Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by CWE-352
Total 4240 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-3098 1 Gunkastudios 1 Login Block Ips 2022-09-26 N/A 4.3 MEDIUM
The Login Block IPs WordPress plugin through 1.0.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVE-2022-38085 1 Read More By Adam Project 1 Read More By Adam 2022-09-26 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Read more By Adam plugin <= 1.1.8 at WordPress.
CVE-2022-40132 1 Castos 1 Seriously Simple Podcasting 2022-09-26 N/A 4.3 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in Seriously Simple Podcasting plugin <= 2.16.0 at WordPress, leading to plugin settings change.
CVE-2022-40671 1 Blazzdev 1 Rate My Post - Wp Rating System 2022-09-26 N/A 4.3 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in Rate my Post – WP Rating System plugin <= 3.3.4 at WordPress.
CVE-2022-38095 1 Algolplus 1 Advanced Dynamic Pricing For Woocommerce 2022-09-26 N/A 4.3 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in AlgolPlus Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.3 at WordPress.
CVE-2022-38470 1 Cusrev 1 Customer Reviews For Woocommerce 2022-09-26 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress.
CVE-2022-36417 1 3d Tag Cloud Project 1 3d Tag Cloud 2022-09-26 N/A 6.1 MEDIUM
Multiple Stored Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in 3D Tag Cloud plugin <= 3.8 at WordPress.
CVE-2022-38079 1 Backup Scheduler Project 1 Backup Scheduler 2022-09-26 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability Backup Scheduler plugin <= 1.5.13 at WordPress.
CVE-2022-38704 1 Clogica 1 Seo Redirection 2022-09-26 N/A 4.3 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in SEO Redirection plugin <= 8.9 at WordPress, leading to deletion of 404 errors and redirection history.
CVE-2022-38454 1 Kraken 1 Kraken.io Image Optimizer 2022-09-26 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Kraken.io Image Optimizer plugin <= 2.6.5 at WordPress.
CVE-2022-3274 1 Ikus-soft 1 Rdiffweb 2022-09-26 N/A 3.5 LOW
Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.7.
CVE-2022-36388 1 Ydesignservices 1 Yds Support Ticket System 2022-09-23 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in YDS Support Ticket System plugin <= 1.0 at WordPress.
CVE-2022-36798 1 Topdigitaltrends 1 Mega Addons For Wpbakery Page Builder 2022-09-23 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Topdigitaltrends Mega Addons For WPBakery Page Builder plugin <= 4.2.7 at WordPress.
CVE-2022-3233 1 Ikus-soft 1 Rdiffweb 2022-09-22 N/A 4.3 MEDIUM
Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.6.
CVE-2022-3267 1 Ikus-soft 1 Rdiffweb 2022-09-22 N/A 4.3 MEDIUM
Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.6.
CVE-2022-40219 1 Sedlex 1 Favicon-switcher 2022-09-22 N/A 4.3 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in SedLex FavIcon Switcher plugin <= 1.2.11 at WordPress allows plugin settings change.
CVE-2022-41253 1 Jenkins 1 Cons3rt 2022-09-22 N/A 8.8 HIGH
A cross-site request forgery (CSRF) vulnerability in Jenkins CONS3RT Plugin 1.0.0 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
CVE-2022-41249 1 Jenkins 1 Scm Httpclient 2022-09-22 N/A 8.8 HIGH
A cross-site request forgery (CSRF) vulnerability in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
CVE-2022-41236 1 Jenkins 1 Security Inspector 2022-09-22 N/A 8.8 HIGH
A cross-site request forgery (CSRF) vulnerability in Jenkins Security Inspector Plugin 117.v6eecc36919c2 and earlier allows attackers to replace the generated report stored in a per-session cache and displayed to authorized users at the .../report URL with a report based on attacker-specified report generation options.
CVE-2022-41245 1 Jenkins 1 Worksoft Execution Manager 2022-09-22 N/A 8.8 HIGH
A cross-site request forgery (CSRF) vulnerability in Jenkins Worksoft Execution Manager Plugin 10.0.3.503 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.