Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2022-04-19 CVE-2021-4096 Cross-Site Request Forgery (CSRF) vulnerability in Radykal Fancy Product Designer
The Fancy Product Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery via the FPD_Admin_Import class that makes it possible for attackers to upload malicious files that could be used to gain webshell access to a server in versions up to, and including, 4.7.5.
network
low complexity
radykal CWE-352
8.8
8.8
2022-04-19 CVE-2022-28108 Cross-Site Request Forgery (CSRF) vulnerability in Selenium Grid
Selenium Server (Grid) before 4 allows CSRF because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain.
network
low complexity
selenium CWE-352
8.8
8.8
2022-04-18 CVE-2022-0707 Cross-Site Request Forgery (CSRF) vulnerability in Sandhillsdev Easy Digital Downloads
The Easy Digital Downloads WordPress plugin before 2.11.6 does not have CSRF check in place when inserting payment notes, which could allow attackers to make a logged admin insert arbitrary notes via a CSRF attack
network
low complexity
sandhillsdev CWE-352
4.3
4.3
2022-04-15 CVE-2022-28109 Cross-Site Request Forgery (CSRF) vulnerability in Selenium Grid
Selenium Selenium Grid (formerly Selenium Standalone Server) Fixed in 4.0.0-alpha-7 is affected by: DNS rebinding.
network
low complexity
selenium CWE-352
8.8
8.8
2022-04-15 CVE-2022-20735 Cross-Site Request Forgery (CSRF) vulnerability in Cisco Catalyst Sd-Wan Manager and Sd-Wan Vmanage
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system.
network
low complexity
cisco CWE-352
6.5
6.5
2022-04-13 CVE-2022-22959 Cross-Site Request Forgery (CSRF) vulnerability in VMWare products
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability.
network
low complexity
vmware CWE-352
4.3
4.3
2022-04-13 CVE-2022-27846 Cross-Site Request Forgery (CSRF) vulnerability in Yooslider YOO Slider
Cross-Site Request Forgery (CSRF) vulnerability in Yooslider Yoo Slider <= 2.0.0 on WordPress allows attackers to create or modify slider.
network
low complexity
yooslider CWE-352
4.3
4.3
2022-04-13 CVE-2022-27847 Cross-Site Request Forgery (CSRF) vulnerability in Yooslider YOO Slider
Cross-Site Request Forgery (CSRF) vulnerability in Yooslider Yoo Slider <= 2.0.0 on WordPress allows attackers to import templates.
network
low complexity
yooslider CWE-352
4.3
4.3
2022-04-13 CVE-2022-26589 Cross-Site Request Forgery (CSRF) vulnerability in Pluck-Cms Pluck 4.7.15
A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attackers to delete arbitrary pages.
network
low complexity
pluck-cms CWE-352
6.5
6.5
2022-04-12 CVE-2022-29048 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Plugin 2.15.3 and earlier allows attackers to connect to an attacker-specified URL.
network
low complexity
jenkins apple CWE-352
4.3
4.3