Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-41083

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-20 Sep, 2021 | 21:30
Updated At-04 Aug, 2024 | 02:59
Rejected At-
Credits

CSRF Vulnerability in dada-mail 11.15.1 and below

Dada Mail is a web-based e-mail list management system. In affected versions a bad actor could give someone a carefully crafted web page via email, SMS, etc, that - when visited, allows them control of the list control panel as if the bad actor was logged in themselves. This includes changing any mailing list password, as well as the Dada Mail Root Password - which could effectively shut out actual list owners of the mailing list and allow the bad actor complete and unfettered control of your mailing list. This vulnerability also affects profile logins. For this vulnerability to work, the target of the bad actor would need to be logged into the list control panel themselves. This CSRF vulnerability in Dada Mail affects all versions of Dada Mail v11.15.1 and below. Although we know of no known CSRF exploits that have happened in the wild, this vulnerability has been confirmed by our testing, and by a third party. Users are advised to update to version 11.16.0.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:20 Sep, 2021 | 21:30
Updated At:04 Aug, 2024 | 02:59
Rejected At:
▼CVE Numbering Authority (CNA)
CSRF Vulnerability in dada-mail 11.15.1 and below

Dada Mail is a web-based e-mail list management system. In affected versions a bad actor could give someone a carefully crafted web page via email, SMS, etc, that - when visited, allows them control of the list control panel as if the bad actor was logged in themselves. This includes changing any mailing list password, as well as the Dada Mail Root Password - which could effectively shut out actual list owners of the mailing list and allow the bad actor complete and unfettered control of your mailing list. This vulnerability also affects profile logins. For this vulnerability to work, the target of the bad actor would need to be logged into the list control panel themselves. This CSRF vulnerability in Dada Mail affects all versions of Dada Mail v11.15.1 and below. Although we know of no known CSRF exploits that have happened in the wild, this vulnerability has been confirmed by our testing, and by a third party. Users are advised to update to version 11.16.0.

Affected Products
Vendor
justingit
Product
dada-mail
Versions
Affected
  • < 11.16.0
Problem Types
TypeCWE IDDescription
CWECWE-352CWE-352: Cross-Site Request Forgery (CSRF)
Type: CWE
CWE ID: CWE-352
Description: CWE-352: Cross-Site Request Forgery (CSRF)
Metrics
VersionBase scoreBase severityVector
3.18.0HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 8.0
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/justingit/dada-mail/security/advisories/GHSA-344m-p829-2r38
x_refsource_CONFIRM
https://github.com/justingit/dada-mail/commit/d4d3d86d08c816b4da75a5ef45abc12188772459
x_refsource_MISC
Hyperlink: https://github.com/justingit/dada-mail/security/advisories/GHSA-344m-p829-2r38
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/justingit/dada-mail/commit/d4d3d86d08c816b4da75a5ef45abc12188772459
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/justingit/dada-mail/security/advisories/GHSA-344m-p829-2r38
x_refsource_CONFIRM
x_transferred
https://github.com/justingit/dada-mail/commit/d4d3d86d08c816b4da75a5ef45abc12188772459
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/justingit/dada-mail/security/advisories/GHSA-344m-p829-2r38
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://github.com/justingit/dada-mail/commit/d4d3d86d08c816b4da75a5ef45abc12188772459
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:20 Sep, 2021 | 22:15
Updated At:01 Oct, 2021 | 17:19

Dada Mail is a web-based e-mail list management system. In affected versions a bad actor could give someone a carefully crafted web page via email, SMS, etc, that - when visited, allows them control of the list control panel as if the bad actor was logged in themselves. This includes changing any mailing list password, as well as the Dada Mail Root Password - which could effectively shut out actual list owners of the mailing list and allow the bad actor complete and unfettered control of your mailing list. This vulnerability also affects profile logins. For this vulnerability to work, the target of the bad actor would need to be logged into the list control panel themselves. This CSRF vulnerability in Dada Mail affects all versions of Dada Mail v11.15.1 and below. Although we know of no known CSRF exploits that have happened in the wild, this vulnerability has been confirmed by our testing, and by a third party. Users are advised to update to version 11.16.0.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Secondary3.18.0HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.0
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
dadamailproject
dadamailproject
>>dada_mail>>Versions before 11.16.0(exclusive)
cpe:2.3:a:dadamailproject:dada_mail:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-352Primarysecurity-advisories@github.com
CWE ID: CWE-352
Type: Primary
Source: security-advisories@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/justingit/dada-mail/commit/d4d3d86d08c816b4da75a5ef45abc12188772459security-advisories@github.com
Patch
Third Party Advisory
https://github.com/justingit/dada-mail/security/advisories/GHSA-344m-p829-2r38security-advisories@github.com
Third Party Advisory
Hyperlink: https://github.com/justingit/dada-mail/commit/d4d3d86d08c816b4da75a5ef45abc12188772459
Source: security-advisories@github.com
Resource:
Patch
Third Party Advisory
Hyperlink: https://github.com/justingit/dada-mail/security/advisories/GHSA-344m-p829-2r38
Source: security-advisories@github.com
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

4196Records found
CVE-2024-22291
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.21% / 11.62%
||
7 Day CHG~0.00%
Published-31 Jan, 2024 | 12:45
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Browser Theme Color Plugin <= 1.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi Browser Theme Color.This issue affects Browser Theme Color: from n/a through 1.3.

Action-Not Available
Vendor-marcomilesiMarco Milesi
Product-browser_theme_colorBrowser Theme Color
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2010-1244
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.07% / 60.63%
||
7 Day CHG~0.00%
Published-05 Apr, 2010 | 16:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-activemqn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-6468
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-6.8||MEDIUM
EPSS-0.64% / 46.06%
||
7 Day CHG~0.00%
Published-25 Sep, 2015 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Resource Data Management Data Manager before 2.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

Action-Not Available
Vendor-resource_data_management_data_managern/a
Product-data_managern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-6517
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.60% / 83.38%
||
7 Day CHG~0.00%
Published-18 Aug, 2015 | 17:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in phpLiteAdmin 1.1 allows remote attackers to hijack the authentication of users for requests that drop database tables via the droptable parameter to phpliteadmin.php.

Action-Not Available
Vendor-phpliteadmin_projectn/a
Product-phpliteadminn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-47611
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.27% / 18.57%
||
7 Day CHG~0.00%
Published-22 May, 2023 | 09:06
Updated-28 Apr, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Hover Image Plugin <= 1.4.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Julian Weinert // cs&m Hover Image plugin <= 1.4.1 versions.

Action-Not Available
Vendor-hover_image_projectJulian Weinert // cs&m
Product-hover_imageHover Image
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2010-1611
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.02% / 58.85%
||
7 Day CHG~0.00%
Published-29 Apr, 2010 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in AlegroCart 1.1 allows remote attackers to hijack the authentication of the administrator for requests that reset the administrator password via a POST to admin/ with an update action.

Action-Not Available
Vendor-alegrocartn/a
Product-alegrocartn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2010-1767
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.96% / 56.87%
||
7 Day CHG~0.00%
Published-24 Sep, 2010 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in loader/DocumentThreadableLoader.cpp in WebCore in WebKit before r57041, as used in Google Chrome before 4.1.249.1059, allows remote attackers to hijack the authentication of unspecified victims via a crafted synchronous preflight XMLHttpRequest operation.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2010-1648
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.61% / 44.60%
||
7 Day CHG~0.00%
Published-07 Jun, 2010 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the login interface in MediaWiki 1.15 before 1.15.4 and 1.16 before 1.16 beta 3 allows remote attackers to hijack the authentication of users for requests that (1) create accounts or (2) reset passwords, related to the Special:Userlogin form.

Action-Not Available
Vendor-n/aWikimedia Foundation
Product-mediawikin/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2010-1732
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.52% / 40.31%
||
7 Day CHG~0.00%
Published-05 May, 2010 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the users module in Zikula Application Framework before 1.2.3 allows remote attackers to hijack the authentication of administrators for requests that change the administrator email address (updateemail action).

Action-Not Available
Vendor-zikulan/a
Product-zikula_application_frameworkn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2012-3343
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.60% / 44.18%
||
7 Day CHG~0.00%
Published-09 Jun, 2012 | 00:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Microdasys before 3.5.1-B708, as used in Bloxx Web Filtering before 5.0.14 and other products, allows remote attackers to hijack the authentication of arbitrary users for requests that trigger error pages containing XSS sequences, a different vulnerability than CVE-2012-2564.

