Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-38759

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-08 Aug, 2023 | 00:00
Updated At-10 Oct, 2024 | 19:00
Rejected At-
Credits

Cross Site Request Forgery (CSRF) vulnerability in wger Project wger Workout Manager 2.2.0a3 allows a remote attacker to gain privileges via the user-management feature in the gym/views/gym.py, templates/gym/reset_user_password.html, templates/user/overview.html, core/views/user.py, and templates/user/preferences.html, core/forms.py components.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:08 Aug, 2023 | 00:00
Updated At:10 Oct, 2024 | 19:00
Rejected At:
▼CVE Numbering Authority (CNA)

Cross Site Request Forgery (CSRF) vulnerability in wger Project wger Workout Manager 2.2.0a3 allows a remote attacker to gain privileges via the user-management feature in the gym/views/gym.py, templates/gym/reset_user_password.html, templates/user/overview.html, core/views/user.py, and templates/user/preferences.html, core/forms.py components.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://wger.de
N/A
https://github.com/0x72303074/CVE-Disclosures
N/A
Hyperlink: https://wger.de
Resource: N/A
Hyperlink: https://github.com/0x72303074/CVE-Disclosures
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://wger.de
x_transferred
https://github.com/0x72303074/CVE-Disclosures
x_transferred
Hyperlink: https://wger.de
Resource:
x_transferred
Hyperlink: https://github.com/0x72303074/CVE-Disclosures
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:08 Aug, 2023 | 16:15
Updated At:11 Aug, 2023 | 16:06

Cross Site Request Forgery (CSRF) vulnerability in wger Project wger Workout Manager 2.2.0a3 allows a remote attacker to gain privileges via the user-management feature in the gym/views/gym.py, templates/gym/reset_user_password.html, templates/user/overview.html, core/views/user.py, and templates/user/preferences.html, core/forms.py components.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CPE Matches
wger
wger
>>workout_manager>>2.2.0
cpe:2.3:a:wger:workout_manager:2.2.0:a3:*:*:*:android:*:*
Weaknesses
CWE IDTypeSource
CWE-352Primarynvd@nist.gov
CWE ID: CWE-352
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/0x72303074/CVE-Disclosurescve@mitre.org
Third Party Advisory
https://wger.decve@mitre.org
Product
Hyperlink: https://github.com/0x72303074/CVE-Disclosures
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://wger.de
Source: cve@mitre.org
Resource:
Product

Change History

0
Information is not available yet

Similar CVEs

2356Records found
CVE-2017-20045
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-7.3||HIGH
EPSS-0.13% / 32.76%
||
7 Day CHG~0.00%
Published-13 Jun, 2022 | 06:50
Updated-15 Apr, 2025 | 14:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Navetti PricePoint cross-site request forgery

A vulnerability was found in Navetti PricePoint 4.6.0.0. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.7.0.0 is able to address this issue. It is recommended to upgrade the affected component.

Action-Not Available
Vendor-vendavoNavetti
Product-pricepointPricePoint
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-20062
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5||MEDIUM
EPSS-0.14% / 33.86%
||
7 Day CHG~0.00%
Published-20 Jun, 2022 | 04:50
Updated-15 Apr, 2025 | 14:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Elefant CMS cross-site request forgery

A vulnerability was found in Elefant CMS 1.3.12-RC and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component.

Action-Not Available
Vendor-elefantcmsElefant
Product-elefant_cmsCMS
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-5732
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 18.79%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 07:31
Updated-13 Nov, 2025 | 15:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Traffic Offense Reporting System cross-site request forgery

