CWE-352

Cross-Site Request Forgery (CSRF)

CompoundStableLikelihood: Medium

Description

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

Hierarchy (View 1000)

Parents

CWE-345

Children

none

Related attack patterns (CAPEC)

CAPEC-111 · CAPEC-462 · CAPEC-467 · CAPEC-62

CVEs mapped to this weakness (4,557)

page 135 of 228

CVE	Sev	Risk	CVSS	Published	Description
CVE-2025-31769	Med	0.28	4.3	Apr 1, 2025	Cross-Site Request Forgery (CSRF) vulnerability in NiteoThemes CLP – Custom Login Page by NiteoThemes clp-custom-login-page allows Cross Site Request Forgery.This issue affects CLP – Custom Login Page by NiteoThemes: from n/a through <= 1.5.5.
CVE-2025-31763	Med	0.28	4.3	Apr 1, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Preliot Cache control by Cacholong cache-control-by-cacholong allows Cross Site Request Forgery.This issue affects Cache control by Cacholong: from n/a through <= 5.4.1.
CVE-2025-31756	Med	0.28	4.3	Apr 1, 2025	Cross-Site Request Forgery (CSRF) vulnerability in tuyennv TZ PlusGallery tz-plus-gallery allows Cross Site Request Forgery.This issue affects TZ PlusGallery: from n/a through <= 1.5.5.
CVE-2025-3037	Med	0.28	4.3	Mar 31, 2025	A vulnerability has been found in yzk2356911358 StudentServlet-JSP cc0cdce25fbe43b6c58b60a77a2c85f52d2102f5/d4d7a0643f1dae908a4831206f2714b21820f991 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.
CVE-2025-31602	Med	0.28	4.3	Mar 31, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Proptech Plugin Apimo Connector apimo allows Cross Site Request Forgery.This issue affects Apimo Connector: from n/a through <= 2.6.5.1.
CVE-2025-31600	Med	0.28	4.3	Mar 31, 2025	Cross-Site Request Forgery (CSRF) vulnerability in designnbuy DesignO designo allows Cross Site Request Forgery.This issue affects DesignO: from n/a through <= 2.6.0.
CVE-2025-31572	Med	0.28	4.3	Mar 31, 2025	Cross-Site Request Forgery (CSRF) vulnerability in v20202020 Multi Days Events and Multi Events in One Day Calendar dragon-calendar-free-version allows Cross Site Request Forgery.This issue affects Multi Days Events and Multi Events in One Day Calendar: from n/a through <= 1.1.3.
CVE-2025-31410	Med	0.28	4.3	Mar 31, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Ashish Ajani WP Church Donation wp-church-donation allows Cross Site Request Forgery.This issue affects WP Church Donation: from n/a through <= 1.7.
CVE-2025-31010	Med	0.28	4.3	Mar 28, 2025	Cross-Site Request Forgery (CSRF) vulnerability in ReichertBrothers SimplyRETS Real Estate IDX simply-rets allows Cross Site Request Forgery.This issue affects SimplyRETS Real Estate IDX: from n/a through <= 3.0.5.
CVE-2025-31474	Med	0.28	4.3	Mar 28, 2025	Cross-Site Request Forgery (CSRF) vulnerability in matthewprice1178 WP Database Optimizer wp-database-optimizer allows Cross Site Request Forgery.This issue affects WP Database Optimizer: from n/a through <= 1.2.1.3.
CVE-2025-31456	Med	0.28	4.3	Mar 28, 2025	Cross-Site Request Forgery (CSRF) vulnerability in bsndev Ultimate Security Checker ultimate-security-checker allows Cross Site Request Forgery.This issue affects Ultimate Security Checker: from n/a through <= 4.2.
CVE-2025-31438	Med	0.28	4.3	Mar 28, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Benoit De Boeck WP Supersized wp-supersized allows Cross Site Request Forgery.This issue affects WP Supersized: from n/a through <= 3.1.6.
CVE-2025-31079	Med	0.28	4.3	Mar 28, 2025	Cross-Site Request Forgery (CSRF) vulnerability in usermaven Usermaven usermaven allows Cross Site Request Forgery.This issue affects Usermaven: from n/a through <= 1.2.1.
CVE-2025-22637	Med	0.28	4.3	Mar 27, 2025	Cross-Site Request Forgery (CSRF) vulnerability in verkkovaraani Print PDF Generator and Publisher nopeamedia allows Cross Site Request Forgery.This issue affects Print PDF Generator and Publisher: from n/a through <= 1.2.0.
CVE-2025-22669	Med	0.28	4.3	Mar 27, 2025	Cross-Site Request Forgery (CSRF) vulnerability in AwesomeTOGI Awesome Event Booking awesome-event-booking allows Cross Site Request Forgery.This issue affects Awesome Event Booking: from n/a through <= 2.7.5.
CVE-2025-30923	Med	0.28	4.3	Mar 27, 2025	Cross-Site Request Forgery (CSRF) vulnerability in powerfulwp Gift Message for WooCommerce gift-message-for-woocommerce allows Cross Site Request Forgery.This issue affects Gift Message for WooCommerce: from n/a through <= 1.7.8.
CVE-2025-30888	Med	0.28	4.3	Mar 27, 2025	Cross-Site Request Forgery (CSRF) vulnerability in silverplugins217 Custom Fields Account Registration For Woocommerce custom-fields-account-registration-for-woocommerce allows Cross Site Request Forgery.This issue affects Custom Fields Account Registration For Woocommerce: from n/a through <= 1.1.
CVE-2025-30872	Med	0.28	4.3	Mar 27, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Nitin Prakash Product Author for WooCommerce wc-product-author allows Cross Site Request Forgery.This issue affects Product Author for WooCommerce: from n/a through <= 1.0.7.
CVE-2025-30865	Med	0.28	4.3	Mar 27, 2025	Cross-Site Request Forgery (CSRF) vulnerability in fuzzoid 3DPrint Lite 3dprint-lite allows Cross Site Request Forgery.This issue affects 3DPrint Lite: from n/a through <= 2.1.3.5.
CVE-2025-30863	Med	0.28	4.3	Mar 27, 2025	Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms integration-for-contact-form-7-and-google-sheets allows Cross Site Request Forgery.This issue affects Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through <= 1.0.9.

