Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-2387

Summary
Assigner-WPScan
Assigner Org ID-1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81
Published At-07 Nov, 2022 | 00:00
Updated At-05 May, 2025 | 20:26
Rejected At-
Credits

Easy Digital Downloads < 3.0 - Arbitrary Post Deletion via CSRF

The Easy Digital Downloads WordPress plugin before 3.0 does not have CSRF check in place when deleting payment history, and does not ensure that the post to be deleted is actually a payment history. As a result, attackers could make a logged in admin delete arbitrary post via a CSRF attack

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:WPScan
Assigner Org ID:1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81
Published At:07 Nov, 2022 | 00:00
Updated At:05 May, 2025 | 20:26
Rejected At:
▼CVE Numbering Authority (CNA)
Easy Digital Downloads < 3.0 - Arbitrary Post Deletion via CSRF

The Easy Digital Downloads WordPress plugin before 3.0 does not have CSRF check in place when deleting payment history, and does not ensure that the post to be deleted is actually a payment history. As a result, attackers could make a logged in admin delete arbitrary post via a CSRF attack

Affected Products
Vendor
Unknown
Product
Easy Digital Downloads – Simple eCommerce for Selling Digital Files
Versions
Affected
  • From 3.0 before 3.0 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-352CWE-352 Cross-Site Request Forgery (CSRF)
Type: CWE
CWE ID: CWE-352
Description: CWE-352 Cross-Site Request Forgery (CSRF)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Krzysztof Zając
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://wpscan.com/vulnerability/db3c3c78-1724-4791-9ab6-ebb2e8a4c8b8
N/A
Hyperlink: https://wpscan.com/vulnerability/db3c3c78-1724-4791-9ab6-ebb2e8a4c8b8
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://wpscan.com/vulnerability/db3c3c78-1724-4791-9ab6-ebb2e8a4c8b8
x_transferred
Hyperlink: https://wpscan.com/vulnerability/db3c3c78-1724-4791-9ab6-ebb2e8a4c8b8
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:contact@wpscan.com
Published At:07 Nov, 2022 | 10:15
Updated At:05 May, 2025 | 21:15

The Easy Digital Downloads WordPress plugin before 3.0 does not have CSRF check in place when deleting payment history, and does not ensure that the post to be deleted is actually a payment history. As a result, attackers could make a logged in admin delete arbitrary post via a CSRF attack

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Secondary3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Type: Primary
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Type: Secondary
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CPE Matches
Awesome Motive Inc.
awesomemotive
>>easy_digital_downloads>>Versions before 3.0(exclusive)
cpe:2.3:a:awesomemotive:easy_digital_downloads:*:*:*:*:*:wordpress:*:*
Weaknesses
CWE IDTypeSource
CWE-352Secondarycontact@wpscan.com
CWE ID: CWE-352
Type: Secondary
Source: contact@wpscan.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://wpscan.com/vulnerability/db3c3c78-1724-4791-9ab6-ebb2e8a4c8b8contact@wpscan.com
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/db3c3c78-1724-4791-9ab6-ebb2e8a4c8b8af854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
Hyperlink: https://wpscan.com/vulnerability/db3c3c78-1724-4791-9ab6-ebb2e8a4c8b8
Source: contact@wpscan.com
Resource:
Exploit
Third Party Advisory
Hyperlink: https://wpscan.com/vulnerability/db3c3c78-1724-4791-9ab6-ebb2e8a4c8b8
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

2088Records found
CVE-2022-43488
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.10% / 26.94%
||
7 Day CHG~0.00%
Published-09 Nov, 2022 | 15:44
Updated-20 Feb, 2025 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.5 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.5 on WordPress leading to rule type migration.

Action-Not Available
Vendor-AlgolPlus
Product-advanced_dynamic_pricing_for_woocommerceAdvanced Dynamic Pricing for WooCommerce (WordPress plugin)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-23972
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 2.88%
||
7 Day CHG~0.00%
Published-04 Jul, 2025 | 08:42
Updated-08 Jul, 2025 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Contact Form 7 reCAPTCHA plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Brian S. Reed Contact Form 7 reCAPTCHA allows Cross Site Request Forgery. This issue affects Contact Form 7 reCAPTCHA: from n/a through 1.2.0.

Action-Not Available
Vendor-Brian S. Reed
Product-Contact Form 7 reCAPTCHA
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-4426
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.18% / 40.24%
||
7 Day CHG~0.00%
Published-09 Jan, 2023 | 22:13
Updated-09 Apr, 2025 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Mautic Integration For WooCommerce < 1.0.3 - Arbitrary Options Update via CSRF

The Mautic Integration for WooCommerce WordPress plugin before 1.0.3 does not have proper CSRF check when updating settings, and does not ensure that the options to be updated belong to the plugin, allowing attackers to make a logged in admin change arbitrary blog options via a CSRF attack.

Action-Not Available
Vendor-wpswingsUnknown
Product-mautic_integration_for_woocommerceMautic Integration for WooCommerce
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-4349
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 28.94%
||
7 Day CHG~0.00%
Published-08 Dec, 2022 | 00:00
Updated-15 Apr, 2025 | 13:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CTF-hacker pwn delete.html cross-site request forgery

A vulnerability classified as problematic has been found in CTF-hacker pwn. This affects an unknown part of the file delete.html. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-215109 was assigned to this vulnerability.

Action-Not Available
Vendor-pwn_projectCTF-hacker
Product-pwnpwn
CWE ID-CWE-863
Incorrect Authorization
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-53264
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 2.88%
||
7 Day CHG~0.00%
Published-27 Jun, 2025 | 13:21
Updated-30 Jun, 2025 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ONet Regenerate Thumbnails plugin <= 1.5 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Konrád Koller ONet Regenerate Thumbnails allows Cross Site Request Forgery. This issue affects ONet Regenerate Thumbnails: from n/a through 1.5.

Action-Not Available
Vendor-Konrád Koller
Product-ONet Regenerate Thumbnails
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-20405
Matching Score-4
Assigner-Atlassian
ShareView Details
Matching Score-4
Assigner-Atlassian
CVSS Score-4.3||MEDIUM
EPSS-0.18% / 39.52%
||
7 Day CHG~0.00%
Published-06 Feb, 2020 | 03:10
Updated-16 Sep, 2024 | 22:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The JMX monitoring flag in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to turn the JMX monitoring flag off or on via a Cross-site request forgery (CSRF) vulnerability.

Action-Not Available
Vendor-Atlassian
Product-jira_serverjira_data_centerJira Server
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-41297
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.14% / 34.11%
||
7 Day CHG~0.00%
Published-01 Dec, 2022 | 17:30
Updated-24 Apr, 2025 | 19:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2U cross-site request forgery

IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 237212.

Action-Not Available
Vendor-IBM Corporation
Product-db2udb2_on_cloud_pak_for_datadb2_warehouse_on_cloud_pak_for_dataDb2U
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-22669
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 12.31%
||
7 Day CHG~0.00%
Published-27 Mar, 2025 | 14:22
Updated-27 Mar, 2025 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Awesome Event Booking plugin <= 2.7.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in AwesomeTOGI Awesome Event Booking allows Cross Site Request Forgery.This issue affects Awesome Event Booking: from n/a through 2.7.5.

Action-Not Available
Vendor-AwesomeTOGI
Product-Awesome Event Booking
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-4090
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 28.29%
||
7 Day CHG~0.00%
Published-24 Nov, 2022 | 00:00
Updated-15 Apr, 2025 | 13:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
rickxy Stock Management System cross-site request forgery

A vulnerability was found in rickxy Stock Management System and classified as problematic. This issue affects some unknown processing of the file us_transac.php?action=add. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214331.

Action-Not Available
Vendor-stock_management_system_projectrickxy
Product-stock_management_systemStock Management System
CWE ID-CWE-863
Incorrect Authorization
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-40671
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 28.88%
||
7 Day CHG~0.00%
Published-23 Sep, 2022 | 14:19
Updated-20 Feb, 2025 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Rate my Post – WP Rating System plugin <= 3.3.4 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Rate my Post – WP Rating System plugin <= 3.3.4 at WordPress.

Action-Not Available
Vendor-blazzdevBlaz K.
Product-rate_my_post_-_wp_rating_systemRate my Post – WP Rating System (WordPress plugin)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-53272
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 2.88%
||
7 Day CHG~0.00%
Published-27 Jun, 2025 | 13:21
Updated-30 Jun, 2025 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Image Cleanup plugin <= 1.9.2 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in opicron Image Cleanup allows Cross Site Request Forgery. This issue affects Image Cleanup: from n/a through 1.9.2.

Action-Not Available
Vendor-opicron
Product-Image Cleanup
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-40219
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.10% / 26.94%
||
7 Day CHG~0.00%
Published-21 Sep, 2022 | 19:00
Updated-20 Feb, 2025 | 20:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress FavIcon Switcher plugin <= 1.2.11 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in SedLex FavIcon Switcher plugin <= 1.2.11 at WordPress allows plugin settings change.

Action-Not Available
Vendor-sedlexSedLex
Product-favicon-switcherFavIcon Switcher (WordPress plugin)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-3978
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 32.05%
||
7 Day CHG~0.00%
Published-13 Nov, 2022 | 00:00
Updated-15 Apr, 2025 | 13:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NodeBB abort cross-site request forgery

A vulnerability, which was classified as problematic, was found in NodeBB up to 2.5.7. This affects an unknown part of the file /register/abort. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 2.5.8 is able to address this issue. The name of the patch is 2f9d8c350e54543f608d3d4c8e1a49bbb6cdea38. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-213555.

Action-Not Available
Vendor-nodebbunspecified
Product-nodebbNodeBB
CWE ID-CWE-863
Incorrect Authorization
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-24798
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.47%
||
7 Day CHG~0.00%
Published-21 Feb, 2024 | 07:34
Updated-06 May, 2025 | 18:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Debug Plugin <= 1.10 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in SoniNow Team Debug.This issue affects Debug: from n/a through 1.10.

Action-Not Available
Vendor-soninowSoniNow Team
Product-debugDebug
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-24706
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.14% / 34.26%
||
7 Day CHG~0.00%
Published-07 Feb, 2024 | 16:50
Updated-01 Aug, 2024 | 23:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP-CFM Plugin <= 1.7.8 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Forum One WP-CFM wp-cfm.This issue affects WP-CFM: from n/a through 1.7.8.

Action-Not Available
Vendor-forumoneForum One
Product-wp-cfmWP-CFM
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-20415
Matching Score-4
Assigner-Atlassian
ShareView Details
Matching Score-4
Assigner-Atlassian
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 35.05%
||
7 Day CHG~0.00%
Published-30 Jun, 2020 | 02:50
Updated-17 Sep, 2024 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Atlassian Jira Server and Data Center in affected versions allows remote attackers to modify logging and profiling settings via a cross-site request forgery (CSRF) vulnerability. The affected versions are before version 7.13.3, and from version 8.0.0 before 8.1.0.

Action-Not Available
Vendor-Atlassian
Product-jira_serverjira_software_data_centerjira_data_centerjiraJira Server
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-2483
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 17.69%
||
7 Day CHG~0.00%
Published-15 Mar, 2024 | 07:00
Updated-26 Aug, 2024 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Surya2Developer Hostel Management Service Password Change change-password.php cross-site request forgery

A vulnerability, which was classified as problematic, has been found in Surya2Developer Hostel Management Service 1.0. This issue affects some unknown processing of the file /change-password.php of the component Password Change Handler. The manipulation of the argument oldpassword leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256889 was assigned to this vulnerability.

Action-Not Available
Vendor-Surya2Developersurya2developer
Product-Hostel Management Servicehostel_management_service
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-40131
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.10% / 26.94%
||
7 Day CHG~0.00%
Published-03 Nov, 2022 | 19:26
Updated-20 Feb, 2025 | 19:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Page View Count plugin <= 2.5.5 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in a3rev Software Page View Count plugin <= 2.5.5 on WordPress allows an attacker to reset the plugin settings.

Action-Not Available
Vendor-a3reva3rev Software
Product-page_view_countPage View Count (WordPress plugin)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-40198
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.53%
||
7 Day CHG~0.00%
Published-01 Mar, 2023 | 13:11
Updated-13 Jan, 2025 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress TeraWallet – For WooCommerce Plugin <= 1.3.24 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in StandaloneTech TeraWallet – For WooCommerce plugin <= 1.3.24 leading to plugin settings change.

Action-Not Available
Vendor-standalonetechStandaloneTech
Product-terawalletTeraWallet – For WooCommerce
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-4014
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.14% / 34.60%
||
7 Day CHG~0.00%
Published-16 Nov, 2022 | 00:00
Updated-03 Aug, 2024 | 01:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FeehiCMS Post My Comment Tab cross-site request forgery

A vulnerability, which was classified as problematic, has been found in FeehiCMS. Affected by this issue is some unknown functionality of the component Post My Comment Tab. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The identifier of this vulnerability is VDB-213788.

Action-Not Available
Vendor-feehiunspecified
Product-feehicmsFeehiCMS
CWE ID-CWE-863
Incorrect Authorization
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-4013
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 35.40%
||
7 Day CHG~0.00%
Published-16 Nov, 2022 | 00:00
Updated-15 Apr, 2025 | 13:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Hospital Management Center appointment.php cross-site request forgery

A vulnerability classified as problematic was found in Hospital Management Center. Affected by this vulnerability is an unknown functionality of the file appointment.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-213787.

Action-Not Available
Vendor-hospital_management_center_projectunspecified
Product-hospital_management_centerHospital Management Center
CWE ID-CWE-863
Incorrect Authorization
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-53273
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 2.88%
||
7 Day CHG~0.00%
Published-27 Jun, 2025 | 13:21
Updated-30 Jun, 2025 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Slickstream plugin <= 2.0.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Slickstream Slickstream allows Cross Site Request Forgery. This issue affects Slickstream: from n/a through 2.0.3.

Action-Not Available
Vendor-Slickstream
Product-Slickstream
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-24884
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 18.53%
||
7 Day CHG~0.00%
Published-12 Feb, 2024 | 08:46
Updated-24 Apr, 2025 | 15:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Contact Form 7 Connector Plugin <= 1.2.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in ARI Soft Contact Form 7 Connector.This issue affects Contact Form 7 Connector: from n/a through 1.2.2.

Action-Not Available
Vendor-ARI Soft
Product-contact_form_7_connectorContact Form 7 Connector
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-3850
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 26.94%
||
7 Day CHG~0.00%
Published-28 Nov, 2022 | 13:47
Updated-25 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Find and Replace All <= 1.3 - Arbitrary Replacement via CSRF

The Find and Replace All WordPress plugin before 1.3 does not have CSRF check when replacing string, which could allow attackers to make a logged admin replace arbitrary string in database tables via a CSRF attack

Action-Not Available
Vendor-find_and_replace_all_projectUnknown
Product-find_and_replace_allFind and Replace All
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-38329
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.37% / 58.36%
||
7 Day CHG~0.00%
Published-13 Sep, 2022 | 00:00
Updated-28 Mar, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CSRF vulnerability in Shopxian CMS 3.0.0 could allow an unauthenticated, remote attacker to craft a malicious link, potentially causing the administrator to perform unintended actions on an affected system. The vulnerability could allow attackers to modify or delete specific content through crafted requests, potentially leading to data loss and system integrity issues.

Action-Not Available
Vendor-shopxiann/a
Product-shopxian_cmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-38468
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 26.17%
||
7 Day CHG~0.00%
Published-01 Mar, 2023 | 13:02
Updated-13 Jan, 2025 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress NextGEN Gallery Plugin <= 3.28 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Imagely WordPress Gallery Plugin – NextGEN Gallery plugin <= 3.28 leading to thumbnail alteration.

Action-Not Available
Vendor-Imagely, LLC (Imagely)
Product-nextgen_galleryWordPress Gallery Plugin – NextGEN Gallery
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-38077
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 26.34%
||
7 Day CHG~0.00%
Published-29 Mar, 2023 | 12:19
Updated-10 Jan, 2025 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Popup Anything Plugin <= 2.2.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in WP OnlineSupport, Essential Plugin Popup Anything – A Marketing Popup and Lead Generation Conversions plugin <= 2.2.1 versions.

Action-Not Available
Vendor-essentialpluginWP OnlineSupport, Essential Plugin
Product-popup_anythingPopup Anything – A Marketing Popup and Lead Generation Conversions
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-2429
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.14% / 33.91%
||
7 Day CHG~0.00%
Published-26 Apr, 2024 | 05:00
Updated-14 Apr, 2025 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Salon booking system <= 9.6.5 - Settings Update via CSRF

The Salon booking system WordPress plugin through 9.6.5 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Action-Not Available
Vendor-salonbookingsystemUnknownsalonbookingsystem
Product-salon_booking_systemSalon booking systemsalon_booking_system
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-24802
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.47%
||
7 Day CHG~0.00%
Published-21 Feb, 2024 | 07:29
Updated-06 May, 2025 | 18:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress JTRT Responsive Tables Plugin <= 4.1.9 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in John Tendik JTRT Responsive Tables.This issue affects JTRT Responsive Tables: from n/a through 4.1.9.

Action-Not Available
Vendor-jtrt_responsive_tables_projectJohn Tendik
Product-jtrt_responsive_tablesJTRT Responsive Tables
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-38137
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 28.87%
||
7 Day CHG~0.00%
Published-08 Nov, 2022 | 18:32
Updated-20 Feb, 2025 | 19:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Analytify plugin <= 4.2.2 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Analytify plugin <= 4.2.2 on WordPress.

Action-Not Available
Vendor-analytifyAnalytify
Product-analytify_-_google_analytics_dashboardAnalytify (WordPress plugin)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-24935
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.47%
||
7 Day CHG~0.00%
Published-12 Feb, 2024 | 08:34
Updated-07 Nov, 2024 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Basic Log Viewer Plugin <= 1.0.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in WpSimpleTools Basic Log Viewer.This issue affects Basic Log Viewer: from n/a through 1.0.4.

Action-Not Available
Vendor-wpsimpletoolsWpSimpleTools
Product-basic_log_viewerBasic Log Viewer
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-3894
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.63%
||
7 Day CHG~0.00%
Published-20 Mar, 2023 | 15:52
Updated-26 Feb, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP OAuth Server < 4.2.5 - Arbitrary Post Deletion via CSRF

The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.2.5 does not have CSRF check when deleting a client, and does not ensure that the object to be deleted is actually a client, which could allow attackers to make a logged in admin delete arbitrary client and post via a CSRF attack.

Action-Not Available
Vendor-dash10Unknown
Product-oauth_serverWP OAuth Server (OAuth Authentication)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-38095
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.11% / 28.88%
||
7 Day CHG~0.00%
Published-23 Sep, 2022 | 13:41
Updated-20 Feb, 2025 | 20:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.3 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in AlgolPlus Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.3 at WordPress.

Action-Not Available
Vendor-AlgolPlus
Product-advanced_dynamic_pricing_for_woocommerceAdvanced Dynamic Pricing for WooCommerce (WordPress plugin)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-2354
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 19.25%
||
7 Day CHG~0.00%
Published-10 Mar, 2024 | 11:00
Updated-21 Aug, 2024 | 15:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dreamer CMS toEdit cross-site request forgery

A vulnerability, which was classified as problematic, was found in Dreamer CMS 4.1.3. Affected is an unknown function of the file /admin/menu/toEdit. The manipulation of the argument id leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-256314 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Dreamerdreamer_cms_project
Product-CMSdreamer_cms
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-38470
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 28.87%
||
7 Day CHG~0.00%
Published-23 Sep, 2022 | 15:08
Updated-20 Feb, 2025 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Customer Reviews for WooCommerce plugin <= 5.3.5 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress.

Action-Not Available
Vendor-cusrevCusRev
Product-customer_reviews_for_woocommerceCustomer Reviews for WooCommerce (WordPress plugin)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-20411
Matching Score-4
Assigner-Atlassian
ShareView Details
Matching Score-4
Assigner-Atlassian
CVSS Score-4.3||MEDIUM
EPSS-0.14% / 34.06%
||
7 Day CHG~0.00%
Published-29 Jun, 2020 | 05:30
Updated-16 Sep, 2024 | 17:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify Wallboard settings via a Cross-site request forgery (CSRF) vulnerability. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2.

Action-Not Available
Vendor-Atlassian
Product-jira_serverjira_data_centerjiraJira Server
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-37405
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 30.47%
||
7 Day CHG~0.00%
Published-09 Sep, 2022 | 14:39
Updated-20 Feb, 2025 | 20:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Better Font Awesome plugin <= 2.0.1 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Mickey Kay's Better Font Awesome plugin <= 2.0.1 at WordPress.

Action-Not Available
Vendor-better_font_awesome_projectMickey Kay
Product-better_font_awesomeBetter Font Awesome (WordPress plugin)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-53261
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 2.88%
||
7 Day CHG~0.00%
Published-27 Jun, 2025 | 13:21
Updated-30 Jun, 2025 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP YouTube Live plugin <= 1.10.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in macbookandrew WP YouTube Live allows Cross Site Request Forgery. This issue affects WP YouTube Live: from n/a through 1.10.0.

Action-Not Available
Vendor-macbookandrew
Product-WP YouTube Live
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-36968
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 11.55%
||
7 Day CHG~0.00%
Published-02 Aug, 2022 | 21:58
Updated-03 Aug, 2024 | 10:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Progress WS_FTP Server prior to version 8.7.3, forms within the administrative interface did not include a nonce to mitigate the risk of cross-site request forgery (CSRF) attacks.

Action-Not Available
Vendor-n/aProgress Software Corporation
Product-ipswitch_ws_ftp_servern/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-3582
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 33.00%
||
7 Day CHG~0.00%
Published-18 Oct, 2022 | 00:00
Updated-03 Aug, 2024 | 01:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Simple Cold Storage Management System cross-site request forgery

A vulnerability has been found in SourceCodester Simple Cold Storage Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument change password leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-211189 was assigned to this vulnerability.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-simple_cold_storage_management_systemSimple Cold Storage Management System
CWE ID-CWE-863
Incorrect Authorization
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-36346
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 29.82%
||
7 Day CHG~0.00%
Published-22 Aug, 2022 | 14:50
Updated-20 Feb, 2025 | 20:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MaxButtons plugin <= 9.2 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities

Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Max Foundry MaxButtons plugin <= 9.2 at WordPress.