A vulnerability, which was classified as problematic, was found in code-projects Traffic Offense Reporting System 1.0. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-carmeloSource Code & Projects
Product-traffic_offense_reporting_systemTraffic Offense Reporting System
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-862
Missing Authorization
CVE-2017-18703
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.17% / 37.87%
||
7 Day CHG~0.00%
Published-24 Apr, 2020 | 14:08
Updated-05 Aug, 2024 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by CSRF. This affects D1500 before 1.0.0.25, D500 before 1.0.0.25, D6100 before 1.0.0.55, D7000 before 1.0.1.50, D7800 before 1.0.1.28, EX6100v2 before 1.0.1.60, EX6150v2 before 1.0.1.60, JNR1010v2 before 1.1.0.46, JR6150 before 1.0.1.16, JWNR2010v5 before 1.1.0.46, PR2000 before 1.0.0.18, R6020 before 1.0.0.26, R6050 before 1.0.1.16, R6080 before 1.0.0.26, R6100 before 1.0.1.20, R6220 before 1.1.0.60, R7500 before 1.0.0.118, R7500v2 before 1.0.3.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WN3000RPv3 before 1.0.2.50, WN3100RPv2 before 1.0.0.40, WNDR3700v5 before 1.1.0.48, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.46, WNR2000v5 before 1.0.0.62, WNR2020 before 1.1.0.46, and WNR2050 before 1.1.0.46.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-jnr1010_firmwared500wn3000rpwnr2020_firmwarewndr3700wnr2020r6220_firmwarepr2000r6080_firmwared7800jwnr2010r6100_firmwarewn3100rp_firmwarewndr4300_firmwared500_firmwared1500r7500_firmwarewnr1000_firmwarewn3100rpr6050pr2000_firmwared6100_firmwarer6220r6020wndr4500r6100r6020_firmwareex6100wn3000rp_firmwared7800_firmwared7000r9000_firmwarer6080d7000_firmwarewndr3700_firmwarewnr1000wndr4500_firmwarewnr2000_firmwareex6150r7500r9000r6050_firmwarer7800wnr2050ex6100_firmwared1500_firmwared6100jr6150_firmwarejr6150wnr2000wnr2050_firmwarewndr4300jnr1010r7800_firmwarejwnr2010_firmwareex6150_firmwaren/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-5335
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-5||MEDIUM
EPSS-0.08% / 23.13%
||
7 Day CHG~0.00%
Published-04 May, 2020 | 18:50
Updated-16 Sep, 2024 | 22:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RSA Archer, versions prior to 6.7 P2 (6.7.0.2), contain a cross-site request forgery vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to send arbitrary requests to the vulnerable application to perform server operations with the privileges of the authenticated victim user.

Action-Not Available
Vendor-Dell Inc.RSA Security LLC
Product-archerRSA Archer
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-18607
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.30% / 53.06%
||
7 Day CHG~0.00%
Published-10 Sep, 2019 | 11:18
Updated-05 Aug, 2024 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The avada theme before 5.1.5 for WordPress has CSRF.

Action-Not Available
Vendor-n/aAvada (ThemeFusion)
Product-avadan/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-18848
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.17% / 37.87%
||
7 Day CHG~0.00%
Published-20 Apr, 2020 | 15:24
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by CSRF. This affects R6300v2 before 1.0.0.36, AC1450 before 1.0.0.36, R7300 before 1.0.0.54, and R8500 before 1.0.2.94.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r8500_firmwarer8500r7300ac1450r7300_firmwareac1450_firmwarer6300r6300_firmwaren/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-47183
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.06% / 19.67%
||
7 Day CHG~0.00%
Published-22 May, 2023 | 09:11
Updated-09 Jan, 2025 | 15:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Extra Block Design, Style, CSS for ANY Gutenberg Blocks Plugin <= 0.2.6 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in StylistWP Extra Block Design, Style, CSS for ANY Gutenberg Blocks plugin <= 0.2.6 versions.

Action-Not Available
Vendor-stylist_projectStylistWP
Product-stylistExtra Block Design, Style, CSS for ANY Gutenberg Blocks
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-47161
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.41%
||
7 Day CHG~0.00%
Published-25 May, 2023 | 09:04
Updated-08 Jan, 2025 | 22:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Health Check & Troubleshooting Plugin <= 1.5.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in The WordPress.Org community Health Check & Troubleshooting plugin <= 1.5.1 versions.

