CWE-352
Cross-Site Request Forgery (CSRF)
Description
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-111 · CAPEC-462 · CAPEC-467 · CAPEC-62
CVEs mapped to this weakness (5,713)
page 156 of 286| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-14165 | Med | 0.28 | 4.3 | 0.00 | Dec 12, 2025 | The Kirim.Email WooCommerce Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.9. This is due to missing nonce validation on the plugin's settings page. This makes it possible for unauthenticated attackers to… | ||
| CVE-2025-14162 | Med | 0.28 | 4.3 | 0.00 | Dec 12, 2025 | The BMLT WordPress Plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.11.4. This is due to missing nonce validation on the 'BMLTPlugin_create_option' and 'BMLTPlugin_delete_option ' action. This makes it possible for… | ||
| CVE-2025-14161 | Med | 0.28 | 4.3 | 0.00 | Dec 12, 2025 | The Truefy Embed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing nonce validation on the 'truefy_embed_options_update' settings update action. This makes it possible for unauthenticated… | ||
| CVE-2025-14158 | Med | 0.28 | 4.3 | 0.00 | Dec 12, 2025 | The Coding Blocks plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to update plugin… | ||
| CVE-2025-14062 | Med | 0.28 | 4.3 | 0.00 | Dec 12, 2025 | The Animated Pixel Marquee Creator plugin for WordPress is vulnerable to Cross-Site Request Forgery via the 'marquee' parameter in all versions up to, and including, 1.0.0. This is due to missing nonce validation on the marquee deletion function. This makes it possible for… | ||
| CVE-2025-13987 | Med | 0.28 | 4.3 | 0.00 | Dec 12, 2025 | The Purchase and Expense Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.2. This is due to missing nonce validation on the 'sup_pt_handle_deletion' function. This makes it possible for unauthenticated attackers… | ||
| CVE-2025-13408 | Med | 0.28 | 4.3 | 0.00 | Dec 12, 2025 | The Foxtool All-in-One: Contact chat button, Custom login, Media optimize images plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.2. This is due to missing or incorrect nonce validation on the foxtool_login_google()… | ||
| CVE-2025-13366 | Med | 0.28 | 4.3 | 0.00 | Dec 12, 2025 | The Rabbit Hole plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the plugin's reset functionality. This makes it possible for unauthenticated attackers to reset the… | ||
| CVE-2025-13363 | Med | 0.28 | 4.3 | 0.00 | Dec 12, 2025 | The IMAQ Core plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing nonce validation on the URL structure settings update functionality. This makes it possible for unauthenticated attackers to update… | ||
| CVE-2025-13924 | Med | 0.28 | 4.3 | 0.00 | Dec 9, 2025 | The Advanced Product Fields (Product Addons) for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.17. This is due to missing or incorrect nonce validation on the 'maybe_duplicate' function. This makes it… | ||
| CVE-2023-22675 | Med | 0.28 | 4.3 | 0.00 | Dec 9, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in Taylor Hawkes WP Fast Cache allows Cross Site Request Forgery.This issue affects WP Fast Cache: from n/a through 1.5. | ||
| CVE-2025-67598 | Med | 0.28 | 4.3 | 0.00 | Dec 9, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in PSM Plugins SupportCandy supportcandy allows Cross Site Request Forgery.This issue affects SupportCandy: from n/a through <= 3.4.1. | ||
| CVE-2025-67596 | Med | 0.28 | 4.3 | 0.00 | Dec 9, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Team Business Directory business-directory-plugin allows Cross Site Request Forgery.This issue affects Business Directory: from n/a through <= 6.4.19. | ||
| CVE-2025-67595 | Med | 0.28 | 4.3 | 0.00 | Dec 9, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Quiz Maker quiz-maker allows Cross Site Request Forgery.This issue affects Quiz Maker: from n/a through <= 6.7.0.82. | ||
| CVE-2025-67591 | Med | 0.28 | 4.3 | 0.00 | Dec 9, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in jegtheme JNews Paywall jnews-paywall allows Cross Site Request Forgery.This issue affects JNews Paywall: from n/a through < 12.0.1. | ||
| CVE-2025-67590 | Med | 0.28 | 4.3 | 0.00 | Dec 9, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in Rustaurius Ultimate FAQ ultimate-faqs allows Cross Site Request Forgery.This issue affects Ultimate FAQ: from n/a through <= 2.4.3. | ||
| CVE-2025-67473 | Med | 0.28 | 4.3 | 0.00 | Dec 9, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in codeworkweb CWW Companion cww-companion allows Cross Site Request Forgery.This issue affects CWW Companion: from n/a through <= 1.3.2. | ||
| CVE-2025-67472 | Med | 0.28 | 4.3 | 0.00 | Dec 9, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita meeting-scheduler-by-vcita allows Cross Site Request Forgery.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through <=… | ||
