Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-352
Total 7680 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-45067 1 Devscred 1 Exclusive Addons For Elementor 2024-11-21 N/A 4.3 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in DevsCred Exclusive Addons Elementor plugin <= 2.6.1 versions.
CVE-2022-44741 1 Slidervilla 1 Testimonial Slider 2024-11-21 N/A 6.1 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS) in David Anderson Testimonial Slider plugin <= 1.3.1 on WordPress.
CVE-2022-44740 1 Constantcontact 1 Creative Mail 2024-11-21 N/A 5.4 MEDIUM
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Creative Mail plugin <= 1.5.4 on WordPress.
CVE-2022-44739 1 Thingsforrestaurants 1 Quick Restaurant Reservations 2024-11-21 N/A 5.3 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in ThingsForRestaurants Quick Restaurant Reservations plugin <= 1.5.4 versions.
CVE-2022-44737 1 Tipsandtricks-hq 1 All In One Wp Security \& Firewall 2024-11-21 N/A 5.4 MEDIUM
Multiple Cross-Site Request Forgery vulnerabilities in All-In-One Security (AIOS) – Security and Firewall (WordPress plugin) <= 5.1.0 on WordPress.
CVE-2022-44627 1 Coleds 1 Simple Seo 2024-11-21 N/A 5.4 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple SEO plugin <= 1.8.12 on WordPress allows attackers to create or delete sitemaps.
CVE-2022-44585 1 Magneticlab 1 Homepage Pop-up 2024-11-21 N/A 5.4 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in Magneticlab Sàrl Homepage Pop-up plugin <= 1.2.5 versions.
CVE-2022-43710 1 Gxsoftware 1 Xperiencentral 2024-11-21 N/A 8.8 HIGH
Interactive Forms (IAF) in GX Software XperienCentral versions 10.31.0 until 10.33.0 was vulnerable to cross site request forgery (CSRF) because the unique token could be deduced using the names of all input fields.
CVE-2022-43491 1 Algolplus 1 Advanced Dynamic Pricing For Woocommerce 2024-11-21 N/A 5.4 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.5 on WordPress leading to plugin settings import.
CVE-2022-43490 1 Xwp 1 Stream 2024-11-21 N/A 5.4 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in XWP Stream plugin <= 3.9.2 versions.
CVE-2022-43488 1 Algolplus 1 Advanced Dynamic Pricing For Woocommerce 2024-11-21 N/A 5.4 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.5 on WordPress leading to rule type migration.
CVE-2022-43481 1 Rymera 1 Advanced Coupons 2024-11-21 N/A 5.4 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in Advanced Coupons for WooCommerce Coupons plugin <= 4.5 on WordPress leading to notice dismissal.
CVE-2022-43469 1 Orchestrated 1 Corona Virus \(covid-19\) Banner \& Live Data 2024-11-21 N/A 5.4 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in Orchestrated Corona Virus (COVID-19) Banner & Live Data plugin <= 1.7.0.6 versions.
CVE-2022-43459 1 Captainform 1 Captainform 2024-11-21 N/A 5.4 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in Forms by CaptainForm – Form Builder for WordPress plugin <= 2.5.3 versions.
CVE-2022-42880 1 Auto Upload Images Project 1 Auto Upload Images 2024-11-21 N/A 6.1 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in Ali Irani Auto Upload Images plugin <= 3.3 versions allows Stored Cross-Site Scripting (XSS).
CVE-2022-42435 1 Ibm 1 Business Automation Workflow 2024-11-21 N/A 4.3 MEDIUM
IBM Business Automation Workflow 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, and 22.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 238054.
CVE-2022-41996 1 Theme-fusion 1 Avada 2024-11-21 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada premium theme versions <= 7.8.1 on WordPress leading to arbitrary plugin installation/activation.
CVE-2022-41990 1 Cardozatechnologies 1 Cardoza-3d-tag-cloud 2024-11-21 N/A 7.1 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Vinoj Cardoza 3D Tag Cloud allows Stored XSS.This issue affects 3D Tag Cloud: from n/a through 3.8.
CVE-2022-41987 1 Badgeos 1 Badgeos 2024-11-21 N/A 6.3 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in LearningTimes BadgeOS plugin <= 3.7.1.6 versions.
CVE-2022-41927 1 Xwiki 1 Xwiki 2024-11-21 N/A 7.4 HIGH
XWiki Platform is vulnerable to Cross-Site Request Forgery (CSRF) that may allow attackers to delete or rename tags without needing any confirmation. The problem has been patched in XWiki 13.10.7, 14.4.1 and 14.5RC1. Workarounds: It's possible to patch existing instances directly by editing the page Main.Tags and add this kind of check, in the code for renaming and for deleting: ``` #if (!$services.csrf.isTokenValid($request.get('form_token'))) #set ($discard = $response.sendError(401, "Wrong CSRF token")) #end ```