Action-Not Available
Vendor-The WordPress.org communityWordPress.org
Product-health_check_\&_troubleshootingHealth Check & Troubleshooting
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-46816
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.41%
||
7 Day CHG~0.00%
Published-24 May, 2023 | 15:45
Updated-08 Jan, 2025 | 22:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Booking Ultra Pro Plugin <= 1.1.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Booking Ultra Pro Appointments Booking Calendar Plugin plugin <= 1.1.4 versions.

Action-Not Available
Vendor-bookingultraproBooking Ultra Pro
Product-booking_ultra_pro_appointments_booking_calendarBooking Ultra Pro Appointments Booking Calendar Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-47141
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.07% / 20.85%
||
7 Day CHG~0.00%
Published-14 Mar, 2023 | 08:55
Updated-13 Jan, 2025 | 15:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Dynamic Keywords Injector Plugin <= 2.3.15 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Seerox WP Dynamic Keywords Injector plugin <= 2.3.15 versions.

Action-Not Available
Vendor-seeroxSeerox
Product-wp_dynamic_keywords_injectorWP Dynamic Keywords Injector
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-47134
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 20.40%
||
7 Day CHG~0.00%
Published-20 May, 2023 | 22:51
Updated-09 Jan, 2025 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Gallery Metabox Plugin <= 1.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Bill Erickson Gallery Metabox plugin <= 1.5 versions.

Action-Not Available
Vendor-gallery_metabox_projectBill Erickson
Product-gallery_metaboxGallery Metabox
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-47559
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-8.6||HIGH
EPSS-0.11% / 29.89%
||
7 Day CHG~0.00%
Published-19 Sep, 2023 | 13:00
Updated-03 Aug, 2024 | 14:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery in Ormazabal products

Lack of device control over web requests in ekorCCP and ekorRCI, allowing an attacker to create customised requests to execute malicious actions when a user is logged in, affecting availability, privacy and integrity.

Action-Not Available
Vendor-ormazabalOrmazabalormazabal
Product-ekorccp_firmwareekorrciekorrci_firmwareekorccpekorRCIekorCCPekorccp_firmwareekorrci_firmware
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-47167
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.06% / 19.67%
||
7 Day CHG~0.00%
Published-22 May, 2023 | 09:14
Updated-08 Jan, 2025 | 22:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Crayon Syntax Highlighter Plugin <= 2.8.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Aram Kocharyan Crayon Syntax Highlighter plugin <= 2.8.4 versions.

Action-Not Available
Vendor-crayon_syntax_highlighter_projectAram Kocharyan
Product-crayon_syntax_highlighterCrayon Syntax Highlighter
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-46854
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.06% / 17.76%
||
7 Day CHG~0.00%
Published-17 Mar, 2023 | 15:24
Updated-13 Jan, 2025 | 15:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Launchpad – Coming Soon & Maintenance Mode Plugin Plugin <= 1.0.13 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Obox Themes Launchpad – Coming Soon & Maintenance Mode plugin <= 1.0.13 versions.

Action-Not Available
Vendor-oboxObox Themes
Product-launchpad_-_coming_soon_\&_maintenance_mode_pluginLaunchpad – Coming Soon & Maintenance Mode Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-46862
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.17% / 38.81%
||
7 Day CHG~0.00%
Published-14 Feb, 2023 | 11:26
Updated-13 Jan, 2025 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Quiz And Survey Master Plugin <= 8.0.7 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin <= 8.0.7 versions.

Action-Not Available
Vendor-expresstechExpressTech
Product-quiz_and_survey_masterQuiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-47143
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 26.36%
||
7 Day CHG~0.00%
Published-14 Mar, 2023 | 08:58
Updated-13 Jan, 2025 | 15:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Multiple Page Generator Plugin – MPG Plugin <= 3.3.9 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Themeisle Multiple Page Generator Plugin – MPG plugin <= 3.3.9 versions.

