CWE-352
Cross-Site Request Forgery (CSRF)
Description
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-111 · CAPEC-462 · CAPEC-467 · CAPEC-62
CVEs mapped to this weakness (5,713)
page 120 of 286| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-57946 | Med | 0.35 | 5.4 | 0.00 | Sep 22, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in Loc Bui payOS payos allows Cross Site Request Forgery.This issue affects payOS: from n/a through <= 1.0.73. | ||
| CVE-2025-53451 | Med | 0.35 | 5.4 | 0.00 | Sep 22, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in mihdan Mihdan: No External Links mihdan-no-external-links allows Cross Site Request Forgery.This issue affects Mihdan: No External Links: from n/a through <= 5.1.6.2. | ||
| CVE-2025-10188 | Med | 0.35 | 5.4 | 0.00 | Sep 17, 2025 | The The Hack Repair Guy's Plugin Archiver plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.4. This is due to missing or incorrect nonce validation on the bulk_remove() function. This makes it possible for unauthenticated… | ||
| CVE-2025-58818 | Med | 0.35 | 5.4 | 0.00 | Sep 5, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in SwiftNinjaPro Developer Tools Blocker swiftninjapro-inspect-element-console-blocker allows Cross Site Request Forgery.This issue affects Developer Tools Blocker: from n/a through <= 3.2.1. | ||
| CVE-2025-58801 | Med | 0.35 | 5.4 | 0.00 | Sep 5, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in KCS Responder responder allows Cross Site Request Forgery.This issue affects Responder: from n/a through <= 4.3.8. | ||
| CVE-2025-48362 | Med | 0.35 | 5.4 | 0.00 | Aug 28, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in Saeed Sattar Beglou Hesabfa Accounting hesabfa-accounting allows Cross Site Request Forgery.This issue affects Hesabfa Accounting: from n/a through <= 2.2.5. | ||
| CVE-2025-48357 | Med | 0.35 | 5.4 | 0.00 | Aug 28, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in Theme Century Century ToolKit century-toolkit allows Cross Site Request Forgery.This issue affects Century ToolKit: from n/a through <= 1.2.1. | ||
| CVE-2025-43745 | Med | 0.35 | 6.5 | 0.00 | Aug 19, 2025 | A CSRF vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.7, 2025.Q1.0 through 2025.Q1.14, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.19 and 7.4 GA through… | ||
| CVE-2025-53219 | Med | 0.35 | 5.4 | 0.00 | Aug 14, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in pl4g4 WP-Database-Optimizer-Tools wp-database-optimizer-tools allows Cross Site Request Forgery.This issue affects WP-Database-Optimizer-Tools: from n/a through <= 0.2. | ||
| CVE-2025-54682 | Med | 0.35 | 5.4 | 0.00 | Aug 14, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Connector for Gravity Forms and Google Sheets wp-gravity-forms-spreadsheets allows Cross Site Request Forgery.This issue affects Connector for Gravity Forms and Google Sheets: from n/a through <= 1.2.4. | ||
| CVE-2025-54674 | Med | 0.35 | 5.4 | 0.00 | Aug 14, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in mklacroix Product Configurator for WooCommerce product-configurator-for-woocommerce allows Cross Site Request Forgery.This issue affects Product Configurator for WooCommerce: from n/a through <= 1.4.4. | ||
| CVE-2025-54038 | Med | 0.35 | 5.4 | 0.00 | Jul 16, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in jetmonsters Restaurant Menu by MotoPress mp-restaurant-menu allows Cross Site Request Forgery.This issue affects Restaurant Menu by MotoPress: from n/a through <= 2.4.6. | ||
| CVE-2025-54020 | Med | 0.35 | 5.4 | 0.00 | Jul 16, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in Erik AntiSpam for Contact Form 7 cf7-antispam allows Cross Site Request Forgery.This issue affects AntiSpam for Contact Form 7: from n/a through <= 0.6.3. | ||
| CVE-2025-53265 | Med | 0.35 | 5.4 | 0.00 | Jun 27, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in Virusdie Virusdie virusdie allows Cross Site Request Forgery.This issue affects Virusdie: from n/a through <= 1.1.3. | ||
| CVE-2025-53263 | Med | 0.35 | 5.4 | 0.00 | Jun 27, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in PluginsCafe Address Autocomplete via Google for Gravity Forms gf-google-address-autocomplete allows Cross Site Request Forgery.This issue affects Address Autocomplete via Google for Gravity Forms: from n/a through <= 1.3.4. | ||
| CVE-2025-53262 | Med | 0.35 | 5.4 | 0.00 | Jun 27, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in Writesonic Writesonic writesonic allows Cross Site Request Forgery.This issue affects Writesonic: from n/a through <= 1.0.5. | ||
| CVE-2025-49239 | Med | 0.35 | 5.4 | 0.00 | Jun 6, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in tychesoftwares Print Invoice & Delivery Notes for WooCommerce woocommerce-delivery-notes allows Cross Site Request Forgery.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through <= 5.5.0. | ||
| CVE-2025-30986 | Med | 0.35 | 5.4 | 0.00 | Jun 6, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in _CreativeMedia_ Elite Video Player elite-video-player allows Cross Site Request Forgery.This issue affects Elite Video Player: from n/a through <= 10.0.5. | ||
| CVE-2025-30968 | Med | 0.35 | 5.4 | 0.00 | Jun 6, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in jokerbr313 Advanced Post List advanced-post-list allows Cross Site Request Forgery.This issue affects Advanced Post List: from n/a through <= 0.5.6.2. | ||
| CVE-2025-30632 | Med | 0.35 | 5.4 | 0.00 | Jun 6, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in pozzad Global Translator global-translator allows Cross Site Request Forgery.This issue affects Global Translator: from n/a through <= 2.0.2. |
- risk 0.35cvss 5.4epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Loc Bui payOS payos allows Cross Site Request Forgery.This issue affects payOS: from n/a through <= 1.0.73.
