Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-352
Total 8867 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-41634 1 Maxfoundry 1 Media Library Folders 2024-11-21 N/A 5.4 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in Media Library Folders plugin <= 7.1.1 on WordPress.
CVE-2022-41633 1 Peepso 1 Peepso 2024-11-21 N/A 5.4 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin <= 6.0.2.0 versions.
CVE-2022-41622 1 F5 12 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 9 more 2024-11-21 N/A 8.8 HIGH
In all versions,  BIG-IP and BIG-IQ are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2022-41620 1 Seosamba 1 Seosamba 2024-11-21 N/A 5.4 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in SeoSamba for WordPress Webmasters plugin <= 1.0.5 versions.
CVE-2022-41615 1 Agilelogix 1 Store Locator 2024-11-21 N/A 6.1 MEDIUM
Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in Store Locator plugin <= 1.4.5 on WordPress.
CVE-2022-41608 1 Asgaros 1 Asgaros Forum 2024-11-21 N/A 5.4 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in Thomas Belser Asgaros Forum plugin <= 2.2.0 versions.
CVE-2022-41297 1 Ibm 3 Db2 On Cloud Pak For Data, Db2 Warehouse On Cloud Pak For Data, Db2u 2024-11-21 N/A 4.3 MEDIUM
IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 237212.
CVE-2022-41263 1 Sap 1 Business Objects Business Intelligence Platform 2024-11-21 N/A 4.3 MEDIUM
Due to a missing authentication check, SAP Business Objects Business Intelligence Platform (Web Intelligence) - versions 420, 430, allows an authenticated non-administrator attacker to modify the data source information for a document that is otherwise restricted. On successful exploitation, the attacker can modify information causing a limited impact on the integrity of the application.
CVE-2022-41136 1 Getshortcodes 1 Shortcodes Ultimate 2024-11-21 N/A 6.1 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in Vladimir Anokhin's Shortcodes Ultimate plugin <= 5.12.0 on WordPress.
CVE-2022-41134 1 Optinly 1 Optinly 2024-11-21 N/A 5.4 MEDIUM
Cross-Site Request Forgery (CSRF) in OptinlyHQ Optinly – Exit Intent, Newsletter Popups, Gamification & Opt-in Forms plugin <= 1.0.15 versions.
CVE-2022-40724 1 Pingidentity 1 Pingfederate 2024-11-21 N/A 6.4 MEDIUM
The PingFederate Local Identity Profiles '/pf/idprofile.ping' endpoint is vulnerable to Cross-Site Request Forgery (CSRF) through crafted GET requests.
CVE-2022-40695 1 Clogica 1 Seo Redirection 2024-11-21 N/A 5.4 MEDIUM
Multiple Cross-Site Scripting (CSRF) vulnerabilities in SEO Redirection Plugin plugin <= 8.9 on WordPress.
CVE-2022-40692 1 Sunshinephotocart 1 Sunshine Photo Cart 2024-11-21 N/A 5.4 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in WP Sunshine Sunshine Photo Cart plugin <= 2.9.13 versions.
CVE-2022-40687 1 Constantcontact 1 Creative Mail 2024-11-21 N/A 5.4 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in Creative Mail plugin <= 1.5.4 on WordPress.
CVE-2022-40686 1 Constantcontact 1 Creative Mail 2024-11-21 N/A 5.4 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in Creative Mail plugin <= 1.5.4 on WordPress.
CVE-2022-40671 1 Blazzdev 1 Rate My Post - Wp Rating System 2024-11-21 N/A 4.3 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in Rate my Post – WP Rating System plugin <= 3.3.4 at WordPress.
CVE-2022-40632 1 Gvectors 1 Wpforo Forum 2024-11-21 N/A 5.4 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team wpForo Forum plugin <= 2.0.5 on WordPress leading to topic deletion.
CVE-2022-40623 1 Wavlink 2 Wn531g3, Wn531g3 Firmware 2024-11-21 N/A 8.8 HIGH
The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 does not utilize anti-CSRF tokens, which, when combined with other issues (such as CVE-2022-35518), can lead to remote, unauthenticated command execution.
CVE-2022-40219 1 Sedlex 1 Favicon-switcher 2024-11-21 N/A 5.4 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in SedLex FavIcon Switcher plugin <= 1.2.11 at WordPress allows plugin settings change.
CVE-2022-40198 1 Standalonetech 1 Terawallet 2024-11-21 N/A 4.3 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in StandaloneTech TeraWallet – For WooCommerce plugin <= 1.3.24 leading to plugin settings change.