Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-352
Total 7850 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-1895 1 Underconstruction Project 1 Underconstruction 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
The underConstruction WordPress plugin before 1.20 does not have CSRF check in place when deactivating the construction mode, which could allow attackers to make a logged in admin perform such action via a CSRF attack
CVE-2022-1885 1 Cimy Header Image Rotator Project 1 Cimy Header Image Rotator 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
The Cimy Header Image Rotator WordPress plugin through 6.1.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVE-2022-1847 1 Rotating Posts Project 1 Rotating Posts 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
The Rotating Posts WordPress plugin through 1.11 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVE-2022-1846 1 Tiny Contact Form Project 1 Tiny Contact Form 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
The Tiny Contact Form WordPress plugin through 0.7 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVE-2022-1845 1 Wp Post Styling Project 1 Wp Post Styling 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
The WP Post Styling WordPress plugin before 1.3.1 does not have CSRF checks in various actions, which could allow attackers to make a logged in admin delete plugin's data, update the settings, add new entries and more via CSRF attacks
CVE-2022-1844 1 Wp-sentry Project 1 Wp-sentry 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
The WP Sentry WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping as well
CVE-2022-1843 1 Mailpress Project 1 Mailpress 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
The MailPress WordPress plugin through 7.2.1 does not have CSRF checks in various places, which could allow attackers to make a logged in admin change the settings, purge log files and more via CSRF attacks
CVE-2022-1842 1 Openbook Book Data Project 1 Openbook Book Data 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
The OpenBook Book Data WordPress plugin through 3.5.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping as well
CVE-2022-1832 1 Capa Protect Project 1 Capa Protect 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
The CaPa Protect WordPress plugin through 0.5.8.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and disable the applied protection.
CVE-2022-1831 1 Wplite Project 1 Wplite 2024-11-21 3.5 LOW 6.5 MEDIUM
The WPlite WordPress plugin through 1.3.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVE-2022-1830 1 Amazon Einzeltitellinks Project 1 Amazon Einzeltitellinks 2024-11-21 3.5 LOW 6.5 MEDIUM
The Amazon Einzeltitellinks WordPress plugin through 1.3.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping
CVE-2022-1829 1 Inline Google Maps Project 1 Inline Google Maps 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
The Inline Google Maps WordPress plugin through 5.11 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping
CVE-2022-1828 1 Pdf24 Articles To Pdf Project 1 Pdf24 Articles To Pdf 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
The PDF24 Articles To PDF WordPress plugin through 4.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVE-2022-1827 1 Pdf24 Articles To Pdf Project 1 Pdf24 Articles To Pdf 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
The PDF24 Article To PDF WordPress plugin through 4.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVE-2022-1826 1 Cross-linker Project 1 Cross-linker 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
The Cross-Linker WordPress plugin through 3.0.1.9 does not have CSRF check in place when creating Cross-Links, which could allow attackers to make a logged in admin perform such action via a CSRF attack
CVE-2022-1818 1 Multi-page Toolkit Project 1 Multi-page Toolkit 2024-11-21 3.5 LOW 5.4 MEDIUM
The Multi-page Toolkit WordPress plugin through 2.6 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping as well
CVE-2022-1793 1 Private Files Project 1 Private Files 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
The Private Files WordPress plugin through 0.40 is missing CSRF check when disabling the protection, which could allow attackers to make a logged in admin perform such action via a CSRF attack and make the blog public
CVE-2022-1792 1 Quick Subscribe Project 1 Quick Subscribe 2024-11-21 3.5 LOW 5.4 MEDIUM
The Quick Subscribe WordPress plugin through 1.7.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and leading to Stored XSS due to the lack of sanitisation and escaping in some of them
CVE-2022-1791 1 One Click Plugin Updater Project 1 One Click Plugin Updater 2024-11-21 5.8 MEDIUM 8.1 HIGH
The One Click Plugin Updater WordPress plugin through 2.4.14 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and disable / hide the badge of the available updates and the related check.
CVE-2022-1790 1 New User Email Set Up Project 1 New User Email Set Up 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
The New User Email Set Up WordPress plugin through 0.5.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack