CWE-352
Cross-Site Request Forgery (CSRF)
Description
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-111 · CAPEC-462 · CAPEC-467 · CAPEC-62
CVEs mapped to this weakness (5,713)
page 149 of 286| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-4968 | Med | 0.28 | 4.3 | 0.00 | Mar 27, 2026 | A vulnerability was determined in SourceCodester Diary App 1.0. The affected element is an unknown function of the file diary.php. Executing a manipulation can lead to cross-site request forgery. The attack may be launched remotely. The exploit has been publicly disclosed and… | ||
| CVE-2026-4393 | Med | 0.28 | 4.3 | 0.00 | Mar 26, 2026 | Cross-Site Request Forgery (CSRF) vulnerability in Drupal Automated Logout allows Cross Site Request Forgery.This issue affects Automated Logout: from 0.0.0 before 1.7.0, from 2.0.0 before 2.0.2. | ||
| CVE-2026-3211 | Med | 0.28 | 4.3 | 0.00 | Mar 25, 2026 | Cross-Site Request Forgery (CSRF) vulnerability in Drupal Theme Negotiation by Rules allows Cross Site Request Forgery.This issue affects Theme Negotiation by Rules: from 0.0.0 before 1.2.1. | ||
| CVE-2026-4143 | Med | 0.28 | 4.3 | 0.00 | Mar 21, 2026 | The Neos Connector for Fakturama plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 0.0.14. This is due to missing nonce validation in the ncff_add_plugin_page() function which handles settings updates. This makes it possible for… | ||
| CVE-2026-3332 | Med | 0.28 | 4.3 | 0.00 | Mar 21, 2026 | The Xhanch - My Advanced Settings plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.2. This is due to missing nonce validation in the `xms_setting()` function on the settings update handler. This makes it possible for… | ||
| CVE-2026-3331 | Med | 0.28 | 4.3 | 0.00 | Mar 21, 2026 | The Lobot Slider Administrator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.6.0. This is due to missing or incorrect nonce validation on the fourty_slider_options_page function. This makes it possible for unauthenticated… | ||
| CVE-2026-1503 | Med | 0.28 | 4.3 | 0.00 | Mar 21, 2026 | The login_register plugin for WordPress is vulnerable to Cross-Site Request Forgery to Stored Cross-Site Scripting in all versions up to, and including, 1.2.0. This is due to missing nonce validation on the settings page and insufficient input sanitization and output escaping on… | ||
| CVE-2026-1393 | Med | 0.28 | 4.3 | 0.00 | Mar 21, 2026 | The Add Google Social Profiles to Knowledge Graph Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the settings update functionality. This makes it possible for… | ||
| CVE-2026-1392 | — | Med | 0.28 | 4.3 | 0.00 | Mar 21, 2026 | The SR WP Minify HTML plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1. This is due to missing nonce validation on the sr_minify_html_theme() function. This makes it possible for unauthenticated attackers to update plugin… | |
| CVE-2026-1390 | Med | 0.28 | 4.3 | 0.00 | Mar 21, 2026 | The Redirect countdown plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the `countdown_settings_content()` function. This makes it possible for unauthenticated attackers to… | ||
| CVE-2026-1378 | Med | 0.28 | 4.3 | 0.00 | Mar 21, 2026 | The WP Posts Re-order plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the `cpt_plugin_options()` function. This makes it possible for unauthenticated attackers to update the… | ||
| CVE-2026-4068 | Med | 0.28 | 4.3 | 0.00 | Mar 19, 2026 | The Add Custom Fields to Media plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.3. This is due to missing nonce validation on the field deletion functionality in the admin display template. The plugin properly validates a… | ||
| CVE-2026-29521 | Med | 0.28 | 4.3 | 0.00 | Mar 16, 2026 | Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a cross-site request forgery vulnerability that allows attackers to modify device configuration by exploiting missing CSRF protections in setup.cgi. Attackers can host malicious pages that submit forged requests using… | ||
| CVE-2017-20221 | Med | 0.28 | 4.3 | 0.00 | Mar 16, 2026 | Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains a cross-site request forgery vulnerability that allows authenticated attackers to execute arbitrary system commands by exploiting missing request validation. Attackers can craft malicious web pages that perform… | ||
| CVE-2016-20028 | Med | 0.28 | 4.3 | 0.00 | Mar 16, 2026 | ZKTeco ZKBioSecurity 3.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious websites. Attackers can craft HTTP requests that add superadmin accounts without validity… | ||
| CVE-2026-32456 | — | Med | 0.28 | 4.3 | 0.00 | Mar 13, 2026 | Cross-Site Request Forgery (CSRF) vulnerability in Janis Elsts Admin Menu Editor admin-menu-editor allows Cross Site Request Forgery.This issue affects Admin Menu Editor: from n/a through <= 1.14.1. | |
| CVE-2026-32344 | Med | 0.28 | 4.3 | 0.00 | Mar 13, 2026 | Cross-Site Request Forgery (CSRF) vulnerability in desertthemes Corpiva corpiva allows Cross Site Request Forgery.This issue affects Corpiva: from n/a through <= 1.0.96. | ||
| CVE-2026-32343 | Med | 0.28 | 4.3 | 0.00 | Mar 13, 2026 | Cross-Site Request Forgery (CSRF) vulnerability in Magazine3 Easy Table of Contents easy-table-of-contents allows Cross Site Request Forgery.This issue affects Easy Table of Contents: from n/a through <= 2.0.80. | ||
