CWE-352
Cross-Site Request Forgery (CSRF)
Description
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-111 · CAPEC-462 · CAPEC-467 · CAPEC-62
CVEs mapped to this weakness (5,713)
page 161 of 286| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-9889 | Med | 0.28 | 4.3 | 0.00 | Oct 3, 2025 | The ContentMX Content Publisher plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6. This is due to missing or incorrect nonce validation on the cmx_activate_connection function. This makes it possible for unauthenticated… | ||
| CVE-2025-9885 | Med | 0.28 | 4.3 | 0.00 | Oct 3, 2025 | The MPWizard – Create Mercado Pago Payment Links plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation in the '/includes/admin/class-mpwizard-table.php' file. This… | ||
| CVE-2025-9630 | Med | 0.28 | 4.3 | 0.00 | Oct 3, 2025 | The WP SinoType plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the sinotype_config function. This makes it possible for unauthenticated attackers to modify… | ||
| CVE-2025-8669 | Med | 0.28 | 4.3 | 0.00 | Oct 3, 2025 | The Customify theme for WordPress is vulnerable to Cross-Site Request Forgery in version 0.4.11. This is due to missing or incorrect nonce validation on the reset_customize_section function. This makes it possible for unauthenticated attackers to reset theme customization… | ||
| CVE-2025-10311 | Med | 0.28 | 4.3 | 0.00 | Oct 3, 2025 | The Comment Info Detector plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.5. This is due to missing nonce validation on the options.php file when handling form submissions. This makes it possible for unauthenticated… | ||
| CVE-2025-10309 | Med | 0.28 | 4.3 | 0.00 | Oct 3, 2025 | The PayPal Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing nonce validation on the form creation and management functions. This makes it possible for unauthenticated attackers to create… | ||
| CVE-2025-10302 | Med | 0.28 | 4.3 | 0.00 | Oct 3, 2025 | The Ultimate Viral Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on thesave_options() function. This makes it possible for unauthenticated attackers to update… | ||
| CVE-2025-9948 | Med | 0.28 | 4.3 | 0.00 | Sep 30, 2025 | The Chat by Chatwee plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.3. This is due to missing or incorrect nonce validation on the admin settings page. This makes it possible for unauthenticated attackers to modify… | ||
| CVE-2025-9944 | Med | 0.28 | 4.3 | 0.00 | Sep 27, 2025 | The Professional Contact Form plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the watch_for_contact_form_submit function. This makes it possible for… | ||
| CVE-2025-9898 | Med | 0.28 | 4.3 | 0.00 | Sep 27, 2025 | The cForms – Light speed fast Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.0. This is due to missing or incorrect nonce validation on the cforms_api function. This makes it possible for unauthenticated… | ||
| CVE-2025-9896 | Med | 0.28 | 4.3 | 0.00 | Sep 27, 2025 | The HidePost plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.8. This is due to missing or incorrect nonce validation on the options.php settings page. This makes it possible for unauthenticated attackers to modify plugin… | ||
| CVE-2025-9894 | Med | 0.28 | 4.3 | 0.00 | Sep 27, 2025 | The Sync Feedly plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the crsf_cron_job_func function. This makes it possible for unauthenticated attackers to trigger… | ||
| CVE-2025-9893 | Med | 0.28 | 4.3 | 0.00 | Sep 27, 2025 | The VM Menu Reorder plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the vm_set_to_default function. This makes it possible for unauthenticated attackers… | ||
| CVE-2025-11029 | Med | 0.28 | 4.3 | 0.00 | Sep 26, 2025 | A weakness has been identified in givanz Vvveb up to 1.0.7.2. This vulnerability affects unknown code. Executing manipulation can lead to cross-site request forgery. The attack can be executed remotely. The exploit has been made available to the public and could be exploited.… | ||
| CVE-2025-60145 | Med | 0.28 | 4.3 | 0.00 | Sep 26, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in yonifre Lenix scss compiler lenix-scss-compiler allows Cross Site Request Forgery.This issue affects Lenix scss compiler: from n/a through <= 1.2. | ||
| CVE-2025-60139 | Med | 0.28 | 4.3 | 0.00 | Sep 26, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in Joovii Sendle Shipping official-sendle-shipping-method allows Cross Site Request Forgery.This issue affects Sendle Shipping: from n/a through <= 6.02. | ||
| CVE-2025-60137 | Med | 0.28 | 4.3 | 0.00 | Sep 26, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in Galaxy Weblinks Post Featured Video post-featured-video allows Cross Site Request Forgery.This issue affects Post Featured Video: from n/a through <= 1.7. | ||
| CVE-2025-60117 | Med | 0.28 | 4.3 | 0.00 | Sep 26, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in TangibleWP Vehica Core vehica-core allows Cross Site Request Forgery.This issue affects Vehica Core: from n/a through <= 1.0.100. | ||
