VYPR

CWE-352

Cross-Site Request Forgery (CSRF)

CompoundStableLikelihood: Medium

Description

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-111 · CAPEC-462 · CAPEC-467 · CAPEC-62

CVEs mapped to this weakness (5,713)

page 162 of 286
  • CVE-2025-60093MedSep 26, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Shahjada Download Manager download-manager allows Cross Site Request Forgery.This issue affects Download Manager: from n/a through <= 3.3.24.

  • CVE-2025-58914MedSep 26, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Di Themes Di Themes Demo Site Importer di-themes-demo-site-importer allows Cross Site Request Forgery.This issue affects Di Themes Demo Site Importer: from n/a through <= 1.2.

  • CVE-2025-10752MedSep 26, 2025
    risk 0.28cvss 4.3epss 0.00

    The OAuth Single Sign On – SSO (OAuth Client) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.26.12. This is due to using a predictable state parameter (base64 encoded app name) without any randomness in the OAuth flow.…

  • CVE-2025-59568MedSep 22, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Zoho Flow Zoho Flow zoho-flow allows Cross Site Request Forgery.This issue affects Zoho Flow: from n/a through <= 2.14.1.

  • CVE-2025-58675MedSep 22, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in tryinteract Interact: Embed A Quiz On Your Site interact-quiz-embed allows Cross Site Request Forgery.This issue affects Interact: Embed A Quiz On Your Site: from n/a through <= 3.1.

  • CVE-2025-58236MedSep 22, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Mayo Moriyama Force Update Translations force-update-translations allows Cross Site Request Forgery.This issue affects Force Update Translations: from n/a through <= 0.5.

  • CVE-2025-58219MedSep 22, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in LIJE Show Pages List show-pages-list allows Cross Site Request Forgery.This issue affects Show Pages List: from n/a through <= 1.2.0.

  • CVE-2025-58200MedSep 22, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Bage Flexible FAQ flexible-faq allows Cross Site Request Forgery.This issue affects Flexible FAQ: from n/a through <= 0.2.

  • CVE-2025-58032MedSep 22, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Bytes.co WP Compiler wp-compiler allows Cross Site Request Forgery.This issue affects WP Compiler: from n/a through <= 1.0.0.

  • CVE-2025-58014MedSep 22, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Quiz Maker quiz-maker allows Cross Site Request Forgery.This issue affects Quiz Maker: from n/a through <= 6.7.0.64.

  • CVE-2025-58010MedSep 22, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in straightvisions GmbH SV Proven Expert sv-provenexpert allows Cross Site Request Forgery.This issue affects SV Proven Expert: from n/a through <= 2.0.06.

  • CVE-2025-57992MedSep 22, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in InterServer Mail Baby SMTP mail-baby-smtp allows Cross Site Request Forgery.This issue affects Mail Baby SMTP: from n/a through <= 2.8.

  • CVE-2025-57978MedSep 22, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in themespride Advanced Appointment Booking & Scheduling advanced-appointment-booking-scheduling allows Cross Site Request Forgery.This issue affects Advanced Appointment Booking & Scheduling: from n/a through <= 2.1.

  • CVE-2025-57970MedSep 22, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in SALESmanago SALESmanago & Leadoo salesmanago allows Cross Site Request Forgery.This issue affects SALESmanago & Leadoo: from n/a through <= 3.8.1.

  • CVE-2025-57960MedSep 22, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in TravelMap Travel Map travelmap-blog allows Cross Site Request Forgery.This issue affects Travel Map: from n/a through <= 1.0.3.

  • CVE-2025-57942MedSep 22, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in andy_moyle Emergency Password Reset emergency-password-reset allows Cross Site Request Forgery.This issue affects Emergency Password Reset: from n/a through <= 9.3.

  • CVE-2025-57934MedSep 22, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Aurélien LWS LWS Affiliation lws-affiliation allows Cross Site Request Forgery.This issue affects LWS Affiliation: from n/a through <= 2.3.6.

  • CVE-2025-57933MedSep 22, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in piotnetdotcom Piotnet Forms piotnetforms allows Cross Site Request Forgery.This issue affects Piotnet Forms: from n/a through <= 1.0.30.

  • CVE-2025-57930MedSep 22, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in kanwei_doublethedonation Double the Donation double-the-donation allows Cross Site Request Forgery.This issue affects Double the Donation: from n/a through <= 2.0.0.

  • CVE-2025-57927MedSep 22, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Stephanie Leary Dashboard Notepad dashboard-notepad allows Cross Site Request Forgery.This issue affects Dashboard Notepad: from n/a through <= 1.42.