VYPR

CWE-352

Cross-Site Request Forgery (CSRF)

CompoundStableLikelihood: Medium

Description

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-111 · CAPEC-462 · CAPEC-467 · CAPEC-62

CVEs mapped to this weakness (5,713)

page 134 of 286
  • CVE-2023-25015MedFeb 2, 2023
    risk 0.35cvss 6.5epss 0.00

    Clockwork Web before 0.1.2, when Rails before 5.2 is used, allows CSRF.

  • CVE-2023-24457MedJan 26, 2023
    risk 0.35cvss 6.5epss 0.01

    A cross-site request forgery (CSRF) vulnerability in Jenkins Keycloak Authentication Plugin 2.3.0 and earlier allows attackers to trick users into logging in to the attacker's account.

  • CVE-2023-24423MedJan 26, 2023
    risk 0.35cvss 6.5epss 0.00

    A cross-site request forgery (CSRF) vulnerability in Jenkins Gerrit Trigger Plugin 2.38.0 and earlier allows attackers to rebuild previous builds triggered by Gerrit.

  • CVE-2023-0438MedJan 23, 2023
    risk 0.35cvss 6.5epss 0.00

    Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4.

  • CVE-2023-0403MedJan 19, 2023
    risk 0.35cvss 5.4epss 0.00

    The Social Warfare plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.3.1. This is due to missing or incorrect nonce validation on several AJAX actions. This makes it possible for unauthenticated attackers to delete post meta…

  • CVE-2023-0398MedJan 19, 2023
    risk 0.35cvss 6.5epss 0.00

    Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4.

  • CVE-2023-0086MedJan 5, 2023
    risk 0.35cvss 5.4epss 0.00

    The JetWidgets for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.12. This is due to missing nonce validation on the save() function. This makes it possible for unauthenticated attackers to to modify the plugin's…

  • CVE-2022-4850MedDec 29, 2022
    risk 0.35cvss 6.5epss 0.00

    Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.

  • CVE-2022-4849MedDec 29, 2022
    risk 0.35cvss 6.5epss 0.00

    Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.

  • CVE-2022-4846MedDec 29, 2022
    risk 0.35cvss 6.5epss 0.00

    Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.

  • CVE-2022-4646MedDec 22, 2022
    risk 0.35cvss 6.5epss 0.00

    Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.5.4.

  • CVE-2022-46688MedDec 12, 2022
    risk 0.35cvss 6.5epss 0.00

    A cross-site request forgery (CSRF) vulnerability in Jenkins Sonar Gerrit Plugin 377.v8f3808963dc5 and earlier allows attackers to have Jenkins connect to Gerrit servers (previously configured by Jenkins administrators) using attacker-specified credentials IDs obtained through…

  • CVE-2022-45824MedDec 5, 2022
    risk 0.35cvss 5.4epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Advanced Booking Calendar plugin <= 1.7.1 on WordPress.

  • CVE-2022-4220MedDec 2, 2022
    risk 0.35cvss 5.4epss 0.00

    The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the list_questions() function. This makes it possible for unauthenticated attackers to delete questions from…

  • CVE-2022-4219MedDec 2, 2022
    risk 0.35cvss 5.4epss 0.00

    The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the manage() function. This makes it possible for unauthenticated attackers to delete submitted quiz responses…

  • CVE-2022-4218MedDec 2, 2022
    risk 0.35cvss 5.4epss 0.00

    The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the list_quizzes() function. This makes it possible for unauthenticated attackers to delete quizzes and copy…

  • CVE-2022-41685MedNov 18, 2022
    risk 0.35cvss 5.4epss 0.00

    Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Viszt Péter's Integration for Szamlazz.hu & WooCommerce plugin <= 5.6.3.2 and Csomagpontok és szállítási címkék WooCommerce-hez plugin <= 1.9.0.2 on WordPress.

  • CVE-2022-36404MedNov 3, 2022
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple SEO (WordPress plugin) plugin <= 1.8.12 versions.

  • CVE-2022-43408MedOct 19, 2022
    risk 0.35cvss 6.5epss 0.00

    Jenkins Pipeline: Stage View Plugin 2.26 and earlier does not correctly encode the ID of 'input' steps when using it to generate URLs to proceed or abort Pipeline builds, allowing attackers able to configure Pipelines to specify 'input' step IDs resulting in URLs that would…

  • CVE-2022-38079MedSep 23, 2022
    risk 0.35cvss 5.4epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability Backup Scheduler plugin <= 1.5.13 at WordPress.