| CVE-2025-60115 | Med | 0.28 | 4.3 | 0.00 | Sep 26, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in instapagedev Instapage Plugin instapage allows Cross Site Request Forgery.This issue affects Instapage Plugin: from n/a through <= 3.7.0. | ||
| CVE-2025-60113 | Med | 0.28 | 4.3 | 0.00 | Sep 26, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in grooni Groovy Menu groovy-menu-free allows Cross Site Request Forgery.This issue affects Groovy Menu: from n/a through <= 1.4.3. |
- risk 0.28cvss 4.3epss 0.00
The ContentMX Content Publisher plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6. This is due to missing or incorrect nonce validation on the cmx_activate_connection function. This makes it possible for unauthenticated…
- risk 0.28cvss 4.3epss 0.00
The MPWizard – Create Mercado Pago Payment Links plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation in the '/includes/admin/class-mpwizard-table.php' file. This…
- risk 0.28cvss 4.3epss 0.00
The WP SinoType plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the sinotype_config function. This makes it possible for unauthenticated attackers to modify…
- risk 0.28cvss 4.3epss 0.00
The Customify theme for WordPress is vulnerable to Cross-Site Request Forgery in version 0.4.11. This is due to missing or incorrect nonce validation on the reset_customize_section function. This makes it possible for unauthenticated attackers to reset theme customization…
- risk 0.28cvss 4.3epss 0.00
The Comment Info Detector plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.5. This is due to missing nonce validation on the options.php file when handling form submissions. This makes it possible for unauthenticated…
- risk 0.28cvss 4.3epss 0.00
The PayPal Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing nonce validation on the form creation and management functions. This makes it possible for unauthenticated attackers to create…
- risk 0.28cvss 4.3epss 0.00
The Ultimate Viral Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on thesave_options() function. This makes it possible for unauthenticated attackers to update…
- risk 0.28cvss 4.3epss 0.00
The Chat by Chatwee plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.3. This is due to missing or incorrect nonce validation on the admin settings page. This makes it possible for unauthenticated attackers to modify…
- risk 0.28cvss 4.3epss 0.00
The Professional Contact Form plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the watch_for_contact_form_submit function. This makes it possible for…
- risk 0.28cvss 4.3epss 0.00
The cForms – Light speed fast Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.0. This is due to missing or incorrect nonce validation on the cforms_api function. This makes it possible for unauthenticated…
- risk 0.28cvss 4.3epss 0.00
The HidePost plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.8. This is due to missing or incorrect nonce validation on the options.php settings page. This makes it possible for unauthenticated attackers to modify plugin…
- risk 0.28cvss 4.3epss 0.00
The Sync Feedly plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the crsf_cron_job_func function. This makes it possible for unauthenticated attackers to trigger…
- risk 0.28cvss 4.3epss 0.00
The VM Menu Reorder plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the vm_set_to_default function. This makes it possible for unauthenticated attackers…
- risk 0.28cvss 4.3epss 0.00
A weakness has been identified in givanz Vvveb up to 1.0.7.2. This vulnerability affects unknown code. Executing manipulation can lead to cross-site request forgery. The attack can be executed remotely. The exploit has been made available to the public and could be exploited.…
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in yonifre Lenix scss compiler lenix-scss-compiler allows Cross Site Request Forgery.This issue affects Lenix scss compiler: from n/a through <= 1.2.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Joovii Sendle Shipping official-sendle-shipping-method allows Cross Site Request Forgery.This issue affects Sendle Shipping: from n/a through <= 6.02.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Galaxy Weblinks Post Featured Video post-featured-video allows Cross Site Request Forgery.This issue affects Post Featured Video: from n/a through <= 1.7.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in TangibleWP Vehica Core vehica-core allows Cross Site Request Forgery.This issue affects Vehica Core: from n/a through <= 1.0.100.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in instapagedev Instapage Plugin instapage allows Cross Site Request Forgery.This issue affects Instapage Plugin: from n/a through <= 3.7.0.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in grooni Groovy Menu groovy-menu-free allows Cross Site Request Forgery.This issue affects Groovy Menu: from n/a through <= 1.4.3.