Action-Not Available
Vendor-maxfoundryMax Foundry
Product-maxbuttonsMaxButtons (WordPress plugin)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-2277
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.47%
||
7 Day CHG~0.00%
Published-08 Mar, 2024 | 01:00
Updated-12 Mar, 2025 | 13:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Bdtask G-Prescription Gynaecology & OBS Consultation Software Password Reset change_password_save cross-site request forgery

A vulnerability was found in Bdtask G-Prescription Gynaecology & OBS Consultation Software 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /Setting/change_password_save of the component Password Reset Handler. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-256046 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-bdtaskBdtaskbdtask
Product-g-prescription_gynaecology_\&_obs_consultationG-Prescription Gynaecology & OBS Consultation Softwareg-prescription_gynaecology_\&_obs_consultation_software
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-35730
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 26.94%
||
7 Day CHG~0.00%
Published-04 Dec, 2022 | 22:35
Updated-27 Jan, 2025 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Oceanwp sticky header plugin <= 1.0.8 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Oceanwp sticky header plugin <= 1.0.8 on WordPress.

Action-Not Available
Vendor-oceanwpOren Hahiashvili
Product-sticky_headerOceanwp sticky header
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-35638
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 12.18%
||
7 Day CHG~0.00%
Published-22 Nov, 2023 | 04:00
Updated-21 Nov, 2024 | 18:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Sterling B2B Integrator cross-site request forgery

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 230824.

Action-Not Available
Vendor-IBM Corporation
Product-sterling_b2b_integratorSterling B2B Integrator
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-36095
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 29.73%
||
7 Day CHG~0.00%
Published-08 Sep, 2022 | 20:20
Updated-23 Apr, 2025 | 17:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
XWiki Cross-Site Request Forgery (CSRF) for actions on tags

XWiki Platform is a generic wiki platform. Prior to versions 13.10.5 and 14.3, it is possible to perform a Cross-Site Request Forgery (CSRF) attack for adding or removing tags on XWiki pages. The problem has been patched in XWiki 13.10.5 and 14.3. As a workaround, one may locally modify the `documentTags.vm` template in one's filesystem, to apply the changes exposed there.

Action-Not Available
Vendor-XWiki SAS
Product-xwikixwiki-platform
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-35611
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 30.19%
||
7 Day CHG~0.00%
Published-13 Oct, 2022 | 00:00
Updated-15 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Cross-Site Request Forgery (CSRF) in MQTTRoute v3.3 and below allows attackers to create and remove dashboards.

Action-Not Available
Vendor-bevywisen/a
Product-mqttrouten/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-36345
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 25.14%
||
7 Day CHG~0.00%
Published-28 May, 2023 | 19:05
Updated-01 Nov, 2024 | 13:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Download Plugin Plugin <= 2.0.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Metagauss Download Plugin <= 2.0.4 versions.

Action-Not Available
Vendor-Metagauss Inc.
Product-download_pluginDownload Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-3585
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 35.38%
||
7 Day CHG~0.00%
Published-18 Oct, 2022 | 00:00
Updated-03 Aug, 2024 | 01:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Simple Cold Storage Management System Contact Us cross-site request forgery

A vulnerability classified as problematic has been found in SourceCodester Simple Cold Storage Management System 1.0. Affected is an unknown function of the file /csms/?page=contact_us of the component Contact Us. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-211194 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-simple_cold_storage_management_systemSimple Cold Storage Management System
CWE ID-CWE-863
Incorrect Authorization
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-19666
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.16% / 37.03%
||
7 Day CHG~0.00%
Published-10 Feb, 2020 | 17:38
Updated-05 Aug, 2024 | 02:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CSRF vulnerability exists in the Event Notices Settings of Web File Manager in Rumpus FTP 8.2.9.1. An attacker can create/update event notices via RAPR/EventNoticesSet.html.

Action-Not Available
Vendor-maxumn/a
Product-rumpus_ftpn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-36389
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 31.46%
||
7 Day CHG~0.00%
Published-23 Aug, 2022 | 15:48
Updated-20 Feb, 2025 | 20:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Better Messages plugin <= 1.9.9.148 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in WordPlus Better Messages plugin <= 1.9.9.148 at WordPress.

Action-Not Available
Vendor-wordplusWordPlus
Product-better_messagesBetter Messages (WordPress plugin)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • ...
  • 25
  • 26
  • 27
  • ...
  • 41
  • 42
  • Next
Details not found