Action-Not Available
Vendor-bloxxn/a
Product-web_filteringn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-4844
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-6.5||MEDIUM
EPSS-0.31% / 22.26%
||
7 Day CHG~0.00%
Published-29 Dec, 2022 | 00:00
Updated-09 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery (CSRF) in usememos/memos

Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.

Action-Not Available
Vendor-Usememos
Product-memosusememos/memos
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2010-1547
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.67% / 47.23%
||
7 Day CHG~0.00%
Published-21 May, 2010 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable a page via a q=admin/build/pages/nojs/enable/ value or (2) disable a page via a q=admin/build/pages/nojs/disable/ value.

Action-Not Available
Vendor-chaos_tool_suite_projectn/a
Product-ctoolsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-22290
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.19% / 9.22%
||
7 Day CHG~0.00%
Published-31 Jan, 2024 | 11:56
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Custom Dashboard Widgets Plugin <= 1.3.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in AboZain,O7abeeb,UnitOne Custom Dashboard Widgets allows Cross-Site Scripting (XSS).This issue affects Custom Dashboard Widgets: from n/a through 1.3.1.

Action-Not Available
Vendor-custom_dashboard_widgets_projectAboZain,O7abeeb,UnitOne
Product-custom_dashboard_widgetsCustom Dashboard Widgets
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2012-3309
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.64% / 46.06%
||
7 Day CHG~0.00%
Published-29 Aug, 2012 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in the account-creation panel in IBM InfoSphere Guardium 8.2 and earlier, when the CSRF filtering (aka csrf_status) feature is disabled, allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts.

Action-Not Available
Vendor-n/aIBM Corporation
Product-infosphere_guardiumn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2010-1668
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.03% / 59.42%
||
7 Day CHG~0.00%
Published-06 Jul, 2010 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in Mahara before 1.0.15, 1.1.x before 1.1.9, and 1.2.x before 1.2.5 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.

Action-Not Available
Vendor-n/aMahara
Product-maharan/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2010-1610
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.60% / 44.05%
||
7 Day CHG~0.00%
Published-29 Apr, 2010 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in index.php in OpenCart 1.4 allows remote attackers to hijack the authentication of an application administrator for requests that create an administrative account via a POST request with the route parameter set to "user/user/insert." NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-opencartn/a
Product-opencartn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-15731
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.59% / 43.72%
||
7 Day CHG~0.00%
Published-21 Oct, 2017 | 22:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.adminlog.php.

Action-Not Available
Vendor-n/aThorsten Rinne (phpMyFAQ)
Product-phpmyfaqn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2010-0921
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.57% / 42.79%
||
7 Day CHG~0.00%
Published-03 Mar, 2010 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.281 for Domino 8.0.2 FP4 allows remote attackers to hijack the authentication of unspecified victims via vectors related to lack of "XSS/CSRF Get Filter and Referer Check fixes."

Action-Not Available
Vendor-n/aIBM Corporation
Product-lotus_inoteslotus_dominon/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-47609
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.3||MEDIUM
EPSS-0.25% / 15.61%
||
7 Day CHG~0.00%
Published-22 May, 2023 | 08:56
Updated-28 Apr, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress DNUI Plugin <= 2.8.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Nicearma DNUI plugin <= 2.8.1 versions.

Action-Not Available
Vendor-nicearmaNicearma
Product-dnui-delete-not-used-imageDNUI
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-15808
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.17% / 63.45%
||
7 Day CHG~0.00%
Published-23 Oct, 2017 | 17:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php.

Action-Not Available
Vendor-n/aThorsten Rinne (phpMyFAQ)
Product-phpmyfaqn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2010-0992
Matching Score-4
Assigner-Flexera Software LLC
ShareView Details
Matching Score-4
Assigner-Flexera Software LLC
CVSS Score-6.8||MEDIUM
EPSS-0.58% / 43.22%
||
7 Day CHG~0.00%
Published-09 Apr, 2010 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in Pulse CMS Basic 1.2.2 and 1.2.3, and possibly Pulse Pro before 1.3.2, allow remote attackers to hijack the authentication of users for requests that (1) upload image files, (2) delete image files, or (3) create blocks.

Action-Not Available
Vendor-pulsecmsn/a
Product-pulse_cmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-46800
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.26% / 17.56%
||
7 Day CHG~0.00%
Published-25 May, 2023 | 08:53
Updated-28 Apr, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress LiteSpeed Cache Plugin <= 5.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in LiteSpeed Technologies LiteSpeed Cache plugin <= 5.3 versions.

