CWE-352

Cross-Site Request Forgery (CSRF)

CompoundStableLikelihood: Medium

Description

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

Hierarchy (View 1000)

Parents

CWE-345

Children

none

Related attack patterns (CAPEC)

CAPEC-111 · CAPEC-462 · CAPEC-467 · CAPEC-62

CVEs mapped to this weakness (4,557)

page 138 of 228

CVE	Sev	Risk	CVSS	Published	Description
CVE-2025-28940	Med	0.28	4.3	Mar 11, 2025	Cross-Site Request Forgery (CSRF) vulnerability in arkapravamajumder Back To Top backtotop allows Cross Site Request Forgery.This issue affects Back To Top: from n/a through <= 2.0.
CVE-2025-28927	Med	0.28	4.3	Mar 11, 2025	Cross-Site Request Forgery (CSRF) vulnerability in A. Chappard Display Template Name display-template-name allows Cross Site Request Forgery.This issue affects Display Template Name: from n/a through <= 1.7.1.
CVE-2025-28913	Med	0.28	4.3	Mar 11, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Aftab Ali Muni WP Add Active Class To Menu Item wp-add-active-class-to-menu-item allows Cross Site Request Forgery.This issue affects WP Add Active Class To Menu Item: from n/a through <= 1.0.
CVE-2025-28912	Med	0.28	4.3	Mar 11, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Muntasir Rahman Custom Dashboard Page custom-dashboard-page allows Cross Site Request Forgery.This issue affects Custom Dashboard Page: from n/a through <= 1.0.
CVE-2025-28910	Med	0.28	4.3	Mar 11, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Ravinder Khurana WP Hide Admin Bar wp-hide-admin-bar allows Cross Site Request Forgery.This issue affects WP Hide Admin Bar: from n/a through <= 2.0.
CVE-2025-28909	Med	0.28	4.3	Mar 11, 2025	Cross-Site Request Forgery (CSRF) vulnerability in edwardw WP No-Bot Question wp-no-bot-question allows Cross Site Request Forgery.This issue affects WP No-Bot Question: from n/a through <= 0.1.7.
CVE-2025-28902	Med	0.28	4.3	Mar 11, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Benjamin Pick Contact Form 7 Select Box Editor Button contact-form-7-select-box-editor-button allows Cross Site Request Forgery.This issue affects Contact Form 7 Select Box Editor Button: from n/a through <= 0.6.
CVE-2025-28887	Med	0.28	4.3	Mar 11, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Fastmover Plugins Last Updated Column plugins-last-updated-column allows Cross Site Request Forgery.This issue affects Plugins Last Updated Column: from n/a through <= 0.1.3.
CVE-2025-28886	Med	0.28	4.3	Mar 11, 2025	Cross-Site Request Forgery (CSRF) vulnerability in xjb REST API TO MiniProgram rest-api-to-miniprogram allows Cross Site Request Forgery.This issue affects REST API TO MiniProgram: from n/a through <= 5.1.2.
CVE-2025-28884	Med	0.28	4.3	Mar 11, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Rajesh Kumar WP Bulk Post Duplicator wp-bulk-post-duplicator allows Cross Site Request Forgery.This issue affects WP Bulk Post Duplicator: from n/a through <= 1.2.
CVE-2025-28881	Med	0.28	4.3	Mar 11, 2025	Cross-Site Request Forgery (CSRF) vulnerability in mg12 Mobile Themes wp-mobile-themes allows Cross Site Request Forgery.This issue affects Mobile Themes: from n/a through <= 1.1.1.
CVE-2025-28876	Med	0.28	4.3	Mar 11, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Skrill_Team Skrill Official official-skrill-woocommerce allows Cross Site Request Forgery.This issue affects Skrill Official: from n/a through <= 1.0.66.
CVE-2025-28868	Med	0.28	4.3	Mar 11, 2025	Cross-Site Request Forgery (CSRF) vulnerability in ZipList ZipList Recipe ziplist-recipe-plugin allows Cross Site Request Forgery.This issue affects ZipList Recipe: from n/a through <= 3.1.
CVE-2025-28867	Med	0.28	4.3	Mar 11, 2025	Cross-Site Request Forgery (CSRF) vulnerability in stesvis Frontpage category filter frontpage-category-filter allows Cross Site Request Forgery.This issue affects Frontpage category filter: from n/a through <= 1.0.2.
CVE-2025-28866	Med	0.28	4.3	Mar 11, 2025	Cross-Site Request Forgery (CSRF) vulnerability in smerriman Login Logger login-logger allows Cross Site Request Forgery.This issue affects Login Logger: from n/a through <= 1.2.1.
CVE-2025-28864	Med	0.28	4.3	Mar 11, 2025	Cross-Site Request Forgery (CSRF) vulnerability in planetstudio Builder for Contact Form 7 by Webconstruct cf7-builder allows Cross Site Request Forgery.This issue affects Builder for Contact Form 7 by Webconstruct: from n/a through <= 1.2.2.
CVE-2025-28863	Med	0.28	4.3	Mar 11, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Carlos Minatti Delete Original Image delete-original-image allows Cross Site Request Forgery.This issue affects Delete Original Image: from n/a through <= 0.4.
CVE-2025-28862	Med	0.28	4.3	Mar 11, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Venugopal Comment Date and Gravatar remover remove-date-and-gravatar-under-comment allows Cross Site Request Forgery.This issue affects Comment Date and Gravatar remover: from n/a through <= 1.0.
CVE-2025-28859	Med	0.28	4.3	Mar 11, 2025	Cross-Site Request Forgery (CSRF) vulnerability in CodeVibrant Maintenance Notice maintenance-notice allows Cross Site Request Forgery.This issue affects Maintenance Notice: from n/a through <= 1.0.6.
CVE-2025-28856	Med	0.28	4.3	Mar 11, 2025	Cross-Site Request Forgery (CSRF) vulnerability in dangrossman W3Counter Free Real-Time Web Stats blog-stats-by-w3counter allows Cross Site Request Forgery.This issue affects W3Counter Free Real-Time Web Stats: from n/a through <= 4.1.

