CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,371 vulnerabilities with CWE-352
CVE-2022-25608 MEDIUM
Yoo Slider < 2.0.0 - Cross-Site Request Forgery Leading to Slider Duplicate or Delete
CVSS 5.4
CVE-2022-23349 HIGH
BigAnt Server 5.6.06 - Cross-Site Request Forgery
CVSS 8.8
CVE-2022-0681 MEDIUM
Simple Membership < 4.1.0 - Cross-Site Request Forgery via Transaction Deletion
CVSS 6.5
CVE-2022-0616 MEDIUM
Amelia < 1.0.47 - Cross-Site Request Forgery via Customer Deletion
CVSS 4.3
CVE-2022-0515 MEDIUM
GitHub crater-invoice/crater <6.0.4 - CSRF
CVSS 4.3
CVE-2022-0229 HIGH
miniOrange's Google Authenticator WordPress <5.5 - CSRF
CVSS 8.1
CVE-2022-24235 HIGH
Snapt Aria 12.8 - Cross-Site Request Forgery
CVSS 8.8
CVE-2022-27226 HIGH
iRZ Mobile Router Firmware < 2022-03-16 - Cross-Site Request Forgery via Crontab API
CVSS 8.8
CVE-2022-27214 MEDIUM
Jenkins Release Helper Plugin < 1.3.3 - Cross-Site Request Forgery
CVSS 4.3
CVE-2022-27210 MEDIUM
Jenkins Kubernetes Continuous Deploy Plugin < 2.3.1 - Cross-Site Request Forgery
CVSS 6.5
CVE-2022-27204 HIGH
Jenkins Extended Choice Parameter < 346.vd87693c5a_86c - Cross-Site Request Forgery
CVSS 8.8
CVE-2022-27198 HIGH
Jenkins CloudBees AWS Credentials Plugin < 189.v3551d5642995 - Cross-Site Request Forgery
CVSS 8.0
CVE-2022-22348 LOW
IBM Spectrum Protect Operations Center <8.1.13 - SSRF
CVSS 2.4
CVE-2022-22346 HIGH
IBM Spectrum Protect Operations Center <8.1.14 - CSRF
CVSS 8.8
CVE-2022-25600 MEDIUM
Weplugins WP Maps < 4.2.4 - CSRF
CVSS 5.4
CVE-2022-0445 MEDIUM
WordPress Real Cookie Banner <2.14.2 - CSRF
CVSS 6.5
CVE-2022-0439 HIGH
Email Subscribers & Newsletters <5.3.2 - SQL Injection
CVSS 8.8
CVE-2022-23052 MEDIUM
Petereport - Cross-Site Request Forgery
CVSS 6.5
CVE-2022-24712 MEDIUM
CodeIgniter 4.0.0-4.1.8 - Cross-Site Request Forgery Protection Bypass
CVSS 6.3
CVE-2022-0345 MEDIUM
Customize WordPress Emails and Alerts <1.8.7 - CSRF
CVSS 4.3
CVE-2022-0328 MEDIUM
Simple Membership < 4.0.9 - Cross-Site Request Forgery via Bulk Member Deletion
CVSS 4.7
CVE-2022-24342 HIGH
JetBrains TeamCity <2021.2.1 - CSRF
CVSS 8.8
CVE-2022-24947 HIGH
Apache JSPWiki < 2.11.2 - Cross-Site Request Forgery in User Preferences Form
CVSS 8.8
CVE-2022-21179 MEDIUM
EC-CUBE Mail Magazine Management Plugin 1.0.0-1.0.4 - Cross-Site Request Forgery
CVSS 4.3
CVE-2022-25599 MEDIUM
Spiffy Calendar <= 4.9.0 - Cross-Site Request Forgery via Event Deletion
CVSS 5.4
Details
Vulnerabilities 9,371
Exploit Likelihood Medium