CWE-352
Cross-Site Request Forgery (CSRF)
Description
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-111 · CAPEC-462 · CAPEC-467 · CAPEC-62
CVEs mapped to this weakness (5,713)
page 164 of 286| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-42923 | Med | 0.28 | 4.3 | 0.00 | Sep 9, 2025 | Due to insufficient CSRF protection in SAP Fiori App Manage Work Center Groups, an authenticated user could be tricked by an attacker to send unintended request to the web server. This has low impact on integrity and no impact on confidentiality and availability of the… | ||
| CVE-2025-27003 | Med | 0.28 | 4.3 | 0.00 | Sep 5, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in fullworks Quick Paypal Payments quick-paypal-payments allows Cross Site Request Forgery.This issue affects Quick Paypal Payments: from n/a through <= 5.7.46. | ||
| CVE-2025-58865 | Med | 0.28 | 4.3 | 0.00 | Sep 5, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in reimund Compact Admin compact-admin allows Cross Site Request Forgery.This issue affects Compact Admin: from n/a through <= 1.3.3. | ||
| CVE-2025-58831 | Med | 0.28 | 4.3 | 0.00 | Sep 5, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in snagysandor Parallax Scrolling Enllax.js parallax-scrolling-enllax-js allows Cross Site Request Forgery.This issue affects Parallax Scrolling Enllax.js: from n/a through <= 0.0.6. | ||
| CVE-2025-58804 | Med | 0.28 | 4.3 | 0.00 | Sep 5, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in brijrajs WooCommerce Single Page Checkout woo-single-page-checkout allows Cross Site Request Forgery.This issue affects WooCommerce Single Page Checkout: from n/a through <= 1.2.7. | ||
| CVE-2025-58802 | Med | 0.28 | 4.3 | 0.00 | Sep 5, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in michalzagdan TrustMate.io – WooCommerce integration trustmate-io-integration-for-woocommerce allows Cross Site Request Forgery.This issue affects TrustMate.io – WooCommerce integration: from n/a through <= 1.16.0. | ||
| CVE-2025-58800 | Med | 0.28 | 4.3 | 0.00 | Sep 5, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in Steve Truman WP Email Template wp-email-template allows Cross Site Request Forgery.This issue affects WP Email Template: from n/a through <= 2.8.5. | ||
| CVE-2025-58799 | Med | 0.28 | 4.3 | 0.00 | Sep 5, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in themelocation Custom WooCommerce Checkout Fields Editor add-fields-to-checkout-page-woocommerce allows Cross Site Request Forgery.This issue affects Custom WooCommerce Checkout Fields Editor: from n/a through <= 1.3.4. | ||
| CVE-2025-58798 | Med | 0.28 | 4.3 | 0.00 | Sep 5, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in Bjorn Manintveld BCM Duplicate Menu bcm-duplicate-menu allows Cross Site Request Forgery.This issue affects BCM Duplicate Menu: from n/a through <= 1.1.3. | ||
| CVE-2025-58794 | Med | 0.28 | 4.3 | 0.00 | Sep 5, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in rainafarai Notification for Telegram notification-for-telegram allows Cross Site Request Forgery.This issue affects Notification for Telegram: from n/a through <= 3.5. | ||
| CVE-2025-58792 | Med | 0.28 | 4.3 | 0.00 | Sep 5, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in WPKube Authors List authors-list allows Cross Site Request Forgery.This issue affects Authors List: from n/a through <= 2.0.6.2. | ||
| CVE-2025-9747 | Med | 0.28 | 4.3 | 0.00 | Aug 31, 2025 | A vulnerability has been found in Koillection up to 1.6.18. Affected is an unknown function of the file assets/controllers/csrf_protection_controller.js. Such manipulation leads to cross-site request forgery. The attack can be executed remotely. The exploit has been disclosed to… | ||
| CVE-2025-9618 | Med | 0.28 | 4.3 | 0.00 | Aug 30, 2025 | The Related Posts Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12. This is due to missing or incorrect nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to… | ||
| CVE-2025-9374 | Med | 0.28 | 4.3 | 0.00 | Aug 29, 2025 | The Ultimate Tag Warrior Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to import tags… | ||
| CVE-2025-48363 | Med | 0.28 | 4.3 | 0.00 | Aug 28, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in Metin Saraç Popup for CF7 with Sweet Alert cf7-sweet-alert-popup allows Cross Site Request Forgery.This issue affects Popup for CF7 with Sweet Alert: from n/a through <= 1.6.5. | ||
| CVE-2025-48318 | Med | 0.28 | 4.3 | 0.00 | Aug 28, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in shen2 多说社会化评论框 duoshuo allows Cross Site Request Forgery.This issue affects 多说社会化评论框: from n/a through <= 1.2. | ||
| CVE-2025-48310 | Med | 0.28 | 4.3 | 0.00 | Aug 28, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in wptableeditor Table Editor wp-table-editor allows Cross Site Request Forgery.This issue affects Table Editor: from n/a through <= 1.6.4. | ||
| CVE-2025-58202 | Med | 0.28 | 4.3 | 0.00 | Aug 27, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in Plugins and Snippets Simple Page Access Restriction simple-page-access-restriction allows Cross Site Request Forgery.This issue affects Simple Page Access Restriction: from n/a through <= 1.0.32. | ||