| CVE-2025-67471 | Med | 0.28 | 4.3 | 0.00 | Dec 9, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in Saad Iqbal Quick Contact Form quick-contact-form allows Cross Site Request Forgery.This issue affects Quick Contact Form: from n/a through <= 8.2.5. | ||
| CVE-2025-67469 | Med | 0.28 | 4.3 | 0.00 | Dec 9, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in kubiq PDF Thumbnail Generator pdf-thumbnail-generator allows Cross Site Request Forgery.This issue affects PDF Thumbnail Generator: from n/a through <= 1.4. |
- risk 0.28cvss 4.3epss 0.00
The Kirim.Email WooCommerce Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.9. This is due to missing nonce validation on the plugin's settings page. This makes it possible for unauthenticated attackers to…
- risk 0.28cvss 4.3epss 0.00
The BMLT WordPress Plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.11.4. This is due to missing nonce validation on the 'BMLTPlugin_create_option' and 'BMLTPlugin_delete_option ' action. This makes it possible for…
- risk 0.28cvss 4.3epss 0.00
The Truefy Embed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing nonce validation on the 'truefy_embed_options_update' settings update action. This makes it possible for unauthenticated…
- risk 0.28cvss 4.3epss 0.00
The Coding Blocks plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to update plugin…
- risk 0.28cvss 4.3epss 0.00
The Animated Pixel Marquee Creator plugin for WordPress is vulnerable to Cross-Site Request Forgery via the 'marquee' parameter in all versions up to, and including, 1.0.0. This is due to missing nonce validation on the marquee deletion function. This makes it possible for…
- risk 0.28cvss 4.3epss 0.00
The Purchase and Expense Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.2. This is due to missing nonce validation on the 'sup_pt_handle_deletion' function. This makes it possible for unauthenticated attackers…
- risk 0.28cvss 4.3epss 0.00
The Foxtool All-in-One: Contact chat button, Custom login, Media optimize images plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.2. This is due to missing or incorrect nonce validation on the foxtool_login_google()…
- risk 0.28cvss 4.3epss 0.00
The Rabbit Hole plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the plugin's reset functionality. This makes it possible for unauthenticated attackers to reset the…
- risk 0.28cvss 4.3epss 0.00
The IMAQ Core plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing nonce validation on the URL structure settings update functionality. This makes it possible for unauthenticated attackers to update…
- risk 0.28cvss 4.3epss 0.00
The Advanced Product Fields (Product Addons) for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.17. This is due to missing or incorrect nonce validation on the 'maybe_duplicate' function. This makes it…
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Taylor Hawkes WP Fast Cache allows Cross Site Request Forgery.This issue affects WP Fast Cache: from n/a through 1.5.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in PSM Plugins SupportCandy supportcandy allows Cross Site Request Forgery.This issue affects SupportCandy: from n/a through <= 3.4.1.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Team Business Directory business-directory-plugin allows Cross Site Request Forgery.This issue affects Business Directory: from n/a through <= 6.4.19.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Quiz Maker quiz-maker allows Cross Site Request Forgery.This issue affects Quiz Maker: from n/a through <= 6.7.0.82.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in jegtheme JNews Paywall jnews-paywall allows Cross Site Request Forgery.This issue affects JNews Paywall: from n/a through < 12.0.1.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Rustaurius Ultimate FAQ ultimate-faqs allows Cross Site Request Forgery.This issue affects Ultimate FAQ: from n/a through <= 2.4.3.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in codeworkweb CWW Companion cww-companion allows Cross Site Request Forgery.This issue affects CWW Companion: from n/a through <= 1.3.2.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita meeting-scheduler-by-vcita allows Cross Site Request Forgery.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through <=…
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Saad Iqbal Quick Contact Form quick-contact-form allows Cross Site Request Forgery.This issue affects Quick Contact Form: from n/a through <= 8.2.5.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in kubiq PDF Thumbnail Generator pdf-thumbnail-generator allows Cross Site Request Forgery.This issue affects PDF Thumbnail Generator: from n/a through <= 1.4.