CWE-352
Cross-Site Request Forgery (CSRF)
Description
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-111 · CAPEC-462 · CAPEC-467 · CAPEC-62
CVEs mapped to this weakness (5,713)
page 165 of 286| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-7842 | Med | 0.28 | 4.3 | 0.00 | Aug 23, 2025 | The Silencesoft RSS Reader plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.6. This is due to missing or incorrect nonce validation on the 'sil_rss_edit_page' page. This makes it possible for unauthenticated attackers to… | ||
| CVE-2025-7841 | Med | 0.28 | 4.3 | 0.00 | Aug 23, 2025 | The Sertifier Certificate & Badge Maker for WordPress – Tutor LMS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.19. This is due to missing or incorrect nonce validation on the 'sertifier_settings' page. This makes it… | ||
| CVE-2025-7839 | Med | 0.28 | 4.3 | 0.00 | Aug 23, 2025 | The Restore Permanently delete Post or Page Data plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the rp_dpo_dpa_ajax_dp_delete_data() function. This makes it… | ||
| CVE-2025-57895 | Med | 0.28 | 4.3 | 0.00 | Aug 22, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in Hossni Mubarak JobWP jobwp allows Cross Site Request Forgery.This issue affects JobWP: from n/a through <= 2.4.3. | ||
| CVE-2025-57893 | Med | 0.28 | 4.3 | 0.00 | Aug 22, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in Epsiloncool WP Fast Total Search fulltext-search allows Cross Site Request Forgery.This issue affects WP Fast Total Search: from n/a through <= 1.79.270. | ||
| CVE-2025-57892 | Med | 0.28 | 4.3 | 0.00 | Aug 22, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in Jeff Starr Simple Statistics for Feeds simple-feed-stats allows Cross Site Request Forgery.This issue affects Simple Statistics for Feeds: from n/a through <= 20250322. | ||
| CVE-2025-57885 | Med | 0.28 | 4.3 | 0.00 | Aug 22, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in Shahjahan Jewel Fluent Support fluent-support allows Cross Site Request Forgery.This issue affects Fluent Support: from n/a through <= 1.9.1. | ||
| CVE-2025-55744 | Med | 0.28 | 4.3 | 0.00 | Aug 21, 2025 | UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. Before 0.2.1, some of the endpoints of the application is vulnerable to Cross site Request forgery (CSRF). This vulnerability is fixed in 0.2.1. | ||
| CVE-2025-8102 | Med | 0.28 | 5.4 | 0.00 | Aug 20, 2025 | The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.0. This is due to missing nonce validations in the edd_sendwp_disconnect() and edd_sendwp_remote_install() functions. This makes it possible for… | ||
| CVE-2025-49391 | Med | 0.28 | 4.3 | 0.00 | Aug 20, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in Fetch Designs Sign-up Sheets sign-up-sheets allows Cross Site Request Forgery.This issue affects Sign-up Sheets: from n/a through <= 2.3.3. | ||
| CVE-2025-8992 | Med | 0.28 | 4.3 | 0.00 | Aug 15, 2025 | A vulnerability has been found in mtons mblog up to 3.5.0. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||
| CVE-2025-54732 | Med | 0.28 | 4.3 | 0.00 | Aug 14, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in Shahjada WPDM – Premium Packages wpdm-premium-packages allows Cross Site Request Forgery.This issue affects WPDM – Premium Packages: from n/a through <= 6.0.2. | ||
| CVE-2025-54728 | Med | 0.28 | 4.3 | 0.00 | Aug 14, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSolutions CM On Demand Search And Replace cm-on-demand-search-and-replace allows Cross Site Request Forgery.This issue affects CM On Demand Search And Replace: from n/a through <= 1.5.2. | ||
| CVE-2025-53347 | Med | 0.28 | 4.3 | 0.00 | Aug 14, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in Laborator Kalium kalium allows Cross Site Request Forgery.This issue affects Kalium: from n/a through <= 3.18.3. | ||
| CVE-2025-52769 | Med | 0.28 | 4.3 | 0.00 | Aug 14, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in flexostudio flexo-social-gallery flexo-social-gallery allows Cross Site Request Forgery.This issue affects flexo-social-gallery: from n/a through <= 1.0006. | ||
| CVE-2025-52767 | Med | 0.28 | 4.3 | 0.00 | Aug 14, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in lisensee NetInsight Analytics Implementation Plugin netinsight-analytics-implementation-plugin allows Cross Site Request Forgery.This issue affects NetInsight Analytics Implementation Plugin: from n/a through <= 1.0.3. | ||
| CVE-2025-54703 | Med | 0.28 | 4.3 | 0.00 | Aug 14, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in princeahmed Integrate Google Drive integrate-google-drive allows Cross Site Request Forgery.This issue affects Integrate Google Drive: from n/a through <= 1.5.2. | ||