Action-Not Available
Vendor-ThemeisleThemeisle
Product-multiple_page_generatorMultiple Page Generator Plugin – MPG
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-47139
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 16.68%
||
7 Day CHG~0.00%
Published-25 May, 2023 | 08:10
Updated-08 Jan, 2025 | 22:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Basic Elements Plugin <= 5.2.15 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Damir Calusic WP Basic Elements plugin <= 5.2.15 versions.

Action-Not Available
Vendor-wp_basic_elements_projectDamir Calusic
Product-wp_basic_elementsWP Basic Elements
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-47162
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 26.36%
||
7 Day CHG~0.00%
Published-14 Mar, 2023 | 06:53
Updated-13 Jan, 2025 | 15:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress DH – Anti AdBlocker Plugin <= 36 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Dannie Herdyawan DH – Anti AdBlocker plugin <= 36 versions.

Action-Not Available
Vendor-dh_-_anti_adblocker_projectDannie Herdyawan
Product-dh_-_anti_adblockerDH – Anti AdBlocker
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-47144
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 18.17%
||
7 Day CHG~0.00%
Published-25 May, 2023 | 11:42
Updated-08 Jan, 2025 | 21:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Mediamatic – Media Library Folders Plugin <= 2.8.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Plugincraft Mediamatic – Media Library Folders plugin <= 2.8.1 versions.

Action-Not Available
Vendor-frenifyPlugincraft
Product-mediamaticMediamatic – Media Library Folders
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-47180
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 26.98%
||
7 Day CHG~0.00%
Published-24 May, 2023 | 15:55
Updated-08 Jan, 2025 | 22:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Kopa Framework Plugin <= 1.3.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Kopa Theme Kopa Framework plugin <= 1.3.5 versions.

Action-Not Available
Vendor-kopathemeKopa Theme
Product-kopa_frameworkKopa Framework
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-47147
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.07% / 20.85%
||
7 Day CHG~0.00%
Published-14 Mar, 2023 | 08:30
Updated-13 Jan, 2025 | 15:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ipBlockList Plugin <= 1.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Kesz1 Technologies ipBlockList plugin <= 1.0 versions.

Action-Not Available
Vendor-kesz1Kesz1 Technologies
Product-ipblocklistipBlockList
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-47181
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.26% / 49.72%
||
7 Day CHG~0.00%
Published-07 Nov, 2023 | 17:23
Updated-19 Feb, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Email Templates Plugin <= 1.4.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in wpexpertsio Email Templates Customizer and Designer for WordPress and WooCommerce email-templates allows Cross Site Request Forgery.This issue affects Email Templates Customizer and Designer for WordPress and WooCommerce: from n/a through 1.4.2.

Action-Not Available
Vendor-wpexpertswpexpertsio
Product-email_templates_customizer_and_designerEmail Templates Customizer and Designer for WordPress and WooCommerce
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-47427
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.07% / 20.85%
||
7 Day CHG~0.00%
Published-15 Mar, 2023 | 10:35
Updated-13 Jan, 2025 | 15:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress My Calendar Plugin <= 3.3.24.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My Calendar plugin <= 3.3.24.1 versions.

Action-Not Available
Vendor-my_calendar_projectJoseph C Dolson
Product-my_calendarMy Calendar
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-47159
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.41%
||
7 Day CHG~0.00%
Published-25 May, 2023 | 08:17
Updated-08 Jan, 2025 | 22:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Logaster Logo Generator Plugin <= 1.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Logaster Logaster Logo Generator plugin <= 1.3 versions.

Action-Not Available
Vendor-logasterLogaster
Product-logo_generatorLogaster Logo Generator
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-47609
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.3||MEDIUM
EPSS-0.08% / 23.93%
||
7 Day CHG~0.00%
Published-22 May, 2023 | 08:56
Updated-09 Jan, 2025 | 15:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress DNUI Plugin <= 2.8.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Nicearma DNUI plugin <= 2.8.1 versions.

