CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,371 vulnerabilities with CWE-352
CVE-2022-1960 MEDIUM
MyCSS < 1.1 - Cross-Site Request Forgery in Settings Update
CVSS 4.3
CVE-2022-1914 MEDIUM
Clean-Contact WP <1.6 - CSRF/Stored XSS
CVSS 4.3
CVE-2022-1913 MEDIUM
WordPress Add Post URL <2.1.0 - XSS
CVSS 4.3
CVE-2022-1885 MEDIUM
Cimy Header Image Rotator <6.1.1 - CSRF
CVSS 4.3
CVE-2022-1847 MEDIUM
Rotating Posts < 1.11 - Cross-Site Request Forgery in Settings Update
CVSS 4.3
CVE-2022-1846 MEDIUM
Tiny Contact Form < 0.7 - Cross-Site Request Forgery in Settings Update
CVSS 4.3
CVE-2022-1845 MEDIUM
WP Post Styling < 1.3.1 - Cross-Site Request Forgery in Various Actions
CVSS 4.3
CVE-2022-1844 MEDIUM
WP Sentry < 1.0 - Cross-Site Request Forgery and Stored Cross-Site Scripting
CVSS 4.3
CVE-2022-1843 MEDIUM
MailPress < 7.2.1 - Cross-Site Request Forgery
CVSS 6.5
CVE-2022-1842 MEDIUM
OpenBook Book Data < 3.5.2 - Cross-Site Request Forgery and Stored Cross-Site Scripting via Settings Update
CVSS 4.3
CVE-2022-1653 MEDIUM
Social Share Buttons by Supsystic < 2.2.4 - Cross-Site Request Forgery
CVSS 4.3
CVE-2022-1627 MEDIUM
My Private Site < 3.0.8 - Cross-Site Request Forgery in Settings Update
CVSS 4.3
CVE-2022-1625 MEDIUM
New User Approve WordPress Plugin < 2.4 - Cross-Site Request Forgery in Settings Update
CVSS 4.3
CVE-2022-1574 CRITICAL
HTML2WP WordPress Plugin < 1.0.0 - Unauthenticated Arbitrary File Upload via Import Function
CVSS 9.8
CVE-2022-1573 MEDIUM
HTML2WP WordPress Plugin < 1.0.0 - Cross-Site Request Forgery in Settings Update
CVSS 4.3
CVE-2022-1572 HIGH
HTML2WP < 1.0.0 - Authenticated Arbitrary File Deletion via Unprotected AJAX Action
CVSS 8.1
CVE-2022-0875 MEDIUM
Google Authenticator < 1.0.5 - Cross-Site Request Forgery and Stored Cross-Site Scripting
CVSS 4.3
CVE-2022-0444 MEDIUM
XCloner < 4.3.6 - Unauthenticated Settings Reset and Backup Encryption Key Generation
CVSS 4.3
CVE-2022-33121 HIGH
MiniCMS 1.11 - Cross-Site Request Forgery via Malicious Link
CVSS 8.1
CVE-2022-34211 MEDIUM
Jenkins vRealize Orchestrator Plugin <3.0 - CSRF
CVSS 6.5
CVE-2022-34209 MEDIUM
Jenkins ThreadFix Plugin <1.5.4 - CSRF
CVSS 6.5
CVE-2022-34207 MEDIUM
Jenkins Beaker builder Plugin <1.10 - CSRF
CVSS 6.5
CVE-2022-34205 MEDIUM
Jenkins Jianliao Notification Plugin <1.1 - CSRF
CVSS 6.5
CVE-2022-34203 HIGH
Jenkins EasyQA Plugin < 1.0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2022-34200 HIGH
Jenkins Convertigo Mobile Platform Plugin <1.1 - CSRF
CVSS 8.8
Details
Vulnerabilities 9,371
Exploit Likelihood Medium