CWE-352
Cross-Site Request Forgery (CSRF)
Description
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-111 · CAPEC-462 · CAPEC-467 · CAPEC-62
CVEs mapped to this weakness (5,713)
page 166 of 286| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-54673 | Med | 0.28 | 4.3 | 0.00 | Aug 14, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Chartify chart-builder allows Cross Site Request Forgery.This issue affects Chartify: from n/a through <= 3.5.3. | ||
| CVE-2025-54672 | Med | 0.28 | 4.3 | 0.00 | Aug 14, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in Jordy Meow Photo Engine wplr-sync allows Cross Site Request Forgery.This issue affects Photo Engine: from n/a through <= 6.4.3. | ||
| CVE-2025-54671 | Med | 0.28 | 4.3 | 0.00 | Aug 14, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in bobbingwide oik oik allows Cross Site Request Forgery.This issue affects oik: from n/a through <= 4.15.2. | ||
| CVE-2025-7965 | Med | 0.28 | 4.3 | 0.00 | Aug 11, 2025 | The CBX Restaurant Booking WordPress plugin through 1.2.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | ||
| CVE-2025-8814 | Med | 0.28 | 4.3 | 0.00 | Aug 10, 2025 | A vulnerability was found in atjiu pybbs up to 6.0.0 and classified as problematic. This issue affects the function setCookie of the file src/main/java/co/yiiu/pybbs/util/CookieUtil.java. The manipulation leads to cross-site request forgery. The attack may be initiated remotely.… | ||
| CVE-2025-8739 | Med | 0.28 | 4.3 | 0.00 | Aug 8, 2025 | A vulnerability was found in zhenfeng13 My-Blog up to 1.0.0 and classified as problematic. This issue affects some unknown processing of the file /admin/tags/save. The manipulation of the argument tagName leads to cross-site request forgery. The attack may be initiated remotely.… | ||
| CVE-2025-8505 | — | Med | 0.28 | 4.3 | 0.00 | Aug 3, 2025 | A vulnerability has been found in 495300897 wx-shop up to de1b66331368695779cfc6e4d11a64caddf8716e and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has… | |
| CVE-2025-8335 | Med | 0.28 | 4.3 | 0.00 | Jul 30, 2025 | A vulnerability classified as problematic has been found in code-projects Simple Car Rental System 1.0. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the… | ||
| CVE-2025-8223 | Med | 0.28 | 4.3 | 0.00 | Jul 27, 2025 | A vulnerability, which was classified as problematic, was found in jerryshensjf JPACookieShop 蛋糕商城JPA版 up to 24a15c02b4f75042c9f7f615a3fed2ec1cefb999. This affects an unknown part of the file AdminTypeCustController.java. The manipulation leads to cross-site request… | ||
| CVE-2025-7835 | Med | 0.28 | 4.3 | 0.00 | Jul 24, 2025 | The iThoughts Advanced Code Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.10. This is due to missing or incorrect nonce validation on the 'ithoughts_ace_update_options' AJAX action. This makes it possible for… | ||
| CVE-2025-7834 | Med | 0.28 | 4.3 | 0.00 | Jul 19, 2025 | A vulnerability, which was classified as problematic, was found in PHPGurukul Complaint Management System 2.0. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to… | ||
| CVE-2025-6781 | Med | 0.28 | 4.3 | 0.00 | Jul 18, 2025 | The Copymatic – AI Content Writer & Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1. This is due to missing or incorrect nonce validation on the 'copymatic-menu' page. This makes it possible for… | ||
| CVE-2025-7756 | Med | 0.28 | 4.3 | 0.00 | Jul 17, 2025 | A vulnerability classified as problematic has been found in code-projects E-Commerce Site 1.0. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and… | ||
| CVE-2025-54042 | Med | 0.28 | 4.3 | 0.00 | Jul 16, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in Xfinitysoft WP Post Hide wp-post-hide allows Cross Site Request Forgery.This issue affects WP Post Hide: from n/a through <= 1.0.9. | ||
