CWE-352

Cross-Site Request Forgery (CSRF)

CompoundStableLikelihood: Medium

Description

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

Hierarchy (View 1000)

Parents

CWE-345

Children

none

Related attack patterns (CAPEC)

CAPEC-111 · CAPEC-462 · CAPEC-467 · CAPEC-62

CVEs mapped to this weakness (4,568)

page 129 of 229

CVE	Sev	Risk	CVSS	Published	Description
CVE-2025-49291	Med	0.28	4.3	Jun 6, 2025	Cross-Site Request Forgery (CSRF) vulnerability in codepeople Calculated Fields Form calculated-fields-form allows Cross Site Request Forgery.This issue affects Calculated Fields Form: from n/a through <= 5.3.58.
CVE-2025-49286	Med	0.28	4.3	Jun 6, 2025	Cross-Site Request Forgery (CSRF) vulnerability in WP Table Builder WP Table Builder wp-table-builder allows Cross Site Request Forgery.This issue affects WP Table Builder: from n/a through <= 2.0.6.
CVE-2025-49285	Med	0.28	4.3	Jun 6, 2025	Cross-Site Request Forgery (CSRF) vulnerability in WP Legal Pages WP Cookie Notice for GDPR, CCPA & ePrivacy Consent gdpr-cookie-consent allows Cross Site Request Forgery.This issue affects WP Cookie Notice for GDPR, CCPA & ePrivacy Consent: from n/a through <= 3.8.0.
CVE-2025-49284	Med	0.28	4.3	Jun 6, 2025	Cross-Site Request Forgery (CSRF) vulnerability in wp-buy WP Maintenance Mode & Site Under Construction wp-maintenance-mode-site-under-construction allows Cross Site Request Forgery.This issue affects WP Maintenance Mode & Site Under Construction: from n/a through <= 4.3.
CVE-2025-49283	Med	0.28	4.3	Jun 6, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Matthias Nordwig Anti-spam, Spam protection, ReCaptcha for all forms and GDPR-compliant gdpr-compliant-recaptcha-for-all-forms allows Cross Site Request Forgery.This issue affects Anti-spam, Spam protection, ReCaptcha for all forms and GDPR-compliant: from n/a through <= 4.1.1.
CVE-2025-49273	Med	0.28	4.3	Jun 6, 2025	Cross-Site Request Forgery (CSRF) vulnerability in sminozzi WP Tools wptools allows Cross Site Request Forgery.This issue affects WP Tools: from n/a through <= 5.24.
CVE-2025-49269	Med	0.28	4.3	Jun 6, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Anton Vanyukov Market Exporter market-exporter allows Cross Site Request Forgery.This issue affects Market Exporter: from n/a through <= 2.0.22.
CVE-2025-49238	Med	0.28	4.3	Jun 6, 2025	Cross-Site Request Forgery (CSRF) vulnerability in everestthemes Everest Backup everest-backup allows Cross Site Request Forgery.This issue affects Everest Backup: from n/a through <= 2.3.3.
CVE-2025-30994	Med	0.28	4.3	Jun 6, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Imran Tauqeer CubeWP cubewp-framework allows Cross Site Request Forgery.This issue affects CubeWP: from n/a through <= 1.1.29.
CVE-2025-30980	Med	0.28	4.3	Jun 6, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Alessandro Piconi Simple Keyword to Link simple-keyword-to-link allows Cross Site Request Forgery.This issue affects Simple Keyword to Link: from n/a through <= 1.5.
CVE-2025-30956	Med	0.28	4.3	Jun 6, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Booqable Rental Software Booqable Rental booqable-rental-reservations allows Cross Site Request Forgery.This issue affects Booqable Rental: from n/a through <= 2.4.25.
CVE-2025-30948	Med	0.28	4.3	Jun 6, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Giraphix Creative Layouts for Elementor layouts-for-elementor allows Cross Site Request Forgery.This issue affects Layouts for Elementor: from n/a through <= 1.11.
CVE-2025-30946	Med	0.28	4.3	Jun 6, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Michael Cannon Custom Bulk/Quick Edit custom-bulkquick-edit allows Cross Site Request Forgery.This issue affects Custom Bulk/Quick Edit: from n/a through <= 1.6.10.
CVE-2025-30629	Med	0.28	4.3	Jun 6, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Codehaveli Bitly URL Shortener codehaveli-bitly-url-shortener allows Cross Site Request Forgery.This issue affects Bitly URL Shortener: from n/a through <= 1.4.1.
CVE-2025-29005	Med	0.28	4.3	Jun 6, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Weblizar - WordPress Themes & Plugin HR Management Lite hr-management-lite allows Cross Site Request Forgery.This issue affects HR Management Lite: from n/a through <= 3.6.
CVE-2025-28984	Med	0.28	4.3	Jun 6, 2025	Cross-Site Request Forgery (CSRF) vulnerability in storepro Subscription Renewal Reminders for WooCommerce subscriptions-renewal-reminders allows Cross Site Request Forgery.This issue affects Subscription Renewal Reminders for WooCommerce: from n/a through <= 1.4.1.
CVE-2025-28952	Med	0.28	4.3	Jun 6, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Jonathan Lau CubePoints cubepoints allows Cross Site Request Forgery.This issue affects CubePoints: from n/a through <= 3.2.1.
CVE-2025-27360	Med	0.28	4.3	Jun 6, 2025	Cross-Site Request Forgery (CSRF) vulnerability in WP Corner Quick Event Calendar quick-event-calendar allows Cross Site Request Forgery.This issue affects Quick Event Calendar: from n/a through <= 1.4.9.
CVE-2025-27359	Med	0.28	4.3	Jun 6, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Seerox WP Media File Type Manager wp-media-file-type-manager allows Cross Site Request Forgery.This issue affects WP Media File Type Manager: from n/a through <= 2.3.1.
CVE-2025-26593	Med	0.28	4.3	Jun 6, 2025	Cross-Site Request Forgery (CSRF) vulnerability in FasterThemes FastBook fastbook-responsive-appointment-booking-and-scheduling-system allows Cross Site Request Forgery.This issue affects FastBook: from n/a through <= 1.1.

