CWE-352
Medium likelihoodCross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
9,371 vulnerabilities with CWE-352
CVE-2022-27860
MEDIUM
Footer Text WordPress Plugin <= 2.0.3 - Cross-Site Request Forgery Leading to Cross-Site Scripting
CVSS 6.1
CVE-2022-24879
HIGH
Shopware 5.2.0-5.7.8 - Cross-Site Request Forgery Token Validation Bypass
CVSS 7.5
CVE-2022-27375
MEDIUM
Tenda AX12 V22.03.01.21_CN - Cross-Site Request Forgery via WifiExtraSet Function
CVSS 6.5
CVE-2022-27374
MEDIUM
Tenda AX12 V22.03.01.21_CN - Cross-Site Request Forgery via SysToolReboot Function
CVSS 6.5
CVE-2022-1092
MEDIUM
myCred < 2.4.4 - Authenticated Missing Authorization in mycred-tools-import-export AJAX Action
CVSS 4.3
CVE-2022-0634
MEDIUM
ThirstyAffiliates Affiliate Link Manager < 3.10.5 - Missing Authorization in ta_insert_external_image Action
CVSS 4.3
CVE-2022-0398
MEDIUM
ThirstyAffiliates Affiliate Link Manager <3.10.5 - CSRF
CVSS 5.4
CVE-2022-0363
MEDIUM
myCred WordPress plugin <2.4.3.1 - CSRF
CVSS 4.3
CVE-2022-27340
HIGH
MCMS v5.2.7 - Cross-Site Request Forgery via /role/saveOrUpdateRole.do
CVSS 8.8
CVE-2022-20787
MEDIUM
Cisco Unified Communications Manager 12.5(1)-12.5(1)su6 - Authenticated Cross-Site Request Forgery
CVSS 5.7
CVE-2022-27629
HIGH
MicroPayments - Paid Author Subscriptions, Content, Downloads, Membership < 1.9.6 - Cross-Site Request Forgery
CVSS 8.8
CVE-2022-28108
HIGH
Selenium Grid < 4.0.0 - Cross-Site Request Forgery via Non-JSON Content Types
CVSS 8.8
CVE-2022-1112
MEDIUM
Autolinks < 1.0.1 - Stored Cross-Site Scripting via CSRF Attack
CVSS 5.4
CVE-2022-1020
CRITICAL
Woo Product Table < 3.1.2 - Unauthenticated Arbitrary Function Call via wpt_admin_update_notice_option AJAX Action
CVSS 9.8
CVE-2022-0707
MEDIUM
Easy Digital Downloads <2.11.6 - CSRF
CVSS 4.3
CVE-2022-23976
HIGH
Access Demo Importer <= 1.0.7 - Cross-Site Request Forgery Leading to Data Reset
CVSS 8.1
CVE-2022-23975
MEDIUM
WordPress Access Demo Importer <= 1.0.7 - CSRF
CVSS 6.5
CVE-2022-27851
MEDIUM
Use Any Font WordPress Plugin <= 6.1.7 - Cross-Site Request Forgery
CVSS 5.4
CVE-2022-27850
MEDIUM
Simple Ajax Chat (WordPress plugin) <= 20220115 - Cross-Site Request Forgery
CVSS 5.4
CVE-2022-28109
HIGH
Selenium Grid < 4.0.0 - Remote Code Execution via DNS Rebinding
CVSS 8.8
CVE-2022-20735
MEDIUM
Cisco SD-WAN vManage Software - CSRF
CVSS 6.5
CVE-2022-27847
MEDIUM
Yooslider Yoo Slider <= 2.0.0 - Cross-Site Request Forgery via Template Import
CVSS 4.3
CVE-2022-27846
MEDIUM
Yooslider Yoo Slider <= 2.0.0 - Cross-Site Request Forgery
CVSS 4.3
CVE-2022-22959
MEDIUM
VMware Workspace ONE Access, Identity Manager & vRealize Automation - CSRF via JDBC URI
CVSS 4.3
CVE-2022-26589
MEDIUM
Pluck CMS 4.7.15 - Cross-Site Request Forgery via Page Deletion
CVSS 6.5
Details
Vulnerabilities
9,371
Exploit Likelihood
Medium