Action-Not Available
Vendor-nicearmaNicearma
Product-dnui-delete-not-used-imageDNUI
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-47446
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 16.68%
||
7 Day CHG~0.00%
Published-24 May, 2023 | 16:05
Updated-08 Jan, 2025 | 22:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Store Locator Plugin <= 3.98.7 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Viadat Creations Store Locator for WordPress with Google Maps – LotsOfLocales plugin <= 3.98.7 versions.

Action-Not Available
Vendor-viadatViadat Creations
Product-store_locator_for_wordpress_with_google_mapsStore Locator for WordPress with Google Maps – LotsOfLocales
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-46842
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.10% / 28.47%
||
7 Day CHG~0.00%
Published-02 Feb, 2023 | 16:32
Updated-07 Nov, 2023 | 03:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress JS Help Desk plugin <= 2.7.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in JS Help Desk plugin <= 2.7.1 versions.

Action-Not Available
Vendor-wiselyhubJS Help Desk
Product-js_help_deskJS Help Desk
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-47422
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 31.50%
||
7 Day CHG~0.00%
Published-14 Mar, 2023 | 08:47
Updated-13 Jan, 2025 | 15:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WordPress Stripe Donation and Payment Plugin Plugin <= 3.1.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in HM Plugin Accept Stripe Donation – AidWP plugin <= 3.1.5 versions.

Action-Not Available
Vendor-hmpluginHM Plugin
Product-accept_stripe_donation_-_aidwpAccept Stripe Donation – AidWP
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-57310
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.04% / 11.45%
||
7 Day CHG~0.00%
Published-12 Nov, 2025 | 00:00
Updated-31 Dec, 2025 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Cross-Site Request Forgery (CSRF) vulnerability in Salmen2/Simple-Faucet-Script v1.07 via crafted POST request to admin.php?p=ads&c=1 allowing attackers to execute arbitrary code.

Action-Not Available
Vendor-salmenn/a
Product-simple_faucet_scriptn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-45080
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.07% / 20.85%
||
7 Day CHG~0.00%
Published-23 Apr, 2023 | 11:13
Updated-09 Jan, 2025 | 15:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Add Multiple Marker Plugin <= 1.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in KrishaWeb Add Multiple Marker plugin <= 1.2 versions.

Action-Not Available
Vendor-krishawebKrishaWeb
Product-add_multiple_markerAdd Multiple Marker
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-45367
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.41%
||
7 Day CHG~0.00%
Published-25 May, 2023 | 09:55
Updated-08 Jan, 2025 | 21:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Custom Order Numbers for WooCommerce Plugin <= 1.4.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Tyche Softwares Custom Order Numbers for WooCommerce plugin <= 1.4.0 versions.

Action-Not Available
Vendor-tychesoftwaresTyche Softwares
Product-custom_order_numbers_for_woocommerceCustom Order Numbers for WooCommerce
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-46368
Matching Score-4
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Matching Score-4
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-6.8||MEDIUM
EPSS-0.11% / 29.74%
||
7 Day CHG~0.00%
Published-12 Jan, 2023 | 00:00
Updated-08 Apr, 2025 | 16:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rumpus - FTP server Cross-site request forgery (CSRF) – Create user

Rumpus - FTP server version 9.0.7.1 Cross-site request forgery (CSRF) – vulnerability may allow unauthorized action on behalf of authenticated users.

Action-Not Available
Vendor-maxumRumpus
Product-rumpusFTP server
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-45376
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.41%
||
7 Day CHG~0.00%
Published-22 May, 2023 | 09:22
Updated-08 Jan, 2025 | 22:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Side Cart Woocommerce (Ajax) Plugin < 2.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in XootiX Side Cart Woocommerce (Ajax) < 2.1 versions.

