CWE-352
Cross-Site Request Forgery (CSRF)
Description
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-111 · CAPEC-462 · CAPEC-467 · CAPEC-62
CVEs mapped to this weakness (5,713)
page 124 of 286| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-54418 | Med | 0.35 | 5.4 | 0.00 | Dec 16, 2024 | Cross-Site Request Forgery (CSRF) vulnerability in Diversified Technology Corp. DTC Documents dtc-documents allows Cross Site Request Forgery.This issue affects DTC Documents: from n/a through <= 1.1.05. | ||
| CVE-2024-54356 | Med | 0.35 | 5.4 | 0.00 | Dec 16, 2024 | Cross-Site Request Forgery (CSRF) vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita meeting-scheduler-by-vcita allows Cross Site Request Forgery.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through <=… | ||
| CVE-2023-23726 | Med | 0.35 | 5.4 | 0.00 | Dec 9, 2024 | Cross-Site Request Forgery (CSRF) vulnerability in Tickera.com Tickera allows Cross Site Request Forgery.This issue affects Tickera: from n/a through 3.5.1.0. | ||
| CVE-2024-53761 | Med | 0.35 | 5.4 | 0.00 | Dec 2, 2024 | Cross-Site Request Forgery (CSRF) vulnerability in P Roy WP Revisions Manager wp-revisions-manager allows Cross Site Request Forgery.This issue affects WP Revisions Manager: from n/a through <= 1.0.2. | ||
| CVE-2024-53751 | Med | 0.35 | 5.4 | 0.00 | Dec 2, 2024 | Cross-Site Request Forgery (CSRF) vulnerability in hakeemnala Build App Online build-app-online allows Cross Site Request Forgery.This issue affects Build App Online: from n/a through <= 1.0.23. | ||
| CVE-2023-0737 | Med | 0.35 | 6.5 | 0.00 | Nov 15, 2024 | wallabag version 2.5.2 contains a Cross-Site Request Forgery (CSRF) vulnerability that allows attackers to arbitrarily delete user accounts via the /account/delete endpoint. This issue is fixed in version 2.5.4. | ||
| CVE-2024-49685 | Med | 0.35 | 5.4 | 0.00 | Oct 31, 2024 | Cross-Site Request Forgery (CSRF) vulnerability in Syed Balkhi Custom Twitter Feeds (Tweets Widget) custom-twitter-feeds allows Cross Site Request Forgery.This issue affects Custom Twitter Feeds (Tweets Widget): from n/a through <= 2.2.3. | ||
| CVE-2024-49274 | Med | 0.35 | 5.4 | 0.00 | Oct 20, 2024 | Cross-Site Request Forgery (CSRF) vulnerability in Infomaniak Network VOD Infomaniak vod-infomaniak allows Cross Site Request Forgery.This issue affects VOD Infomaniak: from n/a through <= 1.5.7. | ||
| CVE-2024-47634 | Med | 0.35 | 5.4 | 0.00 | Oct 20, 2024 | Cross-Site Request Forgery (CSRF) vulnerability in Streamline CartBounty – Save and recover abandoned carts for WooCommerce woo-save-abandoned-carts allows Cross Site Request Forgery.This issue affects CartBounty – Save and recover abandoned carts for WooCommerce: from n/a… | ||
| CVE-2024-49304 | Med | 0.35 | 5.4 | 0.00 | Oct 17, 2024 | Cross-Site Request Forgery (CSRF) vulnerability in DOTonPAPER Pinpoint Booking System booking-system allows Stored XSS.This issue affects Pinpoint Booking System: from n/a through <= 2.9.9.5.7. | ||
| CVE-2024-48037 | Med | 0.35 | 5.4 | 0.00 | Oct 17, 2024 | Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Contact Form Widget new-contact-form-widget allows Cross Site Request Forgery.This issue affects Contact Form Widget: from n/a through <= 1.4.2. | ||
| CVE-2024-47635 | Med | 0.35 | 5.4 | 0.00 | Oct 5, 2024 | Cross-Site Request Forgery (CSRF) vulnerability in TinyPNG TinyPNG tiny-compress-images allows Cross Site Request Forgery.This issue affects TinyPNG: from n/a through <= 3.4.3. | ||
| CVE-2024-47315 | Med | 0.35 | 5.4 | 0.00 | Sep 25, 2024 | Cross-Site Request Forgery (CSRF) vulnerability in StellarWP GiveWP give.This issue affects GiveWP: from n/a through <= 3.15.1. | ||
| CVE-2024-43299 | Med | 0.35 | 5.4 | 0.00 | Aug 26, 2024 | Cross-Site Request Forgery (CSRF) vulnerability in Softaculous SpeedyCache speedycache.This issue affects SpeedyCache: from n/a through <= 1.1.8. | ||
| CVE-2024-42476 | Med | 0.35 | 6.5 | 0.00 | Aug 15, 2024 | In the OAuth library for nim prior to version 0.11, the Authorization Code grant and Implicit grant both rely on the `state` parameter to prevent cross-site request forgery (CSRF) attacks where a resource owner might have their session associated with protected resources… | ||
| CVE-2024-42475 | Med | 0.35 | 6.5 | 0.00 | Aug 15, 2024 | In the OAuth library for nim prior to version 0.11, the `state` values generated by the `generateState` function do not have sufficient entropy. These can be successfully guessed by an attacker allowing them to perform a CSRF vs a user, associating the user's session with the… | ||
| CVE-2024-37923 | Med | 0.35 | 5.4 | 0.00 | Jul 9, 2024 | Cross-Site Request Forgery (CSRF) vulnerability in cliengo Cliengo – Chatbot cliengo allows Cross Site Request Forgery.This issue affects Cliengo – Chatbot: from n/a through <= 3.0.4. | ||
| CVE-2024-38344 | Med | 0.35 | 5.4 | 0.00 | Jul 4, 2024 | A cross-site request forgery vulnerability exists in WP Tweet Walls versions prior to 1.0.4. If this vulnerability is exploited, an attacker allows a user who logs in to the WordPress site where the affected plugin is enabled to access a malicious page. As a result, the user may… | ||
| CVE-2024-35657 | Med | 0.35 | 5.4 | 0.00 | Jun 8, 2024 | Cross-Site Request Forgery (CSRF) vulnerability in Plechev Andrey WP-Recall.This issue affects WP-Recall: from n/a through 16.26.6. | ||
| CVE-2024-1446 | Med | 0.35 | 5.4 | 0.00 | May 22, 2024 | The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.4.3. This is due to missing or incorrect nonce validation on the nxssnap-reposter page. This makes it possible for… |
- risk 0.35cvss 5.4epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Diversified Technology Corp. DTC Documents dtc-documents allows Cross Site Request Forgery.This issue affects DTC Documents: from n/a through <= 1.1.05.
