CWE-352
Medium likelihoodCross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
9,371 vulnerabilities with CWE-352
CVE-2022-36076
HIGH
NodeBB Forum Software - Info Disclosure
CVSS 8.8
CVE-2022-36796
MEDIUM
CallRail Phone Call Tracking <= 0.4.9 - Cross-Site Request Forgery Leading to Stored Cross-Site Scripting
CVSS 6.1
CVE-2022-36373
MEDIUM
Simon Ward MP3 jPlayer <2.7.3 - CSRF
CVSS 5.4
CVE-2022-3017
MEDIUM
froxlor < 0.10.38 - Cross-Site Request Forgery
CVSS 6.5
CVE-2022-36546
HIGH
Edoc-doctor-appointment-system v1.0.1 - CSRF
CVSS 8.8
CVE-2022-31773
HIGH
IBM DataPower Gateway 10.0.1-10.5.0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2022-36358
MEDIUM
SEO Scout <= 0.9.83 - Cross-Site Request Forgery
CVSS 5.4
CVE-2022-36389
MEDIUM
WordPlus Better Messages <1.9.9.148 - CSRF
CVSS 4.3
CVE-2022-36379
HIGH
YooMoney UKassa WooCommerce <=2.3.0 - CSRF
CVSS 8.8
CVE-2022-36292
MEDIUM
WPChill Gallery PhotoBlocks <1.2.6 - CSRF
CVSS 5.4
CVE-2022-36288
MEDIUM
W3 Eden Download Manager <3.2.48 - CSRF
CVSS 5.4
CVE-2022-29468
HIGH
WWBN AVideo 11.6 and dev master commit 3f7c0364 - Cross-Site Request Forgery
CVSS 8.8
CVE-2022-36346
MEDIUM
Max Foundry MaxButtons <= 9.2 - Cross-Site Request Forgery
CVSS 4.3
CVE-2022-35656
MEDIUM
Pega Platform <8.7.3 - Privilege Escalation
CVSS 4.5
CVE-2022-34347
MEDIUM
W3 Eden Download Manager <= 3.2.48 - Cross-Site Request Forgery
CVSS 4.2
CVE-2022-2555
MEDIUM
Yotpo Reviews for WooCommerce <2.0.4 - CSRF
CVSS 6.5
CVE-2022-2389
MEDIUM
funnelkit_automations < 2.1.2 - Authenticated Missing Authorization via AJAX Action
CVSS 4.3
CVE-2022-2388
MEDIUM
WP Coder < 2.5.3 - Cross-Site Request Forgery via Code Deletion
CVSS 6.5
CVE-2022-2382
MEDIUM
WooCommerce Product Slider <2.5.7 - CSRF
CVSS 4.3
CVE-2022-2377
MEDIUM
Directorist < 7.3.0 - Authenticated Arbitrary Email Sending via AJAX Action
CVSS 4.3
CVE-2022-2375
MEDIUM
WP Sticky Button < 1.4.1 - Unauthenticated Cross-Site Request Forgery and Stored Cross-Site Scripting
CVSS 5.4
CVE-2022-2312
MEDIUM
Student Result or Employee Database WordPress <1.7.5 - CSRF
CVSS 5.4
CVE-2022-2276
MEDIUM
WP Edit Menu < 1.5.0 - Unauthenticated Arbitrary Post Deletion via AJAX Action
CVSS 4.3
CVE-2022-2275
MEDIUM
WP Edit Menu < 1.5.0 - Cross-Site Request Forgery via AJAX Action
CVSS 4.3
CVE-2022-2172
MEDIUM
LinkWorth WordPress Plugin < 3.3.4 - Cross-Site Request Forgery
CVSS 4.3
Details
Vulnerabilities
9,371
Exploit Likelihood
Medium