Weaknesses of type CWE-352

5,692 results
CVE-2022-45130MEDIUMPlesk Obsidian allows a CSRF attack, e.g., via the /api/v2/cli/commands REST API to change an Admin password. NOTE: Obsidian is a specific vEPSS 0.3%CVE-2022-29430MEDIUMWordPress PNG to JPG plugin <= 4.0 - Cross-Site Request Forgery (CSRF) leading to Persistent Cross-Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-8490HIGHPropertyHive <= 2.0.19 - Cross-Site Request Forgery via save_account_detailsEPSS 0.3%CVE-2022-2276WP Edit Menu < 1.5.0 - Unauthenticated Arbitrary Post DeletionEPSS 0.3%CVE-2023-2405MEDIUMCRM and Lead Management by vcita <= 2.7.0 - Cross-Site Request Forgery to Stored Cross-Site ScriptingEPSS 0.3%CVE-2024-2817MEDIUMTenda AC15 SysToolRestoreSet fromSysToolRestoreSet cross-site request forgeryEPSS 0.3%CVE-2020-14369This release fixes a Cross Site Request Forgery vulnerability was found in Red Hat CloudForms which forces end users to execute unwanted actEPSS 0.3%CVE-2024-5428MEDIUMSourceCodester Simple Online Bidding System HTTP POST Request save_product cross-site request forgeryEPSS 0.3%CVE-2024-26352HIGHflusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/add_places.phpEPSS 0.3%CVE-2023-49965MEDIUMSpaceX Starlink Wi-Fi router Gen 2 before 2023.48.0 allows XSS via the ssid and password parameters on the Setup Page.EPSS 0.3%CVE-2022-36346MEDIUMWordPress MaxButtons plugin <= 9.2 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilitiesEPSS 0.3%CVE-2024-39680MEDIUMWordPress Cooked Plugin - Cross-Site Request Forgery to Default Recipe Template SaveEPSS 0.3%CVE-2024-11641HIGHVikBooking Hotel Booking Engine & PMS <= 1.7.2 - Cross-Site Request Forgery to Authenticated (Subscriber+) Arbitrary File UploadEPSS 0.3%CVE-2022-42246HIGHDoufox 0.0.4 contains a CSRF vulnerability that can add system administrator account.EPSS 0.3%CVE-2024-39681MEDIUMWordPress Cooked Plugin - Cross-Site Request Forgery to Apply Template to All RecipesEPSS 0.3%CVE-2023-27417MEDIUMWordPress Affiliate Super Assistent Plugin <= 1.5.1 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.3%CVE-2023-28848MEDIUMCSRF protection on user_oidc login returned the expected token in case of an errorEPSS 0.3%CVE-2023-27418MEDIUMWordPress Side Menu Lite Plugin <= 4.0 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.3%CVE-2023-0086MEDIUMJetWidgets for Elementor <= 1.0.12 - Cross-Site Request Forgery to Settings UpdateEPSS 0.3%CVE-2022-4621HIGHPanasonic Sanyo CCTV Network CameraEPSS 0.3%