VYPR

CWE-352

Cross-Site Request Forgery (CSRF)

CompoundStableLikelihood: Medium

Description

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-111 · CAPEC-462 · CAPEC-467 · CAPEC-62

CVEs mapped to this weakness (5,713)

page 114 of 286
  • CVE-2024-11812MedDec 20, 2024
    risk 0.40cvss 6.1epss 0.00

    The Wtyczka SeoPilot dla WP plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.091. This is due to missing or incorrect nonce validation on the SeoPilot_Admin_Options() function. This makes it possible for unauthenticated…

  • CVE-2024-12555MedDec 14, 2024
    risk 0.40cvss 6.1epss 0.00

    The SIP Calculator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged…

  • CVE-2024-12572MedDec 13, 2024
    risk 0.40cvss 6.1epss 0.00

    The Hello In All Languages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings…

  • CVE-2024-11417MedDec 12, 2024
    risk 0.40cvss 6.1epss 0.00

    The dejure.org Vernetzungsfunktion plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.97.5. This is due to missing or incorrect nonce validation on the djo_einstellungen_menue() function. This makes it possible for…

  • CVE-2024-12003MedDec 6, 2024
    risk 0.40cvss 6.1epss 0.00

    The WP System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on the generate_wp_system_page_content() function. This makes it possible for unauthenticated…

  • CVE-2024-11336MedDec 6, 2024
    risk 0.40cvss 6.1epss 0.00

    The Clickbank WordPress Plugin (Storefront) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7. This is due to missing or incorrect nonce validation via the cs_menu page. This makes it possible for unauthenticated attackers…

  • CVE-2024-11813MedDec 4, 2024
    risk 0.40cvss 6.1epss 0.00

    The Pulsating Chat Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.1. This is due to missing or incorrect nonce validation on the amin_chat_button_settings_page() function. This makes it possible for…

  • CVE-2024-11342MedNov 26, 2024
    risk 0.40cvss 6.1epss 0.00

    The Skt NURCaptcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.0. This is due to missing or incorrect nonce validation in the skt-nurc-admin.php file. This makes it possible for unauthenticated attackers to update…

  • CVE-2024-9434MedOct 31, 2024
    risk 0.40cvss 6.1epss 0.00

    The WPGlobus Translate Options plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing or incorrect nonce validation on the on__translate_options_page() function. This makes it possible for…

  • CVE-2024-9592MedOct 12, 2024
    risk 0.40cvss 6.1epss 0.00

    The Easy PayPal Gift Certificate plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. This is due to missing or incorrect nonce validation on the 'wpppgc_plugin_options' function. This makes it possible for unauthenticated…

  • CVE-2024-6405MedJun 29, 2024
    risk 0.40cvss 6.1epss 0.00

    The Floating Social Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the floating_social_buttons_option() function. This makes it possible for…

  • CVE-2024-0613MedMay 2, 2024
    risk 0.40cvss 6.1epss 0.00

    The Delete Custom Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.3.1. This is due to missing or incorrect nonce validation on the ajax_delete_field() function. This makes it possible for unauthenticated attackers…

  • CVE-2022-45850MedMar 28, 2024
    risk 0.40cvss 6.1epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Nickys Image Map Pro allows Stored XSS.This issue affects Image Map Pro: from n/a before 5.6.9.

  • CVE-2022-45847MedMar 27, 2024
    risk 0.40cvss 6.1epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in WPAssist.Me WordPress Countdown Widget allows Cross-Site Scripting (XSS).This issue affects WordPress Countdown Widget: from n/a through 3.1.9.1.

  • CVE-2024-29009MedMar 25, 2024
    risk 0.40cvss 6.1epss 0.00

    Cross-site request forgery (CSRF) vulnerability in easy-popup-show all versions allows a remote unauthenticated attacker to hijack the authentication of the administrator and to perform unintended operations if the administrator views a malicious page while logged in.

  • CVE-2024-22475MedMar 18, 2024
    risk 0.40cvss 6.1epss 0.00

    Cross-site request forgery vulnerability in multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. allows a remote unauthenticated attacker to perform unintended operations on the affected product. As for the details of affected…

  • CVE-2023-52555MedMar 1, 2024
    risk 0.40cvss 6.1epss 0.00

    In mongo-express 1.0.2, /admin allows CSRF, as demonstrated by deletion of a Collection.

  • CVE-2024-0590MedFeb 29, 2024
    risk 0.40cvss 6.1epss 0.01

    The Microsoft Clarity plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9.3. This is due to missing nonce validation on the edit_clarity_project_id() function. This makes it possible for unauthenticated attackers to change…

  • CVE-2023-2438MedNov 22, 2023
    risk 0.40cvss 6.1epss 0.00

    The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due to missing or incorrect nonce validation on the 'userpro_save_userdata' function. This makes it possible for unauthenticated attackers to update the…

  • CVE-2023-2447MedNov 22, 2023
    risk 0.40cvss 6.1epss 0.00

    The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing or incorrect nonce validation on the 'export_users' function. This makes it possible for unauthenticated attackers to export the users to…