Vulnerabilities (CVE)

Filtered by CWE-352
Total 3631 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-1828 2022-06-21 N/A N/A
The PDF24 Articles To PDF WordPress plugin through 4.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVE-2022-1831 2022-06-21 N/A N/A
The WPlite WordPress plugin through 1.3.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVE-2022-1826 2022-06-21 N/A N/A
The Cross-Linker WordPress plugin through 3.0.1.9 does not have CSRF check in place when creating Cross-Links, which could allow attackers to make a logged in admin perform such action via a CSRF attack
CVE-2022-1895 2022-06-21 N/A N/A
The underConstruction WordPress plugin before 1.20 does not have CSRF check in place when deactivating the construction mode, which could allow attackers to make a logged in admin perform such action via a CSRF attack
CVE-2022-1827 2022-06-21 N/A N/A
The PDF24 Article To PDF WordPress plugin through 4.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVE-2022-1830 2022-06-21 N/A N/A
The Amazon Einzeltitellinks WordPress plugin through 1.3.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping
CVE-2022-1818 2022-06-21 N/A N/A
The Multi-page Toolkit WordPress plugin through 2.6 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping as well
CVE-2022-1605 1 Email Users Project 1 Email Users 2022-06-17 4.3 MEDIUM 6.5 MEDIUM
The Email Users WordPress plugin through 4.8.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and change the notification settings of arbitrary users
CVE-2022-1612 1 Webriti 1 Webriti Smtp Mail 2022-06-17 4.3 MEDIUM 6.5 MEDIUM
The Webriti SMTP Mail WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVE-2022-1624 1 Latest Tweets Widget Project 1 Latest Tweets Widget 2022-06-17 4.3 MEDIUM 6.5 MEDIUM
The Latest Tweets Widget WordPress plugin through 1.1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVE-2022-1608 1 Byonepress 1 Social Locker 2022-06-17 4.3 MEDIUM 6.5 MEDIUM
The OnePress Social Locker WordPress plugin through 5.6.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVE-2022-1694 1 Useful Banner Manager Project 1 Useful Banner Manager 2022-06-17 4.3 MEDIUM 6.5 MEDIUM
The Useful Banner Manager WordPress plugin through 1.6.1 does not perform CSRF checks on POST requests to its admin page, allowing an attacker to trick a logged in admin to add, modify or delete banners from the plugin by submitting a form.
CVE-2017-20020 1 Solar-log 16 Solar-log 1000, Solar-log 1000 Firmware, Solar-log 1000 Pm\+ and 13 more 2022-06-17 6.8 MEDIUM 8.8 HIGH
A vulnerability, which was classified as problematic, has been found in Solare Solar-Log 2.8.4-56/3.5.2-85. Affected by this issue is some unknown functionality. The manipulation leads to cross site request forgery. The attack may be launched remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component.
CVE-2017-20045 1 Navetti 1 Pricepoint 2022-06-17 6.8 MEDIUM 8.8 HIGH
A vulnerability was found in Navetti PricePoint 4.6.0.0. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.7.0.0 is able to address this issue. It is recommended to upgrade the affected component.
CVE-2021-44117 1 Thedaylightstudio 1 Fuel Cms 2022-06-17 6.8 MEDIUM 8.8 HIGH
A Cross Site Request Forgery (CSRF) vulnerability exists in TheDayLightStudio Fuel CMS 1.5.0 via a POST call to /fuel/sitevariables/delete/4.
CVE-2022-22479 2 Ibm, Linux 2 Spectrum Copy Data Management, Linux Kernel 2022-06-17 6.8 MEDIUM 8.8 HIGH
IBM Spectrum Copy Data Management 2.2.0.0through 2.2.15.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 225887.
CVE-2022-30898 1 Chshcms 1 Cscms 2022-06-17 4.3 MEDIUM 6.5 MEDIUM
A Cross-site request forgery (CSRF) vulnerability in Cscms music portal system v4.2 allows remote attackers to change the administrator's username and password.
CVE-2022-1712 1 Livesync Project 1 Livesync 2022-06-15 4.3 MEDIUM 4.3 MEDIUM
The LiveSync for WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVE-2022-1695 1 Tipsandtricks-hq 1 Wp Simple Adsense Insertion 2022-06-15 4.3 MEDIUM 4.3 MEDIUM
The WP Simple Adsense Insertion WordPress plugin before 2.1 does not perform CSRF checks on updates to its admin page, allowing an attacker to trick a logged in user to manipulate ads and inject arbitrary javascript via submitting a form.
CVE-2022-1709 1 Gti 1 Throws Spam Away 2022-06-15 4.3 MEDIUM 4.3 MEDIUM
The Throws SPAM Away WordPress plugin before 3.3.1 does not have CSRF checks in place when deleting comments (either all, spam, or pending), allowing attackers to make a logged in admin delete comments via a CSRF attack