VYPR

CWE-352

Cross-Site Request Forgery (CSRF)

CompoundStableLikelihood: Medium

Description

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-111 · CAPEC-462 · CAPEC-467 · CAPEC-62

CVEs mapped to this weakness (5,713)

page 161 of 286
  • CVE-2025-9889MedOct 3, 2025
    risk 0.28cvss 4.3epss 0.00

    The ContentMX Content Publisher plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6. This is due to missing or incorrect nonce validation on the cmx_activate_connection function. This makes it possible for unauthenticated…

  • CVE-2025-9885MedOct 3, 2025
    risk 0.28cvss 4.3epss 0.00

    The MPWizard – Create Mercado Pago Payment Links plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation in the '/includes/admin/class-mpwizard-table.php' file. This…

  • CVE-2025-9630MedOct 3, 2025
    risk 0.28cvss 4.3epss 0.00

    The WP SinoType plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the sinotype_config function. This makes it possible for unauthenticated attackers to modify…

  • CVE-2025-8669MedOct 3, 2025
    risk 0.28cvss 4.3epss 0.00

    The Customify theme for WordPress is vulnerable to Cross-Site Request Forgery in version 0.4.11. This is due to missing or incorrect nonce validation on the reset_customize_section function. This makes it possible for unauthenticated attackers to reset theme customization…

  • CVE-2025-10311MedOct 3, 2025
    risk 0.28cvss 4.3epss 0.00

    The Comment Info Detector plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.5. This is due to missing nonce validation on the options.php file when handling form submissions. This makes it possible for unauthenticated…

  • CVE-2025-10309MedOct 3, 2025
    risk 0.28cvss 4.3epss 0.00

    The PayPal Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing nonce validation on the form creation and management functions. This makes it possible for unauthenticated attackers to create…

  • CVE-2025-10302MedOct 3, 2025
    risk 0.28cvss 4.3epss 0.00

    The Ultimate Viral Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on thesave_options() function. This makes it possible for unauthenticated attackers to update…

  • CVE-2025-9948MedSep 30, 2025
    risk 0.28cvss 4.3epss 0.00

    The Chat by Chatwee plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.3. This is due to missing or incorrect nonce validation on the admin settings page. This makes it possible for unauthenticated attackers to modify…

  • CVE-2025-9944MedSep 27, 2025
    risk 0.28cvss 4.3epss 0.00

    The Professional Contact Form plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the watch_for_contact_form_submit function. This makes it possible for…

  • CVE-2025-9898MedSep 27, 2025
    risk 0.28cvss 4.3epss 0.00

    The cForms – Light speed fast Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.0. This is due to missing or incorrect nonce validation on the cforms_api function. This makes it possible for unauthenticated…

  • CVE-2025-9896MedSep 27, 2025
    risk 0.28cvss 4.3epss 0.00

    The HidePost plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.8. This is due to missing or incorrect nonce validation on the options.php settings page. This makes it possible for unauthenticated attackers to modify plugin…

  • CVE-2025-9894MedSep 27, 2025
    risk 0.28cvss 4.3epss 0.00

    The Sync Feedly plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the crsf_cron_job_func function. This makes it possible for unauthenticated attackers to trigger…

  • CVE-2025-9893MedSep 27, 2025
    risk 0.28cvss 4.3epss 0.00

    The VM Menu Reorder plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the vm_set_to_default function. This makes it possible for unauthenticated attackers…

  • CVE-2025-11029MedSep 26, 2025
    risk 0.28cvss 4.3epss 0.00

    A weakness has been identified in givanz Vvveb up to 1.0.7.2. This vulnerability affects unknown code. Executing manipulation can lead to cross-site request forgery. The attack can be executed remotely. The exploit has been made available to the public and could be exploited.…

  • CVE-2025-60145MedSep 26, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in yonifre Lenix scss compiler lenix-scss-compiler allows Cross Site Request Forgery.This issue affects Lenix scss compiler: from n/a through <= 1.2.

  • CVE-2025-60139MedSep 26, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Joovii Sendle Shipping official-sendle-shipping-method allows Cross Site Request Forgery.This issue affects Sendle Shipping: from n/a through <= 6.02.

  • CVE-2025-60137MedSep 26, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Galaxy Weblinks Post Featured Video post-featured-video allows Cross Site Request Forgery.This issue affects Post Featured Video: from n/a through <= 1.7.

  • CVE-2025-60117MedSep 26, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in TangibleWP Vehica Core vehica-core allows Cross Site Request Forgery.This issue affects Vehica Core: from n/a through <= 1.0.100.

  • CVE-2025-60115MedSep 26, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in instapagedev Instapage Plugin instapage allows Cross Site Request Forgery.This issue affects Instapage Plugin: from n/a through <= 3.7.0.

  • CVE-2025-60113MedSep 26, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in grooni Groovy Menu groovy-menu-free allows Cross Site Request Forgery.This issue affects Groovy Menu: from n/a through <= 1.4.3.