CWE-352
Cross-Site Request Forgery (CSRF)
Description
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-111 · CAPEC-462 · CAPEC-467 · CAPEC-62
CVEs mapped to this weakness (5,713)
page 134 of 286| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-25015 | — | Med | 0.35 | 6.5 | 0.00 | Feb 2, 2023 | Clockwork Web before 0.1.2, when Rails before 5.2 is used, allows CSRF. | |
| CVE-2023-24457 | Med | 0.35 | 6.5 | 0.01 | Jan 26, 2023 | A cross-site request forgery (CSRF) vulnerability in Jenkins Keycloak Authentication Plugin 2.3.0 and earlier allows attackers to trick users into logging in to the attacker's account. | ||
| CVE-2023-24423 | Med | 0.35 | 6.5 | 0.00 | Jan 26, 2023 | A cross-site request forgery (CSRF) vulnerability in Jenkins Gerrit Trigger Plugin 2.38.0 and earlier allows attackers to rebuild previous builds triggered by Gerrit. | ||
| CVE-2023-0438 | Med | 0.35 | 6.5 | 0.00 | Jan 23, 2023 | Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4. | ||
| CVE-2023-0403 | Med | 0.35 | 5.4 | 0.00 | Jan 19, 2023 | The Social Warfare plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.3.1. This is due to missing or incorrect nonce validation on several AJAX actions. This makes it possible for unauthenticated attackers to delete post meta… | ||
| CVE-2023-0398 | Med | 0.35 | 6.5 | 0.00 | Jan 19, 2023 | Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4. | ||
| CVE-2023-0086 | Med | 0.35 | 5.4 | 0.00 | Jan 5, 2023 | The JetWidgets for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.12. This is due to missing nonce validation on the save() function. This makes it possible for unauthenticated attackers to to modify the plugin's… | ||
| CVE-2022-4850 | — | Med | 0.35 | 6.5 | 0.00 | Dec 29, 2022 | Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1. | |
| CVE-2022-4849 | — | Med | 0.35 | 6.5 | 0.00 | Dec 29, 2022 | Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1. | |
| CVE-2022-4846 | — | Med | 0.35 | 6.5 | 0.00 | Dec 29, 2022 | Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1. | |
| CVE-2022-4646 | — | Med | 0.35 | 6.5 | 0.00 | Dec 22, 2022 | Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.5.4. | |
| CVE-2022-46688 | Med | 0.35 | 6.5 | 0.00 | Dec 12, 2022 | A cross-site request forgery (CSRF) vulnerability in Jenkins Sonar Gerrit Plugin 377.v8f3808963dc5 and earlier allows attackers to have Jenkins connect to Gerrit servers (previously configured by Jenkins administrators) using attacker-specified credentials IDs obtained through… | ||
| CVE-2022-45824 | Med | 0.35 | 5.4 | 0.00 | Dec 5, 2022 | Cross-Site Request Forgery (CSRF) vulnerability in Advanced Booking Calendar plugin <= 1.7.1 on WordPress. | ||
| CVE-2022-4220 | Med | 0.35 | 5.4 | 0.00 | Dec 2, 2022 | The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the list_questions() function. This makes it possible for unauthenticated attackers to delete questions from… | ||
| CVE-2022-4219 | Med | 0.35 | 5.4 | 0.00 | Dec 2, 2022 | The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the manage() function. This makes it possible for unauthenticated attackers to delete submitted quiz responses… | ||
| CVE-2022-4218 | Med | 0.35 | 5.4 | 0.00 | Dec 2, 2022 | The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the list_quizzes() function. This makes it possible for unauthenticated attackers to delete quizzes and copy… | ||
| CVE-2022-41685 | Med | 0.35 | 5.4 | 0.00 | Nov 18, 2022 | Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Viszt Péter's Integration for Szamlazz.hu & WooCommerce plugin <= 5.6.3.2 and Csomagpontok és szállítási címkék WooCommerce-hez plugin <= 1.9.0.2 on WordPress. | ||
| CVE-2022-36404 | Med | 0.35 | 5.4 | 0.00 | Nov 3, 2022 | Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple SEO (WordPress plugin) plugin <= 1.8.12 versions. | ||
| CVE-2022-43408 | Med | 0.35 | 6.5 | 0.00 | Oct 19, 2022 | Jenkins Pipeline: Stage View Plugin 2.26 and earlier does not correctly encode the ID of 'input' steps when using it to generate URLs to proceed or abort Pipeline builds, allowing attackers able to configure Pipelines to specify 'input' step IDs resulting in URLs that would… | ||
| CVE-2022-38079 | Med | 0.35 | 5.4 | 0.00 | Sep 23, 2022 | Cross-Site Request Forgery (CSRF) vulnerability Backup Scheduler plugin <= 1.5.13 at WordPress. |
- risk 0.35cvss 6.5epss 0.00
Clockwork Web before 0.1.2, when Rails before 5.2 is used, allows CSRF.
