.5 - CSRF
CVSS 5.4
CVE-2022-43481 MEDIUM
Advanced Coupons for WooCommerce Coupons plugin <= 4.5 - Cross-Site Request Forgery leading to notice dismissal
CVSS 5.4
CVE-2022-41136 MEDIUM
Shortcodes Ultimate <=5.12.0 - CSRF/XSS
CVSS 6.1
CVE-2022-40632 MEDIUM
wpForo Forum <= 2.0.5 - Cross-Site Request Forgery Leading to Topic Deletion
CVSS 5.4
CVE-2022-40128 MEDIUM
Advanced Order Export For WooCommerce <= 3.3.2 - Cross-Site Request Forgery
CVSS 4.3
CVE-2022-38137 MEDIUM
Analytify WordPress Plugin <= 4.2.2 - Cross-Site Request Forgery
CVSS 4.3
CVE-2022-32587 MEDIUM
CodeAndMore WP Page Widget <= 3.9 - Cross-Site Request Forgery
CVSS 5.4
CVE-2022-27855 MEDIUM
Analytics Cat <= 1.0.9 - Cross-Site Request Forgery in Plugin Settings
CVSS 5.4
CVE-2022-30694 MEDIUM
SIMATIC S7-1500 Software Controller - Authenticated Cross-Site Request Forgery via Login Endpoint
CVSS 6.5
CVE-2022-3537 HIGH
Role Based Pricing for WooCommerce < 1.6.2 - Authenticated Arbitrary File Upload
CVSS 8.8
CVE-2022-3536 HIGH
WooCommerce WordPress <1.6.3 - Code Injection
CVSS 8.8
CVE-2022-3489 MEDIUM
WP Hide < 0.0.2 - Unauthenticated Missing Authorization in Custom WPAdmin Slug Update
CVSS 5.3
CVE-2022-3451 MEDIUM
Product Stock Manager < 1.0.5 - Missing Authorization in AJAX Actions
CVSS 4.3
CVE-2022-2387 MEDIUM
Easy Digital Downloads < 3.0 - Cross-Site Request Forgery via Payment History Deletion
CVSS 4.3
CVE-2022-38660 HIGH
HCL XPages - Cross-Site Request Forgery
CVSS 8.3
CVE-2022-20961 HIGH
Cisco Identity Services Engine - Cross-Site Request Forgery
CVSS 8.8
CVE-2022-44627 MEDIUM
David Cole Simple SEO WordPress Plugin <= 1.8.12 - Cross-Site Request Forgery
CVSS 5.4
CVE-2022-40131 MEDIUM
a3rev Page View Count <= 2.5.5 - Cross-Site Request Forgery
CVSS 5.4
CVE-2022-36404 MEDIUM
David Cole Simple SEO <= 1.8.12 - CSRF
CVSS 5.4
CVE-2022-30608 HIGH
IBM InfoSphere Information Server 11.7 - Cross-Site Request Forgery
CVSS 8.8
CVE-2022-25952 MEDIUM
Content Egg WordPress Plugin <= 5.4.0 - Cross-Site Request Forgery
CVSS 4.3
Details
Vulnerabilities 9,371
Exploit Likelihood Medium