VYPR

CWE-352

Cross-Site Request Forgery (CSRF)

CompoundStableLikelihood: Medium

Description

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-111 · CAPEC-462 · CAPEC-467 · CAPEC-62

CVEs mapped to this weakness (5,713)

page 133 of 286
  • CVE-2023-0729MedJun 9, 2023
    risk 0.35cvss 5.4epss 0.00

    The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_save_sort_order function. This makes it possible for unauthenticated attackers to…

  • CVE-2023-2528MedMay 17, 2023
    risk 0.35cvss 5.4epss 0.00

    The Contact Form by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.24. This is due to missing or incorrect nonce validation on the AJAX action handler. This makes it possible for unauthenticated attackers to…

  • CVE-2023-33006MedMay 16, 2023
    risk 0.35cvss 5.4epss 0.00

    A cross-site request forgery (CSRF) vulnerability in Jenkins WSO2 Oauth Plugin 1.0 and earlier allows attackers to trick users into logging in to the attacker's account.

  • CVE-2023-29020MedApr 21, 2023
    risk 0.35cvss 6.5epss 0.00

    @fastify/passport is a port of passport authentication library for the Fastify ecosystem. The CSRF (Cross-Site Request Forger) protection enforced by the `@fastify/csrf-protection` library, when combined with `@fastify/passport` in affected versions, can be bypassed by network…

  • CVE-2023-24377MedFeb 14, 2023
    risk 0.35cvss 5.4epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart plugin <= 6.11.3 versions.

  • CVE-2023-0726MedFeb 8, 2023
    risk 0.35cvss 5.4epss 0.00

    The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_edit_folder function. This makes it possible for unauthenticated attackers to invoke…

  • CVE-2023-0725MedFeb 8, 2023
    risk 0.35cvss 5.4epss 0.00

    The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_clone_folder function. This makes it possible for unauthenticated attackers to invoke…

  • CVE-2023-0724MedFeb 8, 2023
    risk 0.35cvss 5.4epss 0.00

    The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_add_folder function. This makes it possible for unauthenticated attackers to invoke…

  • CVE-2023-0722MedFeb 8, 2023
    risk 0.35cvss 5.4epss 0.00

    The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_save_state function. This makes it possible for unauthenticated attackers to invoke…

  • CVE-2023-0685MedFeb 8, 2023
    risk 0.35cvss 5.4epss 0.00

    The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_unassign_folders function. This makes it possible for unauthenticated attackers to…

  • CVE-2023-0735MedFeb 7, 2023
    risk 0.35cvss 6.5epss 0.00

    Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.5.4.

  • CVE-2023-0730MedFeb 7, 2023
    risk 0.35cvss 5.4epss 0.00

    The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_save_folder_order function. This makes it possible for unauthenticated attackers to…

  • CVE-2023-0727MedFeb 7, 2023
    risk 0.35cvss 5.4epss 0.00

    The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_delete_folder function. This makes it possible for unauthenticated attackers to invoke…

  • CVE-2023-0723MedFeb 7, 2023
    risk 0.35cvss 5.4epss 0.00

    The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_move_object function. This makes it possible for unauthenticated attackers to invoke…

  • CVE-2023-0728MedFeb 7, 2023
    risk 0.35cvss 5.4epss 0.00

    The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_save_folder function. This makes it possible for unauthenticated attackers to invoke…

  • CVE-2022-2933MedFeb 6, 2023
    risk 0.35cvss 5.4epss 0.01

    The 0mk Shortener plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on the zeromk_options_page function. This makes it possible for unauthenticated attackers to inject…

  • CVE-2022-46842MedFeb 2, 2023
    risk 0.35cvss 5.4epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in JS Help Desk plugin <= 2.7.1 versions.

  • CVE-2022-46815MedFeb 2, 2023
    risk 0.35cvss 5.4epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Lauri Karisola / WP Trio Conditional Shipping for WooCommerce plugin <= 2.3.1 versions.

  • CVE-2022-45807MedFeb 2, 2023
    risk 0.35cvss 5.4epss 0.00

    Cross-Site Request Forgery (CSRF) in WPVibes WP Mail Log plugin <= 1.0.1 versions.

  • CVE-2022-40692MedFeb 2, 2023
    risk 0.35cvss 5.4epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in WP Sunshine Sunshine Photo Cart plugin <= 2.9.13 versions.