- risk 0.35cvss 5.4epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita meeting-scheduler-by-vcita allows Cross Site Request Forgery.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through <=…
- risk 0.35cvss 5.4epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Tickera.com Tickera allows Cross Site Request Forgery.This issue affects Tickera: from n/a through 3.5.1.0.
- risk 0.35cvss 5.4epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in P Roy WP Revisions Manager wp-revisions-manager allows Cross Site Request Forgery.This issue affects WP Revisions Manager: from n/a through <= 1.0.2.
- risk 0.35cvss 5.4epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in hakeemnala Build App Online build-app-online allows Cross Site Request Forgery.This issue affects Build App Online: from n/a through <= 1.0.23.
- risk 0.35cvss 6.5epss 0.00
wallabag version 2.5.2 contains a Cross-Site Request Forgery (CSRF) vulnerability that allows attackers to arbitrarily delete user accounts via the /account/delete endpoint. This issue is fixed in version 2.5.4.
- risk 0.35cvss 5.4epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Syed Balkhi Custom Twitter Feeds (Tweets Widget) custom-twitter-feeds allows Cross Site Request Forgery.This issue affects Custom Twitter Feeds (Tweets Widget): from n/a through <= 2.2.3.
- risk 0.35cvss 5.4epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Infomaniak Network VOD Infomaniak vod-infomaniak allows Cross Site Request Forgery.This issue affects VOD Infomaniak: from n/a through <= 1.5.7.
- risk 0.35cvss 5.4epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Streamline CartBounty – Save and recover abandoned carts for WooCommerce woo-save-abandoned-carts allows Cross Site Request Forgery.This issue affects CartBounty – Save and recover abandoned carts for WooCommerce: from n/a…
- risk 0.35cvss 5.4epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in DOTonPAPER Pinpoint Booking System booking-system allows Stored XSS.This issue affects Pinpoint Booking System: from n/a through <= 2.9.9.5.7.
- risk 0.35cvss 5.4epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Contact Form Widget new-contact-form-widget allows Cross Site Request Forgery.This issue affects Contact Form Widget: from n/a through <= 1.4.2.
- risk 0.35cvss 5.4epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in TinyPNG TinyPNG tiny-compress-images allows Cross Site Request Forgery.This issue affects TinyPNG: from n/a through <= 3.4.3.
- risk 0.35cvss 5.4epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in StellarWP GiveWP give.This issue affects GiveWP: from n/a through <= 3.15.1.
- risk 0.35cvss 5.4epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Softaculous SpeedyCache speedycache.This issue affects SpeedyCache: from n/a through <= 1.1.8.
- risk 0.35cvss 6.5epss 0.00
In the OAuth library for nim prior to version 0.11, the Authorization Code grant and Implicit grant both rely on the `state` parameter to prevent cross-site request forgery (CSRF) attacks where a resource owner might have their session associated with protected resources…
- risk 0.35cvss 6.5epss 0.00
In the OAuth library for nim prior to version 0.11, the `state` values generated by the `generateState` function do not have sufficient entropy. These can be successfully guessed by an attacker allowing them to perform a CSRF vs a user, associating the user's session with the…
- risk 0.35cvss 5.4epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in cliengo Cliengo – Chatbot cliengo allows Cross Site Request Forgery.This issue affects Cliengo – Chatbot: from n/a through <= 3.0.4.
- risk 0.35cvss 5.4epss 0.00
A cross-site request forgery vulnerability exists in WP Tweet Walls versions prior to 1.0.4. If this vulnerability is exploited, an attacker allows a user who logs in to the WordPress site where the affected plugin is enabled to access a malicious page. As a result, the user may…
- risk 0.35cvss 5.4epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Plechev Andrey WP-Recall.This issue affects WP-Recall: from n/a through 16.26.6.
- risk 0.35cvss 5.4epss 0.00
The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.4.3. This is due to missing or incorrect nonce validation on the nxssnap-reposter page. This makes it possible for…