- risk 0.35cvss 5.4epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in mihdan Mihdan: No External Links mihdan-no-external-links allows Cross Site Request Forgery.This issue affects Mihdan: No External Links: from n/a through <= 5.1.6.2.
- risk 0.35cvss 5.4epss 0.00
The The Hack Repair Guy's Plugin Archiver plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.4. This is due to missing or incorrect nonce validation on the bulk_remove() function. This makes it possible for unauthenticated…
- risk 0.35cvss 5.4epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in SwiftNinjaPro Developer Tools Blocker swiftninjapro-inspect-element-console-blocker allows Cross Site Request Forgery.This issue affects Developer Tools Blocker: from n/a through <= 3.2.1.
- risk 0.35cvss 5.4epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in KCS Responder responder allows Cross Site Request Forgery.This issue affects Responder: from n/a through <= 4.3.8.
- risk 0.35cvss 5.4epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Saeed Sattar Beglou Hesabfa Accounting hesabfa-accounting allows Cross Site Request Forgery.This issue affects Hesabfa Accounting: from n/a through <= 2.2.5.
- risk 0.35cvss 5.4epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Theme Century Century ToolKit century-toolkit allows Cross Site Request Forgery.This issue affects Century ToolKit: from n/a through <= 1.2.1.
- risk 0.35cvss 6.5epss 0.00
A CSRF vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.7, 2025.Q1.0 through 2025.Q1.14, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.19 and 7.4 GA through…
- risk 0.35cvss 5.4epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in pl4g4 WP-Database-Optimizer-Tools wp-database-optimizer-tools allows Cross Site Request Forgery.This issue affects WP-Database-Optimizer-Tools: from n/a through <= 0.2.
- risk 0.35cvss 5.4epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Connector for Gravity Forms and Google Sheets wp-gravity-forms-spreadsheets allows Cross Site Request Forgery.This issue affects Connector for Gravity Forms and Google Sheets: from n/a through <= 1.2.4.
- risk 0.35cvss 5.4epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in mklacroix Product Configurator for WooCommerce product-configurator-for-woocommerce allows Cross Site Request Forgery.This issue affects Product Configurator for WooCommerce: from n/a through <= 1.4.4.
- risk 0.35cvss 5.4epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in jetmonsters Restaurant Menu by MotoPress mp-restaurant-menu allows Cross Site Request Forgery.This issue affects Restaurant Menu by MotoPress: from n/a through <= 2.4.6.
- risk 0.35cvss 5.4epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Erik AntiSpam for Contact Form 7 cf7-antispam allows Cross Site Request Forgery.This issue affects AntiSpam for Contact Form 7: from n/a through <= 0.6.3.
- risk 0.35cvss 5.4epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Virusdie Virusdie virusdie allows Cross Site Request Forgery.This issue affects Virusdie: from n/a through <= 1.1.3.
- risk 0.35cvss 5.4epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in PluginsCafe Address Autocomplete via Google for Gravity Forms gf-google-address-autocomplete allows Cross Site Request Forgery.This issue affects Address Autocomplete via Google for Gravity Forms: from n/a through <= 1.3.4.
- risk 0.35cvss 5.4epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Writesonic Writesonic writesonic allows Cross Site Request Forgery.This issue affects Writesonic: from n/a through <= 1.0.5.
- risk 0.35cvss 5.4epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in tychesoftwares Print Invoice & Delivery Notes for WooCommerce woocommerce-delivery-notes allows Cross Site Request Forgery.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through <= 5.5.0.
- risk 0.35cvss 5.4epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in _CreativeMedia_ Elite Video Player elite-video-player allows Cross Site Request Forgery.This issue affects Elite Video Player: from n/a through <= 10.0.5.
- risk 0.35cvss 5.4epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in jokerbr313 Advanced Post List advanced-post-list allows Cross Site Request Forgery.This issue affects Advanced Post List: from n/a through <= 0.5.6.2.
- risk 0.35cvss 5.4epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in pozzad Global Translator global-translator allows Cross Site Request Forgery.This issue affects Global Translator: from n/a through <= 2.0.2.