CVE-2025-49291MedJun 6, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in codepeople Calculated Fields Form calculated-fields-form allows Cross Site Request Forgery.This issue affects Calculated Fields Form: from n/a through <= 5.3.58.
CVE-2025-49286MedJun 6, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in WP Table Builder WP Table Builder wp-table-builder allows Cross Site Request Forgery.This issue affects WP Table Builder: from n/a through <= 2.0.6.
CVE-2025-49285MedJun 6, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in WP Legal Pages WP Cookie Notice for GDPR, CCPA & ePrivacy Consent gdpr-cookie-consent allows Cross Site Request Forgery.This issue affects WP Cookie Notice for GDPR, CCPA & ePrivacy Consent: from n/a through <= 3.8.0.
CVE-2025-49284MedJun 6, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in wp-buy WP Maintenance Mode & Site Under Construction wp-maintenance-mode-site-under-construction allows Cross Site Request Forgery.This issue affects WP Maintenance Mode & Site Under Construction: from n/a through <= 4.3.
CVE-2025-49283MedJun 6, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Matthias Nordwig Anti-spam, Spam protection, ReCaptcha for all forms and GDPR-compliant gdpr-compliant-recaptcha-for-all-forms allows Cross Site Request Forgery.This issue affects Anti-spam, Spam protection, ReCaptcha for all forms and GDPR-compliant: from n/a through <= 4.1.1.
CVE-2025-49273MedJun 6, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in sminozzi WP Tools wptools allows Cross Site Request Forgery.This issue affects WP Tools: from n/a through <= 5.24.
CVE-2025-49269MedJun 6, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Anton Vanyukov Market Exporter market-exporter allows Cross Site Request Forgery.This issue affects Market Exporter: from n/a through <= 2.0.22.
CVE-2025-49238MedJun 6, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in everestthemes Everest Backup everest-backup allows Cross Site Request Forgery.This issue affects Everest Backup: from n/a through <= 2.3.3.
CVE-2025-30994MedJun 6, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Imran Tauqeer CubeWP cubewp-framework allows Cross Site Request Forgery.This issue affects CubeWP: from n/a through <= 1.1.29.
CVE-2025-30980MedJun 6, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Alessandro Piconi Simple Keyword to Link simple-keyword-to-link allows Cross Site Request Forgery.This issue affects Simple Keyword to Link: from n/a through <= 1.5.
CVE-2025-30956MedJun 6, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Booqable Rental Software Booqable Rental booqable-rental-reservations allows Cross Site Request Forgery.This issue affects Booqable Rental: from n/a through <= 2.4.25.
CVE-2025-30948MedJun 6, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Giraphix Creative Layouts for Elementor layouts-for-elementor allows Cross Site Request Forgery.This issue affects Layouts for Elementor: from n/a through <= 1.11.
CVE-2025-30946MedJun 6, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Michael Cannon Custom Bulk/Quick Edit custom-bulkquick-edit allows Cross Site Request Forgery.This issue affects Custom Bulk/Quick Edit: from n/a through <= 1.6.10.
CVE-2025-30629MedJun 6, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Codehaveli Bitly URL Shortener codehaveli-bitly-url-shortener allows Cross Site Request Forgery.This issue affects Bitly URL Shortener: from n/a through <= 1.4.1.
CVE-2025-29005MedJun 6, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Weblizar - WordPress Themes & Plugin HR Management Lite hr-management-lite allows Cross Site Request Forgery.This issue affects HR Management Lite: from n/a through <= 3.6.
CVE-2025-28984MedJun 6, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in storepro Subscription Renewal Reminders for WooCommerce subscriptions-renewal-reminders allows Cross Site Request Forgery.This issue affects Subscription Renewal Reminders for WooCommerce: from n/a through <= 1.4.1.
CVE-2025-28952MedJun 6, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Jonathan Lau CubePoints cubepoints allows Cross Site Request Forgery.This issue affects CubePoints: from n/a through <= 3.2.1.
CVE-2025-27360MedJun 6, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in WP Corner Quick Event Calendar quick-event-calendar allows Cross Site Request Forgery.This issue affects Quick Event Calendar: from n/a through <= 1.4.9.
CVE-2025-27359MedJun 6, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Seerox WP Media File Type Manager wp-media-file-type-manager allows Cross Site Request Forgery.This issue affects WP Media File Type Manager: from n/a through <= 2.3.1.
CVE-2025-26593MedJun 6, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in FasterThemes FastBook fastbook-responsive-appointment-booking-and-scheduling-system allows Cross Site Request Forgery.This issue affects FastBook: from n/a through <= 1.1.