CWE-352

Cross-Site Request Forgery (CSRF)

CompoundStableLikelihood: Medium

Description

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

Hierarchy (View 1000)

Parents

CWE-345

Children

none

Related attack patterns (CAPEC)

CAPEC-111 · CAPEC-462 · CAPEC-467 · CAPEC-62

CVEs mapped to this weakness (4,557)

page 144 of 228

CVE	Sev	Risk	CVSS	Published	Description
CVE-2024-37240	Med	0.28	4.3	Jan 2, 2025	Cross-Site Request Forgery (CSRF) vulnerability in sbouey Falang multilanguage falang allows Cross Site Request Forgery.This issue affects Falang multilanguage: from n/a through <= 1.3.51.
CVE-2024-37238	Med	0.28	4.3	Jan 2, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Greg Winiarski WPAdverts wpadverts allows Cross Site Request Forgery.This issue affects WPAdverts: from n/a through <= 2.1.2.
CVE-2024-37236	Med	0.28	4.3	Jan 2, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Tim W Loco Translate loco-translate allows Cross Site Request Forgery.This issue affects Loco Translate: from n/a through <= 2.6.9.
CVE-2024-37235	Med	0.28	4.3	Jan 2, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Adrian Tobey Groundhogg groundhogg allows Cross Site Request Forgery.This issue affects Groundhogg: from n/a through <= 3.4.2.3.
CVE-2024-37104	Med	0.28	4.3	Jan 2, 2025	Cross-Site Request Forgery (CSRF) vulnerability in raratheme Chic Lite chic-lite allows Cross Site Request Forgery.This issue affects Chic Lite: from n/a through <= 1.1.3.
CVE-2024-37103	Med	0.28	4.3	Jan 2, 2025	Cross-Site Request Forgery (CSRF) vulnerability in raratheme Education Zone education-zone allows Cross Site Request Forgery.This issue affects Education Zone: from n/a through <= 1.3.4.
CVE-2024-37102	Med	0.28	4.3	Jan 2, 2025	Cross-Site Request Forgery (CSRF) vulnerability in blossomthemes Vilva vilva allows Cross Site Request Forgery.This issue affects Vilva: from n/a through <= 1.2.2.
CVE-2024-37093	Med	0.28	4.3	Jan 2, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Cross Site Request Forgery.This issue affects MasterStudy LMS: from n/a through <= 3.2.1.
CVE-2024-56229	Med	0.28	4.3	Dec 31, 2024	Cross-Site Request Forgery (CSRF) vulnerability in SearchIQ SearchIQ searchiq.This issue affects SearchIQ: from n/a through <= 4.6.
CVE-2024-56218	Med	0.28	4.3	Dec 31, 2024	Cross-Site Request Forgery (CSRF) vulnerability in sevenspark Contact Form 7 – Dynamic Text Extension contact-form-7-dynamic-text-extension allows Cross Site Request Forgery.This issue affects Contact Form 7 – Dynamic Text Extension: from n/a through <= 5.0.1.
CVE-2024-12636	Med	0.28	4.3	Dec 25, 2024	The Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.6. This is due to missing or incorrect nonce validation on the 'create_popup_delete_process' function. This makes it possible for unauthenticated attackers to delete popups via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVE-2024-54357	Med	0.28	4.3	Dec 16, 2024	Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada avada.This issue affects Avada: from n/a through <= 7.11.10.
CVE-2024-54396	Med	0.28	4.3	Dec 16, 2024	Cross-Site Request Forgery (CSRF) vulnerability in elmervillanueva Bet sport Free bet-sport-free allows Cross Site Request Forgery.This issue affects Bet sport Free: from n/a through <= 1.0.0.
CVE-2024-54355	Med	0.28	4.3	Dec 16, 2024	Cross-Site Request Forgery (CSRF) vulnerability in brandtoss WP Mailster wp-mailster allows Cross Site Request Forgery.This issue affects WP Mailster: from n/a through <= 1.8.17.0.
CVE-2024-37251	Med	0.28	4.3	Dec 16, 2024	Cross-Site Request Forgery (CSRF) vulnerability in WPENGINE, INC. Advanced Custom Fields PRO.This issue affects Advanced Custom Fields PRO: from n/a before 6.3.2.
CVE-2024-54321	Med	0.28	4.3	Dec 13, 2024	Cross-Site Request Forgery (CSRF) vulnerability in Hive Support Hive Support hive-support allows Cross Site Request Forgery.This issue affects Hive Support: from n/a through <= 1.1.2.
CVE-2024-54307	Med	0.28	4.3	Dec 13, 2024	Cross-Site Request Forgery (CSRF) vulnerability in aipost AIcomments aicomments allows Cross Site Request Forgery.This issue affects AIcomments: from n/a through <= 1.4.1.
CVE-2024-54306	Med	0.28	4.3	Dec 13, 2024	Cross-Site Request Forgery (CSRF) vulnerability in aitool AIKCT Engine Chatbot, ChatGPT, Gemini, GPT-4o Best AI Chatbot ai-seo-translator allows Cross Site Request Forgery.This issue affects AIKCT Engine Chatbot, ChatGPT, Gemini, GPT-4o Best AI Chatbot: from n/a through <= 1.6.2.
CVE-2024-54300	Med	0.28	4.3	Dec 13, 2024	Cross-Site Request Forgery (CSRF) vulnerability in Basar Ventures AutoWP autowp-ai-content-writer-rewriter allows Cross Site Request Forgery.This issue affects AutoWP: from n/a through <= 2.0.8.