Action-Not Available
Vendor-xootixXootiX
Product-side_cart_woocommerceSide Cart Woocommerce (Ajax)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-55147
Matching Score-4
Assigner-Ivanti
ShareView Details
Matching Score-4
Assigner-Ivanti
CVSS Score-8.8||HIGH
EPSS-0.35% / 57.29%
||
7 Day CHG~0.00%
Published-09 Sep, 2025 | 15:32
Updated-26 Feb, 2026 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote unauthenticated attacker to execute sensitive actions on behalf of the victim user. User interaction is required

Action-Not Available
Vendor-Ivanti Software
Product-connect_securepolicy_secureneurons_for_secure_accesszero_trust_access_gatewayPolicy SecureZTA GatewayNeurons for Secure AccessConnect Secure
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-45068
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.15% / 36.03%
||
7 Day CHG+0.10%
Published-01 Mar, 2023 | 13:35
Updated-13 Jan, 2025 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Mercado Pago payments for WooCommerce Plugin <= 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Mercado Pago Mercado Pago payments for WooCommerce plugin <= 6.3.1.

Action-Not Available
Vendor-mercadopagoMercado Pago
Product-mercado_pago_payments_for_woocommerceMercado Pago payments for WooCommerce
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-45073
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 23.33%
||
7 Day CHG~0.00%
Published-18 Nov, 2022 | 21:42
Updated-20 Feb, 2025 | 19:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress REST API Authentication plugin <= 2.4.0 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in REST API Authentication plugin <= 2.4.0 on WordPress.

Action-Not Available
Vendor-miniorangeminiOrange
Product-wordpress_rest_api_authenticationWordPress REST API Authentication (WordPress plugin)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-4621
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.11% / 29.29%
||
7 Day CHG~0.00%
Published-17 Jan, 2023 | 16:36
Updated-07 Nov, 2023 | 03:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Panasonic Sanyo CCTV Network Camera

Panasonic Sanyo CCTV Network Cameras versions 1.02-05 and 2.03-0x are vulnerable to CSRFs that can be exploited to allow an attacker to perform changes with administrator level privileges.

Action-Not Available
Vendor-panasonicPanasonic
Product-vcc-hd3100pvcc-hd2100p_firmwarevcc-hd5600pvcc-hd3300pvcc-hd2100pvcc-hd3100p_firmwarevcc-hd3300_firmwarevcc-hd3300vcc-hd5600p_firmwarevcc-hd3300p_firmwareSanyo CCTV Network Camera
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-45823
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.48%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 07:50
Updated-11 Oct, 2024 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Video Contest WordPress Plugin Plugin <= 3.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in GalleryPlugins Video Contest WordPress plugin <= 3.2 versions.

Action-Not Available
Vendor-video_contest_wordpress_projectGalleryPlugins
Product-video_contest_wordpressVideo Contest WordPress Plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-45372
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 25.18%
||
7 Day CHG~0.00%
Published-29 May, 2023 | 00:15
Updated-01 Nov, 2024 | 13:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Product Gallery Slider for WooCommerce Plugin <= 2.2.8 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Codeixer Product Gallery Slider for WooCommerce plugin <= 2.2.8 versions.

Action-Not Available
Vendor-codeixerCodeixer
Product-product_gallery_slider_for_woocommerceProduct Gallery Slider for WooCommerce
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-16993
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.22% / 44.68%
||
7 Day CHG~0.00%
Published-30 Sep, 2019 | 11:30
Updated-05 Aug, 2024 | 01:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In phpBB before 3.1.7-PL1, includes/acp/acp_bbcodes.php has improper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack is possible if an attacker also manages to retrieve the session id of a reauthenticated administrator prior to targeting them.

Action-Not Available
Vendor-phpbbn/aDebian GNU/Linux
Product-phpbbdebian_linuxn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-45079
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.41%
||
7 Day CHG~0.00%
Published-22 May, 2023 | 09:36
Updated-08 Jan, 2025 | 22:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Loginizer Plugin <= 1.7.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Softaculous Loginizer plugin <= 1.7.5 versions.

Action-Not Available
Vendor-loginizerSoftaculous
Product-loginizerLoginizer
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-45076
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.41%
||
7 Day CHG~0.00%
Published-22 May, 2023 | 09:40
Updated-08 Jan, 2025 | 22:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Flexible Elementor Panel Plugin <= 2.3.8 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in WebMat Flexible Elementor Panel plugin <= 2.3.8 versions.

