VYPR

CWE-352

Cross-Site Request Forgery (CSRF)

CompoundStableLikelihood: Medium

Description

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-111 · CAPEC-462 · CAPEC-467 · CAPEC-62

CVEs mapped to this weakness (5,713)

page 120 of 286
  • CVE-2025-57946MedSep 22, 2025
    risk 0.35cvss 5.4epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Loc Bui payOS payos allows Cross Site Request Forgery.This issue affects payOS: from n/a through <= 1.0.73.

  • CVE-2025-53451MedSep 22, 2025
    risk 0.35cvss 5.4epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in mihdan Mihdan: No External Links mihdan-no-external-links allows Cross Site Request Forgery.This issue affects Mihdan: No External Links: from n/a through <= 5.1.6.2.

  • CVE-2025-10188MedSep 17, 2025
    risk 0.35cvss 5.4epss 0.00

    The The Hack Repair Guy's Plugin Archiver plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.4. This is due to missing or incorrect nonce validation on the bulk_remove() function. This makes it possible for unauthenticated…

  • CVE-2025-58818MedSep 5, 2025
    risk 0.35cvss 5.4epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in SwiftNinjaPro Developer Tools Blocker swiftninjapro-inspect-element-console-blocker allows Cross Site Request Forgery.This issue affects Developer Tools Blocker: from n/a through <= 3.2.1.

  • CVE-2025-58801MedSep 5, 2025
    risk 0.35cvss 5.4epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in KCS Responder responder allows Cross Site Request Forgery.This issue affects Responder: from n/a through <= 4.3.8.

  • CVE-2025-48362MedAug 28, 2025
    risk 0.35cvss 5.4epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Saeed Sattar Beglou Hesabfa Accounting hesabfa-accounting allows Cross Site Request Forgery.This issue affects Hesabfa Accounting: from n/a through <= 2.2.5.

  • CVE-2025-48357MedAug 28, 2025
    risk 0.35cvss 5.4epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Theme Century Century ToolKit century-toolkit allows Cross Site Request Forgery.This issue affects Century ToolKit: from n/a through <= 1.2.1.

  • CVE-2025-43745MedAug 19, 2025
    risk 0.35cvss 6.5epss 0.00

    A CSRF vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.7, 2025.Q1.0 through 2025.Q1.14, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.19 and 7.4 GA through…

  • CVE-2025-53219MedAug 14, 2025
    risk 0.35cvss 5.4epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in pl4g4 WP-Database-Optimizer-Tools wp-database-optimizer-tools allows Cross Site Request Forgery.This issue affects WP-Database-Optimizer-Tools: from n/a through <= 0.2.

  • CVE-2025-54682MedAug 14, 2025
    risk 0.35cvss 5.4epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Connector for Gravity Forms and Google Sheets wp-gravity-forms-spreadsheets allows Cross Site Request Forgery.This issue affects Connector for Gravity Forms and Google Sheets: from n/a through <= 1.2.4.

  • CVE-2025-54674MedAug 14, 2025
    risk 0.35cvss 5.4epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in mklacroix Product Configurator for WooCommerce product-configurator-for-woocommerce allows Cross Site Request Forgery.This issue affects Product Configurator for WooCommerce: from n/a through <= 1.4.4.

  • CVE-2025-54038MedJul 16, 2025
    risk 0.35cvss 5.4epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in jetmonsters Restaurant Menu by MotoPress mp-restaurant-menu allows Cross Site Request Forgery.This issue affects Restaurant Menu by MotoPress: from n/a through <= 2.4.6.

  • CVE-2025-54020MedJul 16, 2025
    risk 0.35cvss 5.4epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Erik AntiSpam for Contact Form 7 cf7-antispam allows Cross Site Request Forgery.This issue affects AntiSpam for Contact Form 7: from n/a through <= 0.6.3.

  • CVE-2025-53265MedJun 27, 2025
    risk 0.35cvss 5.4epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Virusdie Virusdie virusdie allows Cross Site Request Forgery.This issue affects Virusdie: from n/a through <= 1.1.3.

  • CVE-2025-53263MedJun 27, 2025
    risk 0.35cvss 5.4epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in PluginsCafe Address Autocomplete via Google for Gravity Forms gf-google-address-autocomplete allows Cross Site Request Forgery.This issue affects Address Autocomplete via Google for Gravity Forms: from n/a through <= 1.3.4.

  • CVE-2025-53262MedJun 27, 2025
    risk 0.35cvss 5.4epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Writesonic Writesonic writesonic allows Cross Site Request Forgery.This issue affects Writesonic: from n/a through <= 1.0.5.

  • CVE-2025-49239MedJun 6, 2025
    risk 0.35cvss 5.4epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in tychesoftwares Print Invoice & Delivery Notes for WooCommerce woocommerce-delivery-notes allows Cross Site Request Forgery.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through <= 5.5.0.

  • CVE-2025-30986MedJun 6, 2025
    risk 0.35cvss 5.4epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in _CreativeMedia_ Elite Video Player elite-video-player allows Cross Site Request Forgery.This issue affects Elite Video Player: from n/a through <= 10.0.5.

  • CVE-2025-30968MedJun 6, 2025
    risk 0.35cvss 5.4epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in jokerbr313 Advanced Post List advanced-post-list allows Cross Site Request Forgery.This issue affects Advanced Post List: from n/a through <= 0.5.6.2.

  • CVE-2025-30632MedJun 6, 2025
    risk 0.35cvss 5.4epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in pozzad Global Translator global-translator allows Cross Site Request Forgery.This issue affects Global Translator: from n/a through <= 2.0.2.