CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,371 vulnerabilities with CWE-352
CVE-2022-29489 MEDIUM
Sucuri Security <= 1.8.33 - Cross-Site Request Forgery
CVSS 4.3
CVE-2022-3221 HIGH
rdiffweb < 2.4.3 - Cross-Site Request Forgery
CVSS 8.8
CVE-2022-40623 HIGH
WAVLINK Quantum D4G (WN531G3) M31G3.V5030.200325 - Cross-Site Request Forgery
CVSS 8.8
CVE-2022-38329 MEDIUM
Shopxian CMS 3.0.0 - Cross-Site Request Forgery
CVSS 4.3
CVE-2022-32555 HIGH
Unisys Data Exchange Management Studio < 6.0.IC2 and 7.x < 7.0.IC1 - Cross-Site Request Forgery
CVSS 8.8
CVE-2022-38139 MEDIUM
RD Station WordPress Plugin <= 5.2.0 - Cross-Site Request Forgery
CVSS 5.4
CVE-2022-38144 HIGH
gVectors Team wpForo Forum <2.0.5 - CSRF
CVSS 8.8
CVE-2022-38093 MEDIUM
All in One SEO < 4.2.3.1 - Cross-Site Request Forgery
CVSS 5.4
CVE-2022-38059 MEDIUM
Alexey Trofimov's Access Code Feeder <=1.0.3 - CSRF
CVSS 5.5
CVE-2022-37411 MEDIUM
Captcha Code <= 2.7 - Cross-Site Request Forgery
CVSS 5.4
CVE-2022-37405 MEDIUM
Better Font Awesome <= 2.0.1 - Cross-Site Request Forgery
CVSS 4.3
CVE-2022-35277 MEDIUM
GetResponse for WordPress <= 5.5.20 - Cross-Site Request Forgery
CVSS 5.4
CVE-2022-36095 MEDIUM
XWiki Platform <13.10.5-14.3 - CSRF
CVSS 4.3
CVE-2022-37730 HIGH
ftcms 2.1 - Cross-Site Request Forgery
CVSS 8.8
CVE-2022-33177 MEDIUM
WPdevelop/Oplugins Booking Calendar <9.2.1 - CSRF
CVSS 5.4
CVE-2022-2542 HIGH
Clickbank WordPress Plugin <3.9.1 - CSRF/XSS
CVSS 8.8
CVE-2022-2541 HIGH
Amazon WordPress Plugin <3.9.1 - XSS
CVSS 8.8
CVE-2022-2540 HIGH
Link Optimizer Lite <= 1.4.5 - Cross-Site Request Forgery to Cross-Site Scripting via Missing Nonce Validation
CVSS 8.8
CVE-2022-2518 HIGH
Stockists Manager for Woocommerce <= 1.0.2.1 - Cross-Site Request Forgery via stockist_settings_main()
CVSS 8.8
CVE-2022-2432 HIGH
Ecwid Ecommerce Shopping Cart <= 6.10.23 - Cross-Site Request Forgery via ecwid_update_plugin_params
CVSS 8.8
CVE-2022-2233 HIGH
Banner Cycler <= 1.4 - Cross-Site Request Forgery via pabc_admin_slides_postback
CVSS 8.8
CVE-2022-23680 HIGH
AOS-CX CSRF in 10.06.0000-10.06.0200, 10.08.xxxx<=10.08.1060, 10.09.xxxx<=10.09.1020, 10.10.xxxx<=10.10.0002
CVSS 8.8
CVE-2022-23679 HIGH
AOS-CX CSRF in 10.06.0000-10.06.0200, 10.08.xxxx<=10.08.1060, 10.09.xxxx<=10.09.1020, 10.10.xxxx<=10.10.0002
CVSS 8.8
CVE-2022-3121 MEDIUM
Online Employee Leave Management System 1.0 - Cross-Site Request Forgery in addemployee.php
CVSS 4.3
CVE-2022-2657 MEDIUM
Multivendor Marketplace Solution <3.8.12 - CSRF
CVSS 4.3
Details
Vulnerabilities 9,371
Exploit Likelihood Medium