| CVE-2025-49040 | Med | 0.28 | 4.3 | 0.00 | Aug 27, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in Backup Bolt Backup Bolt backup-bolt allows Cross Site Request Forgery.This issue affects Backup Bolt: from n/a through <= 1.5.0. | ||
| CVE-2025-48303 | Med | 0.28 | 4.3 | 0.00 | Aug 25, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in Kevin Langley Jr. Post Type Converter post-type-converter allows Cross Site Request Forgery.This issue affects Post Type Converter: from n/a through <= 0.6. |
- risk 0.28cvss 4.3epss 0.00
Due to insufficient CSRF protection in SAP Fiori App Manage Work Center Groups, an authenticated user could be tricked by an attacker to send unintended request to the web server. This has low impact on integrity and no impact on confidentiality and availability of the…
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in fullworks Quick Paypal Payments quick-paypal-payments allows Cross Site Request Forgery.This issue affects Quick Paypal Payments: from n/a through <= 5.7.46.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in reimund Compact Admin compact-admin allows Cross Site Request Forgery.This issue affects Compact Admin: from n/a through <= 1.3.3.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in snagysandor Parallax Scrolling Enllax.js parallax-scrolling-enllax-js allows Cross Site Request Forgery.This issue affects Parallax Scrolling Enllax.js: from n/a through <= 0.0.6.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in brijrajs WooCommerce Single Page Checkout woo-single-page-checkout allows Cross Site Request Forgery.This issue affects WooCommerce Single Page Checkout: from n/a through <= 1.2.7.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in michalzagdan TrustMate.io – WooCommerce integration trustmate-io-integration-for-woocommerce allows Cross Site Request Forgery.This issue affects TrustMate.io – WooCommerce integration: from n/a through <= 1.16.0.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Steve Truman WP Email Template wp-email-template allows Cross Site Request Forgery.This issue affects WP Email Template: from n/a through <= 2.8.5.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in themelocation Custom WooCommerce Checkout Fields Editor add-fields-to-checkout-page-woocommerce allows Cross Site Request Forgery.This issue affects Custom WooCommerce Checkout Fields Editor: from n/a through <= 1.3.4.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Bjorn Manintveld BCM Duplicate Menu bcm-duplicate-menu allows Cross Site Request Forgery.This issue affects BCM Duplicate Menu: from n/a through <= 1.1.3.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in rainafarai Notification for Telegram notification-for-telegram allows Cross Site Request Forgery.This issue affects Notification for Telegram: from n/a through <= 3.5.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in WPKube Authors List authors-list allows Cross Site Request Forgery.This issue affects Authors List: from n/a through <= 2.0.6.2.
- risk 0.28cvss 4.3epss 0.00
A vulnerability has been found in Koillection up to 1.6.18. Affected is an unknown function of the file assets/controllers/csrf_protection_controller.js. Such manipulation leads to cross-site request forgery. The attack can be executed remotely. The exploit has been disclosed to…
- risk 0.28cvss 4.3epss 0.00
The Related Posts Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12. This is due to missing or incorrect nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to…
- risk 0.28cvss 4.3epss 0.00
The Ultimate Tag Warrior Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to import tags…
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Metin Saraç Popup for CF7 with Sweet Alert cf7-sweet-alert-popup allows Cross Site Request Forgery.This issue affects Popup for CF7 with Sweet Alert: from n/a through <= 1.6.5.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in shen2 多说社会化评论框 duoshuo allows Cross Site Request Forgery.This issue affects 多说社会化评论框: from n/a through <= 1.2.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in wptableeditor Table Editor wp-table-editor allows Cross Site Request Forgery.This issue affects Table Editor: from n/a through <= 1.6.4.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Plugins and Snippets Simple Page Access Restriction simple-page-access-restriction allows Cross Site Request Forgery.This issue affects Simple Page Access Restriction: from n/a through <= 1.0.32.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Backup Bolt Backup Bolt backup-bolt allows Cross Site Request Forgery.This issue affects Backup Bolt: from n/a through <= 1.5.0.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Kevin Langley Jr. Post Type Converter post-type-converter allows Cross Site Request Forgery.This issue affects Post Type Converter: from n/a through <= 0.6.