Action-Not Available
Vendor-litespeedtechLiteSpeed Technologies
Product-litespeed_cacheLiteSpeed Cache
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-47167
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.26% / 17.56%
||
7 Day CHG~0.00%
Published-22 May, 2023 | 09:14
Updated-28 Apr, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Crayon Syntax Highlighter Plugin <= 2.8.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Aram Kocharyan Crayon Syntax Highlighter plugin <= 2.8.4 versions.

Action-Not Available
Vendor-crayon_syntax_highlighter_projectAram Kocharyan
Product-crayon_syntax_highlighterCrayon Syntax Highlighter
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-47135
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.26% / 17.22%
||
7 Day CHG~0.00%
Published-25 May, 2023 | 08:06
Updated-28 Apr, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Chronoforms Plugin <= 7.0.9 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in chronoengine.Com Chronoforms plugin <= 7.0.9 versions.

Action-Not Available
Vendor-chronoenginechronoengine.com
Product-chronoformsChronoforms
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-47166
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.27% / 18.89%
||
7 Day CHG~0.00%
Published-13 Mar, 2023 | 09:09
Updated-28 Apr, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Void Contact Form 7 Widget For Elementor Page Builder Plugin <= 2.1.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in voidCoders Void Contact Form 7 Widget For Elementor Page Builder plugin <= 2.1.1 versions.

Action-Not Available
Vendor-voidcodersvoidCoders
Product-void_contact_form_7_widget_for_elementor_page_builderVoid Contact Form 7 Widget For Elementor Page Builder
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-47178
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.27% / 18.57%
||
7 Day CHG~0.00%
Published-25 May, 2023 | 11:49
Updated-28 Apr, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple Share Buttons Adder Plugin <= 8.4.7 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Simple Share Buttons Simple Share Buttons Adder plugin <= 8.4.7 versions.

Action-Not Available
Vendor-simplesharebuttonsSimple Share Buttons
Product-simple_share_buttons_adderSimple Share Buttons Adder
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-46841
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.21% / 10.83%
||
7 Day CHG~0.00%
Published-03 Oct, 2023 | 10:10
Updated-28 Apr, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Oxygen Builder Plugin < 4.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Soflyy Oxygen Builder plugin <= 4.4 versions.

Action-Not Available
Vendor-Soflyy
Product-oxygenOxygen Builder
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-46866
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.26% / 16.71%
||
7 Day CHG~0.00%
Published-25 May, 2023 | 08:32
Updated-28 Apr, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Import External Images Plugin <= 1.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Marty Thornley Import External Images plugin <= 1.4 versions.

Action-Not Available
Vendor-import_external_images_projectMarty Thornley
Product-import_external_imagesImport External Images
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-47152
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.25% / 16.43%
||
7 Day CHG~0.00%
Published-24 May, 2023 | 15:52
Updated-28 Apr, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress clickfunnels Plugin <= 3.1.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Etison, LLC ClickFunnels plugin <= 3.1.1 versions.

Action-Not Available
Vendor-clickfunnelsEtison, LLC
Product-clickfunnelsClickFunnels
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-46812
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.26% / 16.70%
||
7 Day CHG~0.00%
Published-25 May, 2023 | 08:48
Updated-15 Jan, 2025 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Thank You Page Customizer for WooCommerce – Increase Your Sales Plugin <= 1.0.13 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Thank You Page Customizer for WooCommerce – Increase Your Sales plugin <= 1.0.13 versions.

Action-Not Available
Vendor-VillaTheme
Product-woocommerce_thank_you_page_customizerThank You Page Customizer for WooCommerce – Increase Your Sales
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-47154
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.26% / 17.22%
||
7 Day CHG~0.00%
Published-14 Mar, 2023 | 07:11
Updated-28 Apr, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress CSS JS Manager Plugin <= 2.4.49 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Pi Websolution CSS JS Manager, Async JavaScript, Defer Render Blocking CSS supports WooCommerce plugin <= 2.4.49 versions.

Action-Not Available
Vendor-piwebsolutionPi Websolution
Product-css_js_manager\,_async_javascript\,_defer_render_blocking_css_supports_woocommerceCSS JS Manager, Async JavaScript, Defer Render Blocking CSS supports WooCommerce
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-15729
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.59% / 43.72%
||
7 Day CHG~0.00%
Published-21 Oct, 2017 | 22:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for adding a glossary.

