CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,371 vulnerabilities with CWE-352
CVE-2022-36076 HIGH
NodeBB Forum Software - Info Disclosure
CVSS 8.8
CVE-2022-36796 MEDIUM
CallRail Phone Call Tracking <= 0.4.9 - Cross-Site Request Forgery Leading to Stored Cross-Site Scripting
CVSS 6.1
CVE-2022-36373 MEDIUM
Simon Ward MP3 jPlayer <2.7.3 - CSRF
CVSS 5.4
CVE-2022-3017 MEDIUM
froxlor < 0.10.38 - Cross-Site Request Forgery
CVSS 6.5
CVE-2022-36546 HIGH
Edoc-doctor-appointment-system v1.0.1 - CSRF
CVSS 8.8
CVE-2022-31773 HIGH
IBM DataPower Gateway 10.0.1-10.5.0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2022-36358 MEDIUM
SEO Scout <= 0.9.83 - Cross-Site Request Forgery
CVSS 5.4
CVE-2022-36389 MEDIUM
WordPlus Better Messages <1.9.9.148 - CSRF
CVSS 4.3
CVE-2022-36379 HIGH
YooMoney UKassa WooCommerce <=2.3.0 - CSRF
CVSS 8.8
CVE-2022-36292 MEDIUM
WPChill Gallery PhotoBlocks <1.2.6 - CSRF
CVSS 5.4
CVE-2022-36288 MEDIUM
W3 Eden Download Manager <3.2.48 - CSRF
CVSS 5.4
CVE-2022-29468 HIGH
WWBN AVideo 11.6 and dev master commit 3f7c0364 - Cross-Site Request Forgery
CVSS 8.8
CVE-2022-36346 MEDIUM
Max Foundry MaxButtons <= 9.2 - Cross-Site Request Forgery
CVSS 4.3
CVE-2022-35656 MEDIUM
Pega Platform <8.7.3 - Privilege Escalation
CVSS 4.5
CVE-2022-34347 MEDIUM
W3 Eden Download Manager <= 3.2.48 - Cross-Site Request Forgery
CVSS 4.2
CVE-2022-2555 MEDIUM
Yotpo Reviews for WooCommerce <2.0.4 - CSRF
CVSS 6.5
CVE-2022-2389 MEDIUM
funnelkit_automations < 2.1.2 - Authenticated Missing Authorization via AJAX Action
CVSS 4.3
CVE-2022-2388 MEDIUM
WP Coder < 2.5.3 - Cross-Site Request Forgery via Code Deletion
CVSS 6.5
CVE-2022-2382 MEDIUM
WooCommerce Product Slider <2.5.7 - CSRF
CVSS 4.3
CVE-2022-2377 MEDIUM
Directorist < 7.3.0 - Authenticated Arbitrary Email Sending via AJAX Action
CVSS 4.3
CVE-2022-2375 MEDIUM
WP Sticky Button < 1.4.1 - Unauthenticated Cross-Site Request Forgery and Stored Cross-Site Scripting
CVSS 5.4
CVE-2022-2312 MEDIUM
Student Result or Employee Database WordPress <1.7.5 - CSRF
CVSS 5.4
CVE-2022-2276 MEDIUM
WP Edit Menu < 1.5.0 - Unauthenticated Arbitrary Post Deletion via AJAX Action
CVSS 4.3
CVE-2022-2275 MEDIUM
WP Edit Menu < 1.5.0 - Cross-Site Request Forgery via AJAX Action
CVSS 4.3
CVE-2022-2172 MEDIUM
LinkWorth WordPress Plugin < 3.3.4 - Cross-Site Request Forgery
CVSS 4.3
Details
Vulnerabilities 9,371
Exploit Likelihood Medium