CVE-2025-31769MedApr 1, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in NiteoThemes CLP – Custom Login Page by NiteoThemes clp-custom-login-page allows Cross Site Request Forgery.This issue affects CLP – Custom Login Page by NiteoThemes: from n/a through <= 1.5.5.
CVE-2025-31763MedApr 1, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Preliot Cache control by Cacholong cache-control-by-cacholong allows Cross Site Request Forgery.This issue affects Cache control by Cacholong: from n/a through <= 5.4.1.
CVE-2025-31756MedApr 1, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in tuyennv TZ PlusGallery tz-plus-gallery allows Cross Site Request Forgery.This issue affects TZ PlusGallery: from n/a through <= 1.5.5.
CVE-2025-3037MedMar 31, 2025
risk 0.28cvss 4.3epss 0.00
A vulnerability has been found in yzk2356911358 StudentServlet-JSP cc0cdce25fbe43b6c58b60a77a2c85f52d2102f5/d4d7a0643f1dae908a4831206f2714b21820f991 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.
CVE-2025-31602MedMar 31, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Proptech Plugin Apimo Connector apimo allows Cross Site Request Forgery.This issue affects Apimo Connector: from n/a through <= 2.6.5.1.
CVE-2025-31600MedMar 31, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in designnbuy DesignO designo allows Cross Site Request Forgery.This issue affects DesignO: from n/a through <= 2.6.0.
CVE-2025-31572MedMar 31, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in v20202020 Multi Days Events and Multi Events in One Day Calendar dragon-calendar-free-version allows Cross Site Request Forgery.This issue affects Multi Days Events and Multi Events in One Day Calendar: from n/a through <= 1.1.3.
CVE-2025-31410MedMar 31, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Ashish Ajani WP Church Donation wp-church-donation allows Cross Site Request Forgery.This issue affects WP Church Donation: from n/a through <= 1.7.
CVE-2025-31010MedMar 28, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in ReichertBrothers SimplyRETS Real Estate IDX simply-rets allows Cross Site Request Forgery.This issue affects SimplyRETS Real Estate IDX: from n/a through <= 3.0.5.
CVE-2025-31474MedMar 28, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in matthewprice1178 WP Database Optimizer wp-database-optimizer allows Cross Site Request Forgery.This issue affects WP Database Optimizer: from n/a through <= 1.2.1.3.
CVE-2025-31456MedMar 28, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in bsndev Ultimate Security Checker ultimate-security-checker allows Cross Site Request Forgery.This issue affects Ultimate Security Checker: from n/a through <= 4.2.
CVE-2025-31438MedMar 28, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Benoit De Boeck WP Supersized wp-supersized allows Cross Site Request Forgery.This issue affects WP Supersized: from n/a through <= 3.1.6.
CVE-2025-31079MedMar 28, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in usermaven Usermaven usermaven allows Cross Site Request Forgery.This issue affects Usermaven: from n/a through <= 1.2.1.
CVE-2025-22637MedMar 27, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in verkkovaraani Print PDF Generator and Publisher nopeamedia allows Cross Site Request Forgery.This issue affects Print PDF Generator and Publisher: from n/a through <= 1.2.0.
CVE-2025-22669MedMar 27, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in AwesomeTOGI Awesome Event Booking awesome-event-booking allows Cross Site Request Forgery.This issue affects Awesome Event Booking: from n/a through <= 2.7.5.
CVE-2025-30923MedMar 27, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in powerfulwp Gift Message for WooCommerce gift-message-for-woocommerce allows Cross Site Request Forgery.This issue affects Gift Message for WooCommerce: from n/a through <= 1.7.8.
CVE-2025-30888MedMar 27, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in silverplugins217 Custom Fields Account Registration For Woocommerce custom-fields-account-registration-for-woocommerce allows Cross Site Request Forgery.This issue affects Custom Fields Account Registration For Woocommerce: from n/a through <= 1.1.
CVE-2025-30872MedMar 27, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Nitin Prakash Product Author for WooCommerce wc-product-author allows Cross Site Request Forgery.This issue affects Product Author for WooCommerce: from n/a through <= 1.0.7.
CVE-2025-30865MedMar 27, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in fuzzoid 3DPrint Lite 3dprint-lite allows Cross Site Request Forgery.This issue affects 3DPrint Lite: from n/a through <= 2.1.3.5.
CVE-2025-30863MedMar 27, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms integration-for-contact-form-7-and-google-sheets allows Cross Site Request Forgery.This issue affects Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through <= 1.0.9.