CVE-2025-28940MedMar 11, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in arkapravamajumder Back To Top backtotop allows Cross Site Request Forgery.This issue affects Back To Top: from n/a through <= 2.0.
CVE-2025-28927MedMar 11, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in A. Chappard Display Template Name display-template-name allows Cross Site Request Forgery.This issue affects Display Template Name: from n/a through <= 1.7.1.
CVE-2025-28913MedMar 11, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Aftab Ali Muni WP Add Active Class To Menu Item wp-add-active-class-to-menu-item allows Cross Site Request Forgery.This issue affects WP Add Active Class To Menu Item: from n/a through <= 1.0.
CVE-2025-28912MedMar 11, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Muntasir Rahman Custom Dashboard Page custom-dashboard-page allows Cross Site Request Forgery.This issue affects Custom Dashboard Page: from n/a through <= 1.0.
CVE-2025-28910MedMar 11, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Ravinder Khurana WP Hide Admin Bar wp-hide-admin-bar allows Cross Site Request Forgery.This issue affects WP Hide Admin Bar: from n/a through <= 2.0.
CVE-2025-28909MedMar 11, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in edwardw WP No-Bot Question wp-no-bot-question allows Cross Site Request Forgery.This issue affects WP No-Bot Question: from n/a through <= 0.1.7.
CVE-2025-28902MedMar 11, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Benjamin Pick Contact Form 7 Select Box Editor Button contact-form-7-select-box-editor-button allows Cross Site Request Forgery.This issue affects Contact Form 7 Select Box Editor Button: from n/a through <= 0.6.
CVE-2025-28887MedMar 11, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Fastmover Plugins Last Updated Column plugins-last-updated-column allows Cross Site Request Forgery.This issue affects Plugins Last Updated Column: from n/a through <= 0.1.3.
CVE-2025-28886MedMar 11, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in xjb REST API TO MiniProgram rest-api-to-miniprogram allows Cross Site Request Forgery.This issue affects REST API TO MiniProgram: from n/a through <= 5.1.2.
CVE-2025-28884MedMar 11, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Rajesh Kumar WP Bulk Post Duplicator wp-bulk-post-duplicator allows Cross Site Request Forgery.This issue affects WP Bulk Post Duplicator: from n/a through <= 1.2.
CVE-2025-28881MedMar 11, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in mg12 Mobile Themes wp-mobile-themes allows Cross Site Request Forgery.This issue affects Mobile Themes: from n/a through <= 1.1.1.
CVE-2025-28876MedMar 11, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Skrill_Team Skrill Official official-skrill-woocommerce allows Cross Site Request Forgery.This issue affects Skrill Official: from n/a through <= 1.0.66.
CVE-2025-28868MedMar 11, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in ZipList ZipList Recipe ziplist-recipe-plugin allows Cross Site Request Forgery.This issue affects ZipList Recipe: from n/a through <= 3.1.
CVE-2025-28867MedMar 11, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in stesvis Frontpage category filter frontpage-category-filter allows Cross Site Request Forgery.This issue affects Frontpage category filter: from n/a through <= 1.0.2.
CVE-2025-28866MedMar 11, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in smerriman Login Logger login-logger allows Cross Site Request Forgery.This issue affects Login Logger: from n/a through <= 1.2.1.
CVE-2025-28864MedMar 11, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in planetstudio Builder for Contact Form 7 by Webconstruct cf7-builder allows Cross Site Request Forgery.This issue affects Builder for Contact Form 7 by Webconstruct: from n/a through <= 1.2.2.
CVE-2025-28863MedMar 11, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Carlos Minatti Delete Original Image delete-original-image allows Cross Site Request Forgery.This issue affects Delete Original Image: from n/a through <= 0.4.
CVE-2025-28862MedMar 11, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Venugopal Comment Date and Gravatar remover remove-date-and-gravatar-under-comment allows Cross Site Request Forgery.This issue affects Comment Date and Gravatar remover: from n/a through <= 1.0.
CVE-2025-28859MedMar 11, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in CodeVibrant Maintenance Notice maintenance-notice allows Cross Site Request Forgery.This issue affects Maintenance Notice: from n/a through <= 1.0.6.
CVE-2025-28856MedMar 11, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in dangrossman W3Counter Free Real-Time Web Stats blog-stats-by-w3counter allows Cross Site Request Forgery.This issue affects W3Counter Free Real-Time Web Stats: from n/a through <= 4.1.