VYPR

CWE-352

Cross-Site Request Forgery (CSRF)

CompoundStableLikelihood: Medium

Description

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-111 · CAPEC-462 · CAPEC-467 · CAPEC-62

CVEs mapped to this weakness (5,713)

page 155 of 286
  • CVE-2025-68583MedDec 24, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Tikweb Management Fast User Switching fast-user-switching allows Cross Site Request Forgery.This issue affects Fast User Switching: from n/a through <= 1.4.10.

  • CVE-2025-68580MedDec 24, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in pluginsware Advanced Classifieds & Directory Pro advanced-classifieds-and-directory-pro allows Cross Site Request Forgery.This issue affects Advanced Classifieds & Directory Pro: from n/a through <= 3.2.9.

  • CVE-2025-68529MedDec 24, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Rhys Wynne WP Email Capture wp-email-capture allows Cross Site Request Forgery.This issue affects WP Email Capture: from n/a through <= 3.12.5.

  • CVE-2025-67625MedDec 24, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in tmtraderunner Trade Runner traderunner allows Cross Site Request Forgery.This issue affects Trade Runner: from n/a through <= 3.14.

  • CVE-2025-62880MedDec 22, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Kunal Custom 404 Pro custom-404-pro allows Cross Site Request Forgery.This issue affects Custom 404 Pro: from n/a through <= 3.12.0.

  • CVE-2025-62107MedDec 22, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in PluginOps Feather Login Page feather-login-page allows Cross Site Request Forgery.This issue affects Feather Login Page: from n/a through <= 1.1.7.

  • CVE-2025-13361MedDec 21, 2025
    risk 0.28cvss 4.3epss 0.00

    The Web to SugarCRM Lead plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing nonce validation on the custom field deletion functionality. This makes it possible for unauthenticated attackers to…

  • CVE-2025-14168MedDec 20, 2025
    risk 0.28cvss 4.3epss 0.00

    The WP DB Booster plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing nonce validation on the cleanup_all AJAX action. This makes it possible for unauthenticated attackers to delete database records…

  • CVE-2025-14164MedDec 20, 2025
    risk 0.28cvss 4.3epss 0.00

    The Quran Gateway plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing nonce validation in the quran_gateway_options function. This makes it possible for unauthenticated attackers to modify the…

  • CVE-2025-64700MedDec 17, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-site request forgery vulnerability exists in GROWI v7.3.3 and earlier. If a user views a malicious page while logged in, the user may be tricked to do unintended operations.

  • CVE-2025-64240MedDec 16, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in freshchat Freshchat freshchat allows Cross Site Request Forgery.This issue affects Freshchat: from n/a through <= 2.3.4.

  • CVE-2025-64239MedDec 16, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Yoav Farhi RTL Tester rtl-tester allows Cross Site Request Forgery.This issue affects RTL Tester: from n/a through <= 1.2.

  • CVE-2025-64237MedDec 16, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Graham Quick Interest Slider quick-interest-slider allows Cross Site Request Forgery.This issue affects Quick Interest Slider: from n/a through <= 3.1.5.

  • CVE-2025-59009MedDec 16, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Astoundify Listify listify allows Cross Site Request Forgery.This issue affects Listify: from n/a through <= 3.2.5.

  • CVE-2025-58999MedDec 16, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in loopus WP Attractive Donations System - Easy Stripe & Paypal donations WP_AttractiveDonationsSystem allows Cross Site Request Forgery.This issue affects WP Attractive Donations System - Easy Stripe & Paypal donations: from n/a…

  • CVE-2025-14462MedDec 13, 2025
    risk 0.28cvss 4.3epss 0.00

    The Lucky Draw Contests plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2. This is due to missing or incorrect nonce validation in misc-settings.php. This makes it possible for unauthenticated attackers to update plugin…

  • CVE-2025-14394MedDec 13, 2025
    risk 0.28cvss 4.3epss 0.00

    The Popover Windows plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged…

  • CVE-2025-14159MedDec 12, 2025
    risk 0.28cvss 4.3epss 0.00

    The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.9.2. This is due to missing nonce validation on the 'ays_sccp_results_export_file' AJAX action. This makes it possible…

  • CVE-2025-10684MedDec 12, 2025
    risk 0.28cvss 4.3epss 0.00

    The Construction Light WordPress theme before 1.6.8 does not have authorisation and CSRF when activating via an AJAX action, allowing any authenticated users, such as subscriber to activate arbitrary .

  • CVE-2025-14391MedDec 12, 2025
    risk 0.28cvss 4.3epss 0.00

    The Simple Theme Changer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to update the plugin's settings via a…