| CVE-2025-54702 | Med | 0.28 | 4.3 | 0.00 | Aug 14, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in motov.net Ebook Store ebook-store allows Cross Site Request Forgery.This issue affects Ebook Store: from n/a through <= 5.8013. | ||
| CVE-2025-54694 | Med | 0.28 | 4.3 | 0.00 | Aug 14, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in bPlugins Button Block button-block allows Cross Site Request Forgery.This issue affects Button Block: from n/a through <= 1.2.0. | ||
| CVE-2025-54675 | Med | 0.28 | 4.3 | 0.00 | Aug 14, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in YITHEMES YITH WooCommerce Popup yith-woocommerce-popup allows Cross Site Request Forgery.This issue affects YITH WooCommerce Popup: from n/a through <= 1.48.0. |
- risk 0.28cvss 4.3epss 0.00
The Silencesoft RSS Reader plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.6. This is due to missing or incorrect nonce validation on the 'sil_rss_edit_page' page. This makes it possible for unauthenticated attackers to…
- risk 0.28cvss 4.3epss 0.00
The Sertifier Certificate & Badge Maker for WordPress – Tutor LMS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.19. This is due to missing or incorrect nonce validation on the 'sertifier_settings' page. This makes it…
- risk 0.28cvss 4.3epss 0.00
The Restore Permanently delete Post or Page Data plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the rp_dpo_dpa_ajax_dp_delete_data() function. This makes it…
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Hossni Mubarak JobWP jobwp allows Cross Site Request Forgery.This issue affects JobWP: from n/a through <= 2.4.3.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Epsiloncool WP Fast Total Search fulltext-search allows Cross Site Request Forgery.This issue affects WP Fast Total Search: from n/a through <= 1.79.270.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Jeff Starr Simple Statistics for Feeds simple-feed-stats allows Cross Site Request Forgery.This issue affects Simple Statistics for Feeds: from n/a through <= 20250322.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Shahjahan Jewel Fluent Support fluent-support allows Cross Site Request Forgery.This issue affects Fluent Support: from n/a through <= 1.9.1.
- risk 0.28cvss 4.3epss 0.00
UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. Before 0.2.1, some of the endpoints of the application is vulnerable to Cross site Request forgery (CSRF). This vulnerability is fixed in 0.2.1.
- risk 0.28cvss 5.4epss 0.00
The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.0. This is due to missing nonce validations in the edd_sendwp_disconnect() and edd_sendwp_remote_install() functions. This makes it possible for…
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Fetch Designs Sign-up Sheets sign-up-sheets allows Cross Site Request Forgery.This issue affects Sign-up Sheets: from n/a through <= 2.3.3.
- risk 0.28cvss 4.3epss 0.00
A vulnerability has been found in mtons mblog up to 3.5.0. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Shahjada WPDM – Premium Packages wpdm-premium-packages allows Cross Site Request Forgery.This issue affects WPDM – Premium Packages: from n/a through <= 6.0.2.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSolutions CM On Demand Search And Replace cm-on-demand-search-and-replace allows Cross Site Request Forgery.This issue affects CM On Demand Search And Replace: from n/a through <= 1.5.2.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Laborator Kalium kalium allows Cross Site Request Forgery.This issue affects Kalium: from n/a through <= 3.18.3.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in flexostudio flexo-social-gallery flexo-social-gallery allows Cross Site Request Forgery.This issue affects flexo-social-gallery: from n/a through <= 1.0006.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in lisensee NetInsight Analytics Implementation Plugin netinsight-analytics-implementation-plugin allows Cross Site Request Forgery.This issue affects NetInsight Analytics Implementation Plugin: from n/a through <= 1.0.3.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in princeahmed Integrate Google Drive integrate-google-drive allows Cross Site Request Forgery.This issue affects Integrate Google Drive: from n/a through <= 1.5.2.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in motov.net Ebook Store ebook-store allows Cross Site Request Forgery.This issue affects Ebook Store: from n/a through <= 5.8013.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in bPlugins Button Block button-block allows Cross Site Request Forgery.This issue affects Button Block: from n/a through <= 1.2.0.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in YITHEMES YITH WooCommerce Popup yith-woocommerce-popup allows Cross Site Request Forgery.This issue affects YITH WooCommerce Popup: from n/a through <= 1.48.0.