| CVE-2026-32342 | Med | 0.28 | 4.3 | 0.00 | Mar 13, 2026 | Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Quiz Maker quiz-maker allows Cross Site Request Forgery.This issue affects Quiz Maker: from n/a through <= 6.7.1.2. | ||
| CVE-2026-32330 | — | Med | 0.28 | 4.3 | 0.00 | Mar 13, 2026 | Cross-Site Request Forgery (CSRF) vulnerability in 10Web Photo Gallery by 10Web photo-gallery allows Cross Site Request Forgery.This issue affects Photo Gallery by 10Web: from n/a through <= 1.8.37. |
- risk 0.28cvss 4.3epss 0.00
A vulnerability was determined in SourceCodester Diary App 1.0. The affected element is an unknown function of the file diary.php. Executing a manipulation can lead to cross-site request forgery. The attack may be launched remotely. The exploit has been publicly disclosed and…
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Automated Logout allows Cross Site Request Forgery.This issue affects Automated Logout: from 0.0.0 before 1.7.0, from 2.0.0 before 2.0.2.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Theme Negotiation by Rules allows Cross Site Request Forgery.This issue affects Theme Negotiation by Rules: from 0.0.0 before 1.2.1.
- risk 0.28cvss 4.3epss 0.00
The Neos Connector for Fakturama plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 0.0.14. This is due to missing nonce validation in the ncff_add_plugin_page() function which handles settings updates. This makes it possible for…
- risk 0.28cvss 4.3epss 0.00
The Xhanch - My Advanced Settings plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.2. This is due to missing nonce validation in the `xms_setting()` function on the settings update handler. This makes it possible for…
- risk 0.28cvss 4.3epss 0.00
The Lobot Slider Administrator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.6.0. This is due to missing or incorrect nonce validation on the fourty_slider_options_page function. This makes it possible for unauthenticated…
- risk 0.28cvss 4.3epss 0.00
The login_register plugin for WordPress is vulnerable to Cross-Site Request Forgery to Stored Cross-Site Scripting in all versions up to, and including, 1.2.0. This is due to missing nonce validation on the settings page and insufficient input sanitization and output escaping on…
- risk 0.28cvss 4.3epss 0.00
The Add Google Social Profiles to Knowledge Graph Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the settings update functionality. This makes it possible for…
- risk 0.28cvss 4.3epss 0.00
The SR WP Minify HTML plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1. This is due to missing nonce validation on the sr_minify_html_theme() function. This makes it possible for unauthenticated attackers to update plugin…
- risk 0.28cvss 4.3epss 0.00
The Redirect countdown plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the `countdown_settings_content()` function. This makes it possible for unauthenticated attackers to…
- risk 0.28cvss 4.3epss 0.00
The WP Posts Re-order plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the `cpt_plugin_options()` function. This makes it possible for unauthenticated attackers to update the…
- risk 0.28cvss 4.3epss 0.00
The Add Custom Fields to Media plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.3. This is due to missing nonce validation on the field deletion functionality in the admin display template. The plugin properly validates a…
- risk 0.28cvss 4.3epss 0.00
Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a cross-site request forgery vulnerability that allows attackers to modify device configuration by exploiting missing CSRF protections in setup.cgi. Attackers can host malicious pages that submit forged requests using…
- risk 0.28cvss 4.3epss 0.00
Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains a cross-site request forgery vulnerability that allows authenticated attackers to execute arbitrary system commands by exploiting missing request validation. Attackers can craft malicious web pages that perform…
- risk 0.28cvss 4.3epss 0.00
ZKTeco ZKBioSecurity 3.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious websites. Attackers can craft HTTP requests that add superadmin accounts without validity…
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Janis Elsts Admin Menu Editor admin-menu-editor allows Cross Site Request Forgery.This issue affects Admin Menu Editor: from n/a through <= 1.14.1.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in desertthemes Corpiva corpiva allows Cross Site Request Forgery.This issue affects Corpiva: from n/a through <= 1.0.96.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Magazine3 Easy Table of Contents easy-table-of-contents allows Cross Site Request Forgery.This issue affects Easy Table of Contents: from n/a through <= 2.0.80.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Quiz Maker quiz-maker allows Cross Site Request Forgery.This issue affects Quiz Maker: from n/a through <= 6.7.1.2.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in 10Web Photo Gallery by 10Web photo-gallery allows Cross Site Request Forgery.This issue affects Photo Gallery by 10Web: from n/a through <= 1.8.37.