Action-Not Available
Vendor-n/aThorsten Rinne (phpMyFAQ)
Product-phpmyfaqn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-46815
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.26% / 17.55%
||
7 Day CHG~0.00%
Published-02 Feb, 2023 | 16:21
Updated-28 Apr, 2026 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Conditional Shipping for WooCommerce Plugin <= 2.3.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Lauri Karisola / WP Trio Conditional Shipping for WooCommerce plugin <= 2.3.1 versions.

Action-Not Available
Vendor-wptrioLauri Karisola / WP Trio
Product-conditional_shipping_for_woocommerceConditional Shipping for WooCommerce
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-47162
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.28% / 19.23%
||
7 Day CHG~0.00%
Published-14 Mar, 2023 | 06:53
Updated-28 Apr, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress DH – Anti AdBlocker Plugin <= 36 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Dannie Herdyawan DH – Anti AdBlocker plugin <= 36 versions.

Action-Not Available
Vendor-dh_-_anti_adblocker_projectDannie Herdyawan
Product-dh_-_anti_adblockerDH – Anti AdBlocker
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2009-4906
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.07% / 60.47%
||
7 Day CHG~0.00%
Published-25 Jun, 2010 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in index.php in Acc PHP eMail 1.1 allows remote attackers to hijack the authentication of administrators for requests that change passwords.

Action-Not Available
Vendor-accscriptsn/a
Product-acc_php_emailn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2010-0638
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.57% / 42.77%
||
7 Day CHG~0.00%
Published-15 Feb, 2010 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in WebCalendar 1.2.0 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Action-Not Available
Vendor-k5nn/a
Product-webcalendarn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-7812
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.23% / 14.08%
||
7 Day CHG~0.00%
Published-28 Aug, 2025 | 01:46
Updated-08 Apr, 2026 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Video Share VOD – Turnkey Video Site Builder Script <= 2.7.6 - Cross-Site Request Forgery to Command Injection

The Video Share VOD – Turnkey Video Site Builder Script plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.6. This is due to missing or incorrect nonce validation on the adminExport() function. This makes it possible for unauthenticated attackers to update settings and execute remote code when the Server command execution setting is enabled via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-videowhisper
Product-Video Share VOD – Turnkey Video Site Builder Script
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-46367
Matching Score-4
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Matching Score-4
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-6.8||MEDIUM
EPSS-0.26% / 17.54%
||
7 Day CHG~0.00%
Published-12 Jan, 2023 | 00:00
Updated-08 Apr, 2025 | 16:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rumpus - FTP server Cross-site request forgery (CSRF) – Privilege escalation

Rumpus - FTP server Cross-site request forgery (CSRF) – Privilege escalation vulnerability that may allow privilege escalation.

Action-Not Available
Vendor-maxumRumpus
Product-rumpusFTP server
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2010-0709
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.23% / 65.01%
||
7 Day CHG~0.00%
Published-25 Feb, 2010 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in Limny 2.0 allow remote attackers to (1) hijack the authentication of users or administrators for requests that change the email address or password via the user action to index.php, and (2) hijack the authentication of the administrator for requests that create a new user via the admin/modules/user/new action to limny/index.php.

Action-Not Available
Vendor-limnyn/a
Product-limnyn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-47139
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.25% / 16.43%
||
7 Day CHG~0.00%
Published-25 May, 2023 | 08:10
Updated-28 Apr, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Basic Elements Plugin <= 5.2.15 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Damir Calusic WP Basic Elements plugin <= 5.2.15 versions.

Action-Not Available
Vendor-wp_basic_elements_projectDamir Calusic
Product-wp_basic_elementsWP Basic Elements
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-47177
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.30% / 21.49%
||
7 Day CHG~0.00%
Published-25 May, 2023 | 09:51
Updated-28 Apr, 2026 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP EasyPay Plugin <= 4.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in WP Easy Pay WP EasyPay – Square for WordPress plugin <= 4.1 versions.

Action-Not Available
Vendor-wpeasypayWP Easy Pay
Product-wp_easypayWP EasyPay – Square for WordPress
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-46793
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.25% / 15.91%
||
7 Day CHG~0.00%
Published-06 Apr, 2023 | 12:44
Updated-28 Apr, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Product Feed PRO for WooCommerce Plugin <= 12.4.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in AdTribes.Io Product Feed PRO for WooCommerce plugin <= 12.4.4 versions.

