CWE-352

Cross-Site Request Forgery (CSRF)

CompoundStableLikelihood: Medium

Description

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

Hierarchy (View 1000)

Parents

CWE-345

Children

none

Related attack patterns (CAPEC)

CAPEC-111 · CAPEC-462 · CAPEC-467 · CAPEC-62

CVEs mapped to this weakness (4,557)

page 136 of 228

CVE	Sev	Risk	CVSS	Published	Description
CVE-2025-30862	Med	0.28	4.3	Mar 27, 2025	Cross-Site Request Forgery (CSRF) vulnerability in sminozzi reCAPTCHA for all recaptcha-for-all allows Cross Site Request Forgery.This issue affects reCAPTCHA for all: from n/a through <= 2.22.
CVE-2025-30856	Med	0.28	4.3	Mar 27, 2025	Cross-Site Request Forgery (CSRF) vulnerability in theme funda Custom Field For WP Job Manager custom-field-for-wp-job-manager allows Cross Site Request Forgery.This issue affects Custom Field For WP Job Manager: from n/a through <= 1.4.
CVE-2025-30854	Med	0.28	4.3	Mar 27, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Vollstart Serial Codes Generator and Validator with WooCommerce Support serial-codes-generator-and-validator allows Cross Site Request Forgery.This issue affects Serial Codes Generator and Validator with WooCommerce Support: from n/a through <= 2.7.7.
CVE-2025-30842	Med	0.28	4.3	Mar 27, 2025	Cross-Site Request Forgery (CSRF) vulnerability in pixolette Christmas Panda christmas-panda allows Cross Site Request Forgery.This issue affects Christmas Panda: from n/a through <= 1.0.4.
CVE-2025-30833	Med	0.28	4.3	Mar 27, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Soft8Soft LLC Verge3D verge3d allows Cross Site Request Forgery.This issue affects Verge3D: from n/a through <= 4.8.2.
CVE-2025-30823	Med	0.28	4.3	Mar 27, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Boone Gorges Anthologize anthologize allows Cross Site Request Forgery.This issue affects Anthologize: from n/a through <= 0.8.2.
CVE-2025-30822	Med	0.28	4.3	Mar 27, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Hakik Zaman Custom Login Logo ideal-wp-login-logo-changer allows Cross Site Request Forgery.This issue affects Custom Login Logo: from n/a through <= 1.1.7.
CVE-2025-30816	Med	0.28	4.3	Mar 27, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Nks publish post email notification publish-post-email-notification allows Cross Site Request Forgery.This issue affects publish post email notification: from n/a through <= 1.0.2.3.
CVE-2025-30815	Med	0.28	4.3	Mar 27, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Saeed Sattar Beglou Hesabfa Accounting hesabfa-accounting allows Cross Site Request Forgery.This issue affects Hesabfa Accounting: from n/a through <= 2.1.8.
CVE-2025-30811	Med	0.28	4.3	Mar 27, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Javier Revilla ValidateCertify validar-certificados-de-cursos allows Cross Site Request Forgery.This issue affects ValidateCertify: from n/a through <= 1.6.1.
CVE-2025-30805	Med	0.28	4.3	Mar 27, 2025	Cross-Site Request Forgery (CSRF) vulnerability in wpdesk Flexible Cookies flexible-cookies allows Cross Site Request Forgery.This issue affects Flexible Cookies: from n/a through <= 1.1.8.
CVE-2025-30804	Med	0.28	4.3	Mar 27, 2025	Cross-Site Request Forgery (CSRF) vulnerability in maennchen1.de wpShopGermany IT-RECHT KANZLEI wpshopgermany-it-recht-kanzlei allows Cross Site Request Forgery.This issue affects wpShopGermany IT-RECHT KANZLEI: from n/a through <= 2.0.
CVE-2025-30801	Med	0.28	4.3	Mar 27, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Abu Bakar TWB Woocommerce Reviews twb-woocommerce-reviews allows Cross Site Request Forgery.This issue affects TWB Woocommerce Reviews: from n/a through <= 1.7.7.
CVE-2025-30764	Med	0.28	4.3	Mar 27, 2025	Cross-Site Request Forgery (CSRF) vulnerability in AntoineH Football Pool football-pool allows Cross Site Request Forgery.This issue affects Football Pool: from n/a through <= 2.12.2.
CVE-2024-13710	Med	0.28	4.3	Mar 25, 2025	The Estatebud – Properties & Listings plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.5.0. This is due to missing or incorrect nonce validation on the 'estatebud_settings' page. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVE-2025-1320	Med	0.28	4.3	Mar 25, 2025	The teachPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.0.9. This is due to missing or incorrect nonce validation on the import.php page. This makes it possible for unauthenticated attackers to delete imports via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVE-2025-30617	Med	0.28	4.3	Mar 24, 2025	Cross-Site Request Forgery (CSRF) vulnerability in takien Rewrite rewrite allows Cross Site Request Forgery.This issue affects Rewrite: from n/a through <= 0.2.1.
CVE-2025-30601	Med	0.28	4.3	Mar 24, 2025	Cross-Site Request Forgery (CSRF) vulnerability in flipdish Flipdish Ordering System flipdish-ordering-system allows Cross Site Request Forgery.This issue affects Flipdish Ordering System: from n/a through <= 1.5.2.
CVE-2025-30598	Med	0.28	4.3	Mar 24, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Link OSS Upload oss-upload allows Cross Site Request Forgery.This issue affects OSS Upload: from n/a through <= 4.8.9.
CVE-2025-30585	Med	0.28	4.3	Mar 24, 2025	Cross-Site Request Forgery (CSRF) vulnerability in marynixie Generate Post Thumbnails generate-post-thumbnails allows Cross Site Request Forgery.This issue affects Generate Post Thumbnails: from n/a through <= 0.8.

