CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,371 vulnerabilities with CWE-352
CVE-2022-32320 HIGH
Ferdi through 5.8.1 and Ferdium through 6.0.0-nightly.98 - Cross-Site Request Forgery
CVSS 8.8
CVE-2022-2146 MEDIUM
Import CSV Files < 1.0 - Reflected Cross-Site Scripting and Cross-Site Request Forgery
CVSS 6.1
CVE-2022-2144 MEDIUM
Jquery Validation For Contact Form 7 <5.3 - CSRF
CVSS 4.3
CVE-2022-1672 HIGH
Insights from Google PageSpeed < 4.0.7 - Cross-Site Request Forgery
CVSS 8.8
CVE-2022-35228 HIGH
SAP BusinessObjects Business Intelligence Platform - Cross-Site Request Forgery
CVSS 8.8
CVE-2022-2123 MEDIUM
WP Opt-in < 1.4.1 - Cross-Site Request Forgery
CVSS 4.3
CVE-2022-2091 MEDIUM
Cache Images < 3.2.1 - Cross-Site Request Forgery via Image Upload
CVSS 6.5
CVE-2022-1957 MEDIUM
Comment License < 1.4.0 - Cross-Site Request Forgery in Settings Update
CVSS 4.3
CVE-2022-1956 MEDIUM
Shortcut Macros < 1.3 - Authenticated Cross-Site Request Forgery
CVSS 4.3
CVE-2022-1757 MEDIUM
pagebar < 2.70 - Cross-Site Request Forgery and Stored Cross-Site Scripting via Settings Update
CVSS 5.4
CVE-2022-1732 MEDIUM
Rename wp-login < 2.6.0 - Cross-Site Request Forgery in Secret Login URL Update
CVSS 6.5
CVE-2022-1626 MEDIUM
Sharebar < 1.4.1 - Cross-Site Request Forgery and Stored Cross-Site Scripting
CVSS 5.4
CVE-2022-1599 MEDIUM
Admin Management Xtended < 2.4.5 - Cross-Site Request Forgery in AJAX Actions
CVSS 6.5
CVE-2022-1576 MEDIUM
WP Maintenance Mode & Coming Soon < 2.4.5 - Cross-Site Request Forgery via Subscribed Users List Deletion
CVSS 6.5
CVE-2022-2353 MEDIUM
microweber < 1.2.20 - Cross-Site Request Forgery via Token Theft
CVSS 6.1
CVE-2022-1967 MEDIUM
WP Championship WordPress <9.3 - CSRF
CVSS 6.5
CVE-2022-34817 MEDIUM
Jenkins Failed Job Deactivator Plugin < 1.2.1 - Cross-Site Request Forgery
CVSS 4.3
CVE-2022-34815 MEDIUM
Jenkins Request Rename Or Delete Plugin < 1.1.0 - Cross-Site Request Forgery
CVSS 4.3
CVE-2022-34812 MEDIUM
Jenkins XPath Configuration Viewer Plugin < 1.1.1 - Cross-Site Request Forgery
CVSS 4.3
CVE-2022-34797 MEDIUM
Jenkins Deployment Dashboard Plugin < 1.0.10 - Cross-Site Request Forgery
CVSS 4.3
CVE-2022-34792 HIGH
Jenkins Recipe Plugin < 1.2 - Cross-Site Request Forgery
CVSS 8.0
CVE-2022-34789 MEDIUM
Jenkins Matrix Reloaded Plugin < 1.1.3 - Cross-Site Request Forgery
CVSS 6.5
CVE-2022-34780 MEDIUM
Jenkins XebiaLabs XL Release Plugin < 22.0.0 - Cross-Site Request Forgery
CVSS 6.5
CVE-2022-31886 MEDIUM
Marval MSM v14.19.0.12476 - Cross-Site Request Forgery via 2FA Disable Form
CVSS 6.5
CVE-2022-34134 HIGH
Jorani v1.0 - Cross-Site Request Forgery via Users.php Controller
CVSS 8.8
Details
Vulnerabilities 9,371
Exploit Likelihood Medium