Action-Not Available
Vendor-webmatWebMat
Product-flexible_elementor_panelFlexible Elementor Panel
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-5776
Matching Score-4
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-4
Assigner-Tenable Network Security, Inc.
CVSS Score-8.8||HIGH
EPSS-80.65% / 99.12%
||
7 Day CHG+0.92%
Published-01 Sep, 2020 | 20:34
Updated-04 Aug, 2024 | 08:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Currently, all versions of MAGMI are vulnerable to CSRF due to the lack of CSRF tokens. RCE (via phpcli command) is possible in the event that a CSRF is leveraged against an existing admin session for MAGMI.

Action-Not Available
Vendor-magmi_projectn/a
Product-magmiMAGMI
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-43459
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.15% / 36.03%
||
7 Day CHG+0.10%
Published-28 Feb, 2023 | 13:29
Updated-13 Jan, 2025 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Forms by CaptainForm Plugin <= 2.5.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Forms by CaptainForm – Form Builder for WordPress plugin <= 2.5.3 versions.

Action-Not Available
Vendor-captainformCaptainform
Product-captainformForms by CaptainForm – Form Builder for WordPress
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-5576
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.15% / 35.45%
||
7 Day CHG~0.00%
Published-14 May, 2020 | 01:00
Updated-04 Aug, 2024 | 08:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to hijack the authentication of administrators via unspecified vectors.

Action-Not Available
Vendor-sixapartSix Apart Ltd.
Product-movable_typeMovable Type
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-5786
Matching Score-4
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-4
Assigner-Tenable Network Security, Inc.
CVSS Score-8.8||HIGH
EPSS-0.29% / 51.88%
||
7 Day CHG~0.00%
Published-01 Oct, 2020 | 19:41
Updated-04 Aug, 2024 | 08:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery in Teltonika firmware TRB2_R_00.02.04.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link.

Action-Not Available
Vendor-teltonika-networksn/a
Product-trb245_firmwaretrb245Teltonika Gateway TRB245
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-56400
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.03% / 6.69%
||
7 Day CHG~0.00%
Published-24 Nov, 2025 | 00:00
Updated-30 Dec, 2025 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-Site Request Forgery (CSRF) vulnerability in the OAuth implementation of the Tuya SDK 6.5.0 for Android and iOS, affects the Tuya Smart and Smartlife mobile applications, as well as other third-party applications that integrate the SDK, allows an attacker to link their own Amazon Alexa account to a victim's Tuya account. The applications fail to validate the OAuth state parameter during the account linking flow, enabling a cross-site request forgery (CSRF)-like attack. By tricking the victim into clicking a crafted authorization link, an attacker can complete the OAuth flow on the victim's behalf, resulting in unauthorized Alexa access to the victim's Tuya-connected devices. This affects users regardless of prior Alexa linkage and does not require the Tuya application to be active at the time. Successful exploitation may allow remote control of devices such as cameras, doorbells, door locks, or alarms.

Action-Not Available
Vendor-tuyan/a
Product-smartlifetuya_smarttuyan/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-384
Session Fixation
CVE-2020-5642
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.10% / 28.09%
||
7 Day CHG~0.00%
Published-15 Oct, 2020 | 02:20
Updated-04 Aug, 2024 | 08:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Live Chat - Live support version 3.1.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.

Action-Not Available
Vendor-onwebchatonWebChat
Product-live_chat_-_live_supportLive Chat - Live support
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-5530
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.14% / 33.60%
||
7 Day CHG~0.00%
Published-18 Feb, 2020 | 05:30
Updated-04 Aug, 2024 | 08:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Easy Property Listings versions prior to 3.4 allows remote attackers to hijack the authentication of administrators via unspecified vectors.

Action-Not Available
Vendor-realestateconnectedMerv Barrett
Product-easy_property_listingsEasy Property Listings
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • ...
  • 19
  • 20
  • 21
  • ...
  • 47
  • 48
  • Next
Details not found