CVE-2025-30862MedMar 27, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in sminozzi reCAPTCHA for all recaptcha-for-all allows Cross Site Request Forgery.This issue affects reCAPTCHA for all: from n/a through <= 2.22.
CVE-2025-30856MedMar 27, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in theme funda Custom Field For WP Job Manager custom-field-for-wp-job-manager allows Cross Site Request Forgery.This issue affects Custom Field For WP Job Manager: from n/a through <= 1.4.
CVE-2025-30854MedMar 27, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Vollstart Serial Codes Generator and Validator with WooCommerce Support serial-codes-generator-and-validator allows Cross Site Request Forgery.This issue affects Serial Codes Generator and Validator with WooCommerce Support: from n/a through <= 2.7.7.
CVE-2025-30842MedMar 27, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in pixolette Christmas Panda christmas-panda allows Cross Site Request Forgery.This issue affects Christmas Panda: from n/a through <= 1.0.4.
CVE-2025-30833MedMar 27, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Soft8Soft LLC Verge3D verge3d allows Cross Site Request Forgery.This issue affects Verge3D: from n/a through <= 4.8.2.
CVE-2025-30823MedMar 27, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Boone Gorges Anthologize anthologize allows Cross Site Request Forgery.This issue affects Anthologize: from n/a through <= 0.8.2.
CVE-2025-30822MedMar 27, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Hakik Zaman Custom Login Logo ideal-wp-login-logo-changer allows Cross Site Request Forgery.This issue affects Custom Login Logo: from n/a through <= 1.1.7.
CVE-2025-30816MedMar 27, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Nks publish post email notification publish-post-email-notification allows Cross Site Request Forgery.This issue affects publish post email notification: from n/a through <= 1.0.2.3.
CVE-2025-30815MedMar 27, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Saeed Sattar Beglou Hesabfa Accounting hesabfa-accounting allows Cross Site Request Forgery.This issue affects Hesabfa Accounting: from n/a through <= 2.1.8.
CVE-2025-30811MedMar 27, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Javier Revilla ValidateCertify validar-certificados-de-cursos allows Cross Site Request Forgery.This issue affects ValidateCertify: from n/a through <= 1.6.1.
CVE-2025-30805MedMar 27, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in wpdesk Flexible Cookies flexible-cookies allows Cross Site Request Forgery.This issue affects Flexible Cookies: from n/a through <= 1.1.8.
CVE-2025-30804MedMar 27, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in maennchen1.de wpShopGermany IT-RECHT KANZLEI wpshopgermany-it-recht-kanzlei allows Cross Site Request Forgery.This issue affects wpShopGermany IT-RECHT KANZLEI: from n/a through <= 2.0.
CVE-2025-30801MedMar 27, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Abu Bakar TWB Woocommerce Reviews twb-woocommerce-reviews allows Cross Site Request Forgery.This issue affects TWB Woocommerce Reviews: from n/a through <= 1.7.7.
CVE-2025-30764MedMar 27, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in AntoineH Football Pool football-pool allows Cross Site Request Forgery.This issue affects Football Pool: from n/a through <= 2.12.2.
CVE-2024-13710MedMar 25, 2025
risk 0.28cvss 4.3epss 0.00
The Estatebud – Properties & Listings plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.5.0. This is due to missing or incorrect nonce validation on the 'estatebud_settings' page. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVE-2025-1320MedMar 25, 2025
risk 0.28cvss 4.3epss 0.00
The teachPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.0.9. This is due to missing or incorrect nonce validation on the import.php page. This makes it possible for unauthenticated attackers to delete imports via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVE-2025-30617MedMar 24, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in takien Rewrite rewrite allows Cross Site Request Forgery.This issue affects Rewrite: from n/a through <= 0.2.1.
CVE-2025-30601MedMar 24, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in flipdish Flipdish Ordering System flipdish-ordering-system allows Cross Site Request Forgery.This issue affects Flipdish Ordering System: from n/a through <= 1.5.2.
CVE-2025-30598MedMar 24, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Link OSS Upload oss-upload allows Cross Site Request Forgery.This issue affects OSS Upload: from n/a through <= 4.8.9.
CVE-2025-30585MedMar 24, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in marynixie Generate Post Thumbnails generate-post-thumbnails allows Cross Site Request Forgery.This issue affects Generate Post Thumbnails: from n/a through <= 0.8.