Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2022-12-07 CVE-2022-41622 Cross-Site Request Forgery (CSRF) vulnerability in F5 products
In all versions, BIG-IP and BIG-IQ are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP.
network
low complexity
f5 CWE-352
8.8
2022-12-05 CVE-2022-3677 Cross-Site Request Forgery (CSRF) vulnerability in Addonspress Advanced Import
The Advanced Import WordPress plugin before 1.3.8 does not have CSRF check when installing and activating plugins, which could allow attackers to make a logged in admin install arbitrary plugins from WordPress.org, and activate arbitrary ones from the blog via CSRF attacks
network
low complexity
addonspress CWE-352
6.5
2022-12-05 CVE-2022-3926 Cross-Site Request Forgery (CSRF) vulnerability in Wp-Oauth WP Oauth Server
The WP OAuth Server (OAuth Authentication) WordPress plugin before 3.4.2 does not have CSRF check when regenerating secrets, which could allow attackers to make logged in admins regenerate the secret of an arbitrary client given they know the client ID
network
low complexity
wp-oauth CWE-352
6.5
2022-12-05 CVE-2022-45824 Cross-Site Request Forgery (CSRF) vulnerability in Elbtide Advanced Booking Calendar
Cross-Site Request Forgery (CSRF) vulnerability in Advanced Booking Calendar plugin <= 1.7.1 on WordPress.
network
low complexity
elbtide CWE-352
6.5
2022-12-05 CVE-2022-43470 Cross-Site Request Forgery (CSRF) vulnerability in FSI products
Cross-site request forgery (CSRF) vulnerability in +F FS040U software versions v2.3.4 and earlier, +F FS020W software versions v4.0.0 and earlier, +F FS030W software versions v3.3.5 and earlier, and +F FS040W software versions v1.4.1 and earlier allows an adjacent attacker to hijack the authentication of an administrator and user's unintended operations such as to reboot the product and/or reset the configuration to the initial set-up may be performed.
low complexity
fsi CWE-352
7.3
2022-12-04 CVE-2022-35730 Cross-Site Request Forgery (CSRF) vulnerability in Oceanwp Sticky Header
Cross-Site Request Forgery (CSRF) vulnerability in Oceanwp sticky header plugin <= 1.0.8 on WordPress.
network
low complexity
oceanwp CWE-352
6.5
2022-12-02 CVE-2022-4218 Cross-Site Request Forgery (CSRF) vulnerability in Kibokolabs Chained Quiz
The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4.
network
low complexity
kibokolabs CWE-352
4.3
2022-12-02 CVE-2022-4219 Cross-Site Request Forgery (CSRF) vulnerability in Kibokolabs Chained Quiz
The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4.
network
low complexity
kibokolabs CWE-352
4.3
2022-12-02 CVE-2022-4220 Cross-Site Request Forgery (CSRF) vulnerability in Kibokolabs Chained Quiz
The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4.
network
low complexity
kibokolabs CWE-352
4.3
2022-12-02 CVE-2022-45667 Cross-Site Request Forgery (CSRF) vulnerability in Tenda I22 Firmware 1.0.0.3(4687)
Tenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet.
network
low complexity
tenda CWE-352
6.5