CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,371 vulnerabilities with CWE-352
CVE-2022-30898 MEDIUM
Cscms music portal system <4.2 - CSRF
CVSS 6.5
CVE-2022-1712 MEDIUM
LiveSync for WordPress < 1.0 - Cross-Site Request Forgery in Settings Update
CVSS 4.3
CVE-2022-1709 MEDIUM
Throws SPAM Away < 3.3.1 - Cross-Site Request Forgery in Comment Deletion
CVSS 4.3
CVE-2022-1695 MEDIUM
WP Simple Adsense Insertion < 2.1 - Cross-Site Request Forgery via Admin Page Form Submission
CVSS 4.3
CVE-2022-1577 MEDIUM
Database Backup for WordPress < 2.5.2 - Cross-Site Request Forgery in Schedule Backup Settings
CVSS 5.4
CVE-2022-1570 MEDIUM
Files Download Delay < 1.0.7 - Authenticated Missing Authorization for Settings Reset
CVSS 6.5
CVE-2022-1424 MEDIUM
Ask me WordPress theme < 6.8.2 - Cross-Site Request Forgery via AJAX Actions
CVSS 6.5
CVE-2022-1422 MEDIUM
Discy < 5.2 - Cross-Site Request Forgery via discy_reset_options AJAX Action
CVSS 6.5
CVE-2022-1421 MEDIUM
Discy < 5.2 - Cross-Site Request Forgery via AJAX Actions
CVSS 4.3
CVE-2022-29735 HIGH
Delta Controls enteliTOUCH 3.40.3935 3.40.3706 3.33.4005 - Cross-Site Request Forgery
CVSS 8.8
CVE-2022-29647 HIGH
MCMS 5.2.7 - Cross-Site Request Forgery via Administrator Account Addition
CVSS 8.8
CVE-2022-31000 LOW
Solidus_backend <3.1.6-2.11.16 - CSRF
CVSS 2.3
CVE-2022-22361 MEDIUM
IBM Business Automation Workflow <21.0.4 - CSRF
CVSS 6.5
CVE-2022-1611 HIGH
Bulk Page Creator < 1.1.4 - Cross-Site Request Forgery
CVSS 8.8
CVE-2022-1589 HIGH
All in One Login < 1.1.0 - Unauthenticated Cross-Site Request Forgery
CVSS 7.5
CVE-2022-1203 MEDIUM
Content Mask < 1.8.4.1 - Authenticated Arbitrary Option Update via Missing Authorization
CVSS 4.3
CVE-2022-0642 MEDIUM
JivoChat Live Chat WordPress <1.3.5.4 - XSS
CVSS 5.4
CVE-2022-29002 HIGH
XXL-Job 2.3.0 - Cross-Site Request Forgery via User Add Endpoint
CVSS 8.8
CVE-2022-30014 HIGH
Simple Food Website 1.0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2022-29431 MEDIUM
KubiQ CPT base <= 5.8 - Cross-Site Request Forgery leading to CPT Base Deletion
CVSS 5.4
CVE-2022-29430 MEDIUM
KubiQ PNG to JPG WordPress Plugin <= 4.0 - Cross-Site Scripting via CSRF in jpg_quality Parameter
CVSS 4.7
CVE-2022-29427 MEDIUM
Disable Right Click For WP WordPress Plugin <= 1.1.6 - Cross-Site Request Forgery
CVSS 4.3
CVE-2022-28992 HIGH
Online Banquet Booking System v1.0 - CSRF
CVSS 8.8
CVE-2022-28921 MEDIUM
BlogEngine.Net 3.3.8.0 - Unauthenticated Cross-Site Request Forgery
CVSS 6.5
CVE-2022-22778 HIGH
TIBCO BusinessConnect Trading Community Management < 6.1.1 - Unauthenticated Cross-Site Request Forgery
CVSS 8.8
Details
Vulnerabilities 9,371
Exploit Likelihood Medium