CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,371 vulnerabilities with CWE-352
CVE-2022-27860 MEDIUM
Footer Text WordPress Plugin <= 2.0.3 - Cross-Site Request Forgery Leading to Cross-Site Scripting
CVSS 6.1
CVE-2022-24879 HIGH
Shopware 5.2.0-5.7.8 - Cross-Site Request Forgery Token Validation Bypass
CVSS 7.5
CVE-2022-27375 MEDIUM
Tenda AX12 V22.03.01.21_CN - Cross-Site Request Forgery via WifiExtraSet Function
CVSS 6.5
CVE-2022-27374 MEDIUM
Tenda AX12 V22.03.01.21_CN - Cross-Site Request Forgery via SysToolReboot Function
CVSS 6.5
CVE-2022-1092 MEDIUM
myCred < 2.4.4 - Authenticated Missing Authorization in mycred-tools-import-export AJAX Action
CVSS 4.3
CVE-2022-0634 MEDIUM
ThirstyAffiliates Affiliate Link Manager < 3.10.5 - Missing Authorization in ta_insert_external_image Action
CVSS 4.3
CVE-2022-0398 MEDIUM
ThirstyAffiliates Affiliate Link Manager <3.10.5 - CSRF
CVSS 5.4
CVE-2022-0363 MEDIUM
myCred WordPress plugin <2.4.3.1 - CSRF
CVSS 4.3
CVE-2022-27340 HIGH
MCMS v5.2.7 - Cross-Site Request Forgery via /role/saveOrUpdateRole.do
CVSS 8.8
CVE-2022-20787 MEDIUM
Cisco Unified Communications Manager 12.5(1)-12.5(1)su6 - Authenticated Cross-Site Request Forgery
CVSS 5.7
CVE-2022-27629 HIGH
MicroPayments - Paid Author Subscriptions, Content, Downloads, Membership < 1.9.6 - Cross-Site Request Forgery
CVSS 8.8
CVE-2022-28108 HIGH
Selenium Grid < 4.0.0 - Cross-Site Request Forgery via Non-JSON Content Types
CVSS 8.8
CVE-2022-1112 MEDIUM
Autolinks < 1.0.1 - Stored Cross-Site Scripting via CSRF Attack
CVSS 5.4
CVE-2022-1020 CRITICAL
Woo Product Table < 3.1.2 - Unauthenticated Arbitrary Function Call via wpt_admin_update_notice_option AJAX Action
CVSS 9.8
CVE-2022-0707 MEDIUM
Easy Digital Downloads <2.11.6 - CSRF
CVSS 4.3
CVE-2022-23976 HIGH
Access Demo Importer <= 1.0.7 - Cross-Site Request Forgery Leading to Data Reset
CVSS 8.1
CVE-2022-23975 MEDIUM
WordPress Access Demo Importer <= 1.0.7 - CSRF
CVSS 6.5
CVE-2022-27851 MEDIUM
Use Any Font WordPress Plugin <= 6.1.7 - Cross-Site Request Forgery
CVSS 5.4
CVE-2022-27850 MEDIUM
Simple Ajax Chat (WordPress plugin) <= 20220115 - Cross-Site Request Forgery
CVSS 5.4
CVE-2022-28109 HIGH
Selenium Grid < 4.0.0 - Remote Code Execution via DNS Rebinding
CVSS 8.8
CVE-2022-20735 MEDIUM
Cisco SD-WAN vManage Software - CSRF
CVSS 6.5
CVE-2022-27847 MEDIUM
Yooslider Yoo Slider <= 2.0.0 - Cross-Site Request Forgery via Template Import
CVSS 4.3
CVE-2022-27846 MEDIUM
Yooslider Yoo Slider <= 2.0.0 - Cross-Site Request Forgery
CVSS 4.3
CVE-2022-22959 MEDIUM
VMware Workspace ONE Access, Identity Manager & vRealize Automation - CSRF via JDBC URI
CVSS 4.3
CVE-2022-26589 MEDIUM
Pluck CMS 4.7.15 - Cross-Site Request Forgery via Page Deletion
CVSS 6.5
Details
Vulnerabilities 9,371
Exploit Likelihood Medium