CWE-352
Medium likelihoodCross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
9,371 vulnerabilities with CWE-352
CVE-2022-1960
MEDIUM
MyCSS < 1.1 - Cross-Site Request Forgery in Settings Update
CVSS 4.3
CVE-2022-1914
MEDIUM
Clean-Contact WP <1.6 - CSRF/Stored XSS
CVSS 4.3
CVE-2022-1913
MEDIUM
WordPress Add Post URL <2.1.0 - XSS
CVSS 4.3
CVE-2022-1885
MEDIUM
Cimy Header Image Rotator <6.1.1 - CSRF
CVSS 4.3
CVE-2022-1847
MEDIUM
Rotating Posts < 1.11 - Cross-Site Request Forgery in Settings Update
CVSS 4.3
CVE-2022-1846
MEDIUM
Tiny Contact Form < 0.7 - Cross-Site Request Forgery in Settings Update
CVSS 4.3
CVE-2022-1845
MEDIUM
WP Post Styling < 1.3.1 - Cross-Site Request Forgery in Various Actions
CVSS 4.3
CVE-2022-1844
MEDIUM
WP Sentry < 1.0 - Cross-Site Request Forgery and Stored Cross-Site Scripting
CVSS 4.3
CVE-2022-1843
MEDIUM
MailPress < 7.2.1 - Cross-Site Request Forgery
CVSS 6.5
CVE-2022-1842
MEDIUM
OpenBook Book Data < 3.5.2 - Cross-Site Request Forgery and Stored Cross-Site Scripting via Settings Update
CVSS 4.3
CVE-2022-1653
MEDIUM
Social Share Buttons by Supsystic < 2.2.4 - Cross-Site Request Forgery
CVSS 4.3
CVE-2022-1627
MEDIUM
My Private Site < 3.0.8 - Cross-Site Request Forgery in Settings Update
CVSS 4.3
CVE-2022-1625
MEDIUM
New User Approve WordPress Plugin < 2.4 - Cross-Site Request Forgery in Settings Update
CVSS 4.3
CVE-2022-1574
CRITICAL
HTML2WP WordPress Plugin < 1.0.0 - Unauthenticated Arbitrary File Upload via Import Function
CVSS 9.8
CVE-2022-1573
MEDIUM
HTML2WP WordPress Plugin < 1.0.0 - Cross-Site Request Forgery in Settings Update
CVSS 4.3
CVE-2022-1572
HIGH
HTML2WP < 1.0.0 - Authenticated Arbitrary File Deletion via Unprotected AJAX Action
CVSS 8.1
CVE-2022-0875
MEDIUM
Google Authenticator < 1.0.5 - Cross-Site Request Forgery and Stored Cross-Site Scripting
CVSS 4.3
CVE-2022-0444
MEDIUM
XCloner < 4.3.6 - Unauthenticated Settings Reset and Backup Encryption Key Generation
CVSS 4.3
CVE-2022-33121
HIGH
MiniCMS 1.11 - Cross-Site Request Forgery via Malicious Link
CVSS 8.1
CVE-2022-34211
MEDIUM
Jenkins vRealize Orchestrator Plugin <3.0 - CSRF
CVSS 6.5
CVE-2022-34209
MEDIUM
Jenkins ThreadFix Plugin <1.5.4 - CSRF
CVSS 6.5
CVE-2022-34207
MEDIUM
Jenkins Beaker builder Plugin <1.10 - CSRF
CVSS 6.5
CVE-2022-34205
MEDIUM
Jenkins Jianliao Notification Plugin <1.1 - CSRF
CVSS 6.5
CVE-2022-34203
HIGH
Jenkins EasyQA Plugin < 1.0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2022-34200
HIGH
Jenkins Convertigo Mobile Platform Plugin <1.1 - CSRF
CVSS 8.8
Details
Vulnerabilities
9,371
Exploit Likelihood
Medium