VYPR

CWE-352

Cross-Site Request Forgery (CSRF)

CompoundStableLikelihood: Medium

Description

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-111 · CAPEC-462 · CAPEC-467 · CAPEC-62

CVEs mapped to this weakness (5,713)

page 165 of 286
  • CVE-2025-7842MedAug 23, 2025
    risk 0.28cvss 4.3epss 0.00

    The Silencesoft RSS Reader plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.6. This is due to missing or incorrect nonce validation on the 'sil_rss_edit_page' page. This makes it possible for unauthenticated attackers to…

  • CVE-2025-7841MedAug 23, 2025
    risk 0.28cvss 4.3epss 0.00

    The Sertifier Certificate & Badge Maker for WordPress – Tutor LMS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.19. This is due to missing or incorrect nonce validation on the 'sertifier_settings' page. This makes it…

  • CVE-2025-7839MedAug 23, 2025
    risk 0.28cvss 4.3epss 0.00

    The Restore Permanently delete Post or Page Data plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the rp_dpo_dpa_ajax_dp_delete_data() function. This makes it…

  • CVE-2025-57895MedAug 22, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Hossni Mubarak JobWP jobwp allows Cross Site Request Forgery.This issue affects JobWP: from n/a through <= 2.4.3.

  • CVE-2025-57893MedAug 22, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Epsiloncool WP Fast Total Search fulltext-search allows Cross Site Request Forgery.This issue affects WP Fast Total Search: from n/a through <= 1.79.270.

  • CVE-2025-57892MedAug 22, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Jeff Starr Simple Statistics for Feeds simple-feed-stats allows Cross Site Request Forgery.This issue affects Simple Statistics for Feeds: from n/a through <= 20250322.

  • CVE-2025-57885MedAug 22, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Shahjahan Jewel Fluent Support fluent-support allows Cross Site Request Forgery.This issue affects Fluent Support: from n/a through <= 1.9.1.

  • CVE-2025-55744MedAug 21, 2025
    risk 0.28cvss 4.3epss 0.00

    UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. Before 0.2.1, some of the endpoints of the application is vulnerable to Cross site Request forgery (CSRF). This vulnerability is fixed in 0.2.1.

  • CVE-2025-8102MedAug 20, 2025
    risk 0.28cvss 5.4epss 0.00

    The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.0. This is due to missing nonce validations in the edd_sendwp_disconnect() and edd_sendwp_remote_install() functions. This makes it possible for…

  • CVE-2025-49391MedAug 20, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Fetch Designs Sign-up Sheets sign-up-sheets allows Cross Site Request Forgery.This issue affects Sign-up Sheets: from n/a through <= 2.3.3.

  • CVE-2025-8992MedAug 15, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability has been found in mtons mblog up to 3.5.0. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

  • CVE-2025-54732MedAug 14, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Shahjada WPDM – Premium Packages wpdm-premium-packages allows Cross Site Request Forgery.This issue affects WPDM – Premium Packages: from n/a through <= 6.0.2.

  • CVE-2025-54728MedAug 14, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSolutions CM On Demand Search And Replace cm-on-demand-search-and-replace allows Cross Site Request Forgery.This issue affects CM On Demand Search And Replace: from n/a through <= 1.5.2.

  • CVE-2025-53347MedAug 14, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Laborator Kalium kalium allows Cross Site Request Forgery.This issue affects Kalium: from n/a through <= 3.18.3.

  • CVE-2025-52769MedAug 14, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in flexostudio flexo-social-gallery flexo-social-gallery allows Cross Site Request Forgery.This issue affects flexo-social-gallery: from n/a through <= 1.0006.

  • CVE-2025-52767MedAug 14, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in lisensee NetInsight Analytics Implementation Plugin netinsight-analytics-implementation-plugin allows Cross Site Request Forgery.This issue affects NetInsight Analytics Implementation Plugin: from n/a through <= 1.0.3.

  • CVE-2025-54703MedAug 14, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in princeahmed Integrate Google Drive integrate-google-drive allows Cross Site Request Forgery.This issue affects Integrate Google Drive: from n/a through <= 1.5.2.

  • CVE-2025-54702MedAug 14, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in motov.net Ebook Store ebook-store allows Cross Site Request Forgery.This issue affects Ebook Store: from n/a through <= 5.8013.

  • CVE-2025-54694MedAug 14, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in bPlugins Button Block button-block allows Cross Site Request Forgery.This issue affects Button Block: from n/a through <= 1.2.0.

  • CVE-2025-54675MedAug 14, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in YITHEMES YITH WooCommerce Popup yith-woocommerce-popup allows Cross Site Request Forgery.This issue affects YITH WooCommerce Popup: from n/a through <= 1.48.0.