Action-Not Available
Vendor-AdTribes
Product-product_feed_pro_for_woocommerceProduct Feed PRO for WooCommerce
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-46368
Matching Score-4
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Matching Score-4
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-6.8||MEDIUM
EPSS-0.26% / 17.54%
||
7 Day CHG~0.00%
Published-12 Jan, 2023 | 00:00
Updated-08 Apr, 2025 | 16:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rumpus - FTP server Cross-site request forgery (CSRF) – Create user

Rumpus - FTP server version 9.0.7.1 Cross-site request forgery (CSRF) – vulnerability may allow unauthorized action on behalf of authenticated users.

Action-Not Available
Vendor-maxumRumpus
Product-rumpusFTP server
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-47142
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.27% / 18.56%
||
7 Day CHG~0.00%
Published-22 May, 2023 | 08:52
Updated-28 Apr, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Mediamatic – Media Library Folders Plugin <= 2.8.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Plugincraft Mediamatic – Media Library Folders plugin <= 2.8.1 versions.

Action-Not Available
Vendor-mediamaticPlugincraft
Product-media_library_foldersMediamatic – Media Library Folders
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-47164
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.29% / 20.80%
||
7 Day CHG~0.00%
Published-25 May, 2023 | 08:27
Updated-28 Apr, 2026 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Event Manager for WooCommerce Plugin <= 3.7.7 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce plugin <= 3.7.7 versions.

Action-Not Available
Vendor-MagePeople
Product-event_manager_and_tickets_selling_plugin_for_woocommerceEvent Manager and Tickets Selling Plugin for WooCommerce
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-47183
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.26% / 17.55%
||
7 Day CHG~0.00%
Published-22 May, 2023 | 09:11
Updated-28 Apr, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Extra Block Design, Style, CSS for ANY Gutenberg Blocks Plugin <= 0.2.6 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in StylistWP Extra Block Design, Style, CSS for ANY Gutenberg Blocks plugin <= 0.2.6 versions.

Action-Not Available
Vendor-stylist_projectStylistWP
Product-stylistExtra Block Design, Style, CSS for ANY Gutenberg Blocks
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-47172
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.21% / 11.62%
||
7 Day CHG~0.00%
Published-17 Jul, 2023 | 14:36
Updated-28 Apr, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooLentor Plugin <= 2.6.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in HasThemes ShopLentor plugin <= 2.6.2 versions.

Action-Not Available
Vendor-HasTech IT Limited (HasThemes)
Product-woolentor_-_woocommerce_elementor_addons_\+_builderShopLentor
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-46820
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.26% / 17.56%
||
7 Day CHG~0.00%
Published-25 May, 2023 | 11:04
Updated-28 Apr, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Joli Table Of Contents Plugin <= 1.3.9 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in WPJoli Joli Table Of Contents plugin <= 1.3.9 versions.

Action-Not Available
Vendor-wpjoliWPJoli
Product-joli_table_of_contentsJoli Table Of Contents
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-4621
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.33% / 24.87%
||
7 Day CHG~0.00%
Published-17 Jan, 2023 | 16:36
Updated-07 Nov, 2023 | 03:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Panasonic Sanyo CCTV Network Camera

Panasonic Sanyo CCTV Network Cameras versions 1.02-05 and 2.03-0x are vulnerable to CSRFs that can be exploited to allow an attacker to perform changes with administrator level privileges.

Action-Not Available
Vendor-panasonicPanasonic
Product-vcc-hd3100pvcc-hd2100p_firmwarevcc-hd5600pvcc-hd3300pvcc-hd2100pvcc-hd3100p_firmwarevcc-hd3300_firmwarevcc-hd3300vcc-hd5600p_firmwarevcc-hd3300p_firmwareSanyo CCTV Network Camera
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-46865
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.26% / 16.71%
||
7 Day CHG~0.00%
Published-25 May, 2023 | 08:40
Updated-28 Apr, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Bulk Resize Media Plugin <= 1.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Marty Thornley Bulk Resize Media plugin <= 1.1 versions.

Action-Not Available
Vendor-bulk_resize_media_projectMarty Thornley
Product-bulk_resize_mediaBulk Resize Media
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 83
  • 84
  • Next
Details not found