CVE-2024-12526	Med	0.28	4.3	Dec 12, 2024	The Arena.IM – Live Blogging for real-time events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.4.1. This is due to missing or incorrect nonce validation on the 'albfre_user_action' AJAX action. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE-2024-37240MedJan 2, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in sbouey Falang multilanguage falang allows Cross Site Request Forgery.This issue affects Falang multilanguage: from n/a through <= 1.3.51.
CVE-2024-37238MedJan 2, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Greg Winiarski WPAdverts wpadverts allows Cross Site Request Forgery.This issue affects WPAdverts: from n/a through <= 2.1.2.
CVE-2024-37236MedJan 2, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Tim W Loco Translate loco-translate allows Cross Site Request Forgery.This issue affects Loco Translate: from n/a through <= 2.6.9.
CVE-2024-37235MedJan 2, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Adrian Tobey Groundhogg groundhogg allows Cross Site Request Forgery.This issue affects Groundhogg: from n/a through <= 3.4.2.3.
CVE-2024-37104MedJan 2, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in raratheme Chic Lite chic-lite allows Cross Site Request Forgery.This issue affects Chic Lite: from n/a through <= 1.1.3.
CVE-2024-37103MedJan 2, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in raratheme Education Zone education-zone allows Cross Site Request Forgery.This issue affects Education Zone: from n/a through <= 1.3.4.
CVE-2024-37102MedJan 2, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in blossomthemes Vilva vilva allows Cross Site Request Forgery.This issue affects Vilva: from n/a through <= 1.2.2.
CVE-2024-37093MedJan 2, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Cross Site Request Forgery.This issue affects MasterStudy LMS: from n/a through <= 3.2.1.
CVE-2024-56229MedDec 31, 2024
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in SearchIQ SearchIQ searchiq.This issue affects SearchIQ: from n/a through <= 4.6.
CVE-2024-56218MedDec 31, 2024
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in sevenspark Contact Form 7 – Dynamic Text Extension contact-form-7-dynamic-text-extension allows Cross Site Request Forgery.This issue affects Contact Form 7 – Dynamic Text Extension: from n/a through <= 5.0.1.
CVE-2024-12636MedDec 25, 2024
risk 0.28cvss 4.3epss 0.00
The Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.6. This is due to missing or incorrect nonce validation on the 'create_popup_delete_process' function. This makes it possible for unauthenticated attackers to delete popups via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVE-2024-54357MedDec 16, 2024
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada avada.This issue affects Avada: from n/a through <= 7.11.10.
CVE-2024-54396MedDec 16, 2024
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in elmervillanueva Bet sport Free bet-sport-free allows Cross Site Request Forgery.This issue affects Bet sport Free: from n/a through <= 1.0.0.
CVE-2024-54355MedDec 16, 2024
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in brandtoss WP Mailster wp-mailster allows Cross Site Request Forgery.This issue affects WP Mailster: from n/a through <= 1.8.17.0.
CVE-2024-37251MedDec 16, 2024
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in WPENGINE, INC. Advanced Custom Fields PRO.This issue affects Advanced Custom Fields PRO: from n/a before 6.3.2.
CVE-2024-54321MedDec 13, 2024
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Hive Support Hive Support hive-support allows Cross Site Request Forgery.This issue affects Hive Support: from n/a through <= 1.1.2.
CVE-2024-54307MedDec 13, 2024
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in aipost AIcomments aicomments allows Cross Site Request Forgery.This issue affects AIcomments: from n/a through <= 1.4.1.
CVE-2024-54306MedDec 13, 2024
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in aitool AIKCT Engine Chatbot, ChatGPT, Gemini, GPT-4o Best AI Chatbot ai-seo-translator allows Cross Site Request Forgery.This issue affects AIKCT Engine Chatbot, ChatGPT, Gemini, GPT-4o Best AI Chatbot: from n/a through <= 1.6.2.
CVE-2024-54300MedDec 13, 2024
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Basar Ventures AutoWP autowp-ai-content-writer-rewriter allows Cross Site Request Forgery.This issue affects AutoWP: from n/a through <= 2.0.8.
CVE-2024-12526MedDec 12, 2024
risk 0.28cvss 4.3epss 0.00
The Arena.IM – Live Blogging for real-time events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.4.1. This is due to missing or incorrect nonce validation on the 'albfre_user_action' AJAX action. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.