- risk 0.35cvss 6.5epss 0.01
A cross-site request forgery (CSRF) vulnerability in Jenkins Keycloak Authentication Plugin 2.3.0 and earlier allows attackers to trick users into logging in to the attacker's account.
- risk 0.35cvss 6.5epss 0.00
A cross-site request forgery (CSRF) vulnerability in Jenkins Gerrit Trigger Plugin 2.38.0 and earlier allows attackers to rebuild previous builds triggered by Gerrit.
- risk 0.35cvss 6.5epss 0.00
Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4.
- risk 0.35cvss 5.4epss 0.00
The Social Warfare plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.3.1. This is due to missing or incorrect nonce validation on several AJAX actions. This makes it possible for unauthenticated attackers to delete post meta…
- risk 0.35cvss 6.5epss 0.00
Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4.
- risk 0.35cvss 5.4epss 0.00
The JetWidgets for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.12. This is due to missing nonce validation on the save() function. This makes it possible for unauthenticated attackers to to modify the plugin's…
- risk 0.35cvss 6.5epss 0.00
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.
- risk 0.35cvss 6.5epss 0.00
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.
- risk 0.35cvss 6.5epss 0.00
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.
- risk 0.35cvss 6.5epss 0.00
Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.5.4.
- risk 0.35cvss 6.5epss 0.00
A cross-site request forgery (CSRF) vulnerability in Jenkins Sonar Gerrit Plugin 377.v8f3808963dc5 and earlier allows attackers to have Jenkins connect to Gerrit servers (previously configured by Jenkins administrators) using attacker-specified credentials IDs obtained through…
- risk 0.35cvss 5.4epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Advanced Booking Calendar plugin <= 1.7.1 on WordPress.
- risk 0.35cvss 5.4epss 0.00
The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the list_questions() function. This makes it possible for unauthenticated attackers to delete questions from…
- risk 0.35cvss 5.4epss 0.00
The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the manage() function. This makes it possible for unauthenticated attackers to delete submitted quiz responses…
- risk 0.35cvss 5.4epss 0.00
The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the list_quizzes() function. This makes it possible for unauthenticated attackers to delete quizzes and copy…
- risk 0.35cvss 5.4epss 0.00
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Viszt Péter's Integration for Szamlazz.hu & WooCommerce plugin <= 5.6.3.2 and Csomagpontok és szállítási címkék WooCommerce-hez plugin <= 1.9.0.2 on WordPress.
- risk 0.35cvss 5.4epss 0.00
Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple SEO (WordPress plugin) plugin <= 1.8.12 versions.
- risk 0.35cvss 6.5epss 0.00
Jenkins Pipeline: Stage View Plugin 2.26 and earlier does not correctly encode the ID of 'input' steps when using it to generate URLs to proceed or abort Pipeline builds, allowing attackers able to configure Pipelines to specify 'input' step IDs resulting in URLs that would…
- risk 0.35cvss 5.4epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability Backup Scheduler plugin <= 1.5.13 at WordPress.