| CVE-2025-54041 | Med | 0.28 | 4.3 | 0.00 | Jul 16, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in WP Swings Wallet System for WooCommerce wallet-system-for-woocommerce allows Cross Site Request Forgery.This issue affects Wallet System for WooCommerce: from n/a through <= 2.6.7. | ||
| CVE-2025-54039 | Med | 0.28 | 4.3 | 0.00 | Jul 16, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in Toast Plugins Animator scroll-triggered-animations allows Cross Site Request Forgery.This issue affects Animator: from n/a through <= 3.0.16. | ||
| CVE-2025-54036 | Med | 0.28 | 4.3 | 0.00 | Jul 16, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in Webba Appointment Booking Webba Booking webba-booking-lite allows Cross Site Request Forgery.This issue affects Webba Booking: from n/a through <= 5.1.20. | ||
| CVE-2025-54035 | Med | 0.28 | 4.3 | 0.00 | Jul 16, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Software Newsletters newsletters-lite allows Cross Site Request Forgery.This issue affects Newsletters: from n/a through <= 4.10. | ||
| CVE-2025-54030 | Med | 0.28 | 4.3 | 0.00 | Jul 16, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in WesternDeal WooCommerce Google Sheet Connector wc-gsheetconnector allows Cross Site Request Forgery.This issue affects WooCommerce Google Sheet Connector: from n/a through <= 1.3.20. | ||
| CVE-2025-7133 | Med | 0.28 | 4.3 | 0.00 | Jul 7, 2025 | A vulnerability classified as problematic has been found in CodeAstro Online Movie Ticket Booking System 1.0. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the… |
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Chartify chart-builder allows Cross Site Request Forgery.This issue affects Chartify: from n/a through <= 3.5.3.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Jordy Meow Photo Engine wplr-sync allows Cross Site Request Forgery.This issue affects Photo Engine: from n/a through <= 6.4.3.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in bobbingwide oik oik allows Cross Site Request Forgery.This issue affects oik: from n/a through <= 4.15.2.
- risk 0.28cvss 4.3epss 0.00
The CBX Restaurant Booking WordPress plugin through 1.2.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
- risk 0.28cvss 4.3epss 0.00
A vulnerability was found in atjiu pybbs up to 6.0.0 and classified as problematic. This issue affects the function setCookie of the file src/main/java/co/yiiu/pybbs/util/CookieUtil.java. The manipulation leads to cross-site request forgery. The attack may be initiated remotely.…
- risk 0.28cvss 4.3epss 0.00
A vulnerability was found in zhenfeng13 My-Blog up to 1.0.0 and classified as problematic. This issue affects some unknown processing of the file /admin/tags/save. The manipulation of the argument tagName leads to cross-site request forgery. The attack may be initiated remotely.…
- risk 0.28cvss 4.3epss 0.00
A vulnerability has been found in 495300897 wx-shop up to de1b66331368695779cfc6e4d11a64caddf8716e and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has…
- risk 0.28cvss 4.3epss 0.00
A vulnerability classified as problematic has been found in code-projects Simple Car Rental System 1.0. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the…
- risk 0.28cvss 4.3epss 0.00
A vulnerability, which was classified as problematic, was found in jerryshensjf JPACookieShop 蛋糕商城JPA版 up to 24a15c02b4f75042c9f7f615a3fed2ec1cefb999. This affects an unknown part of the file AdminTypeCustController.java. The manipulation leads to cross-site request…
- risk 0.28cvss 4.3epss 0.00
The iThoughts Advanced Code Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.10. This is due to missing or incorrect nonce validation on the 'ithoughts_ace_update_options' AJAX action. This makes it possible for…
- risk 0.28cvss 4.3epss 0.00
A vulnerability, which was classified as problematic, was found in PHPGurukul Complaint Management System 2.0. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to…
- risk 0.28cvss 4.3epss 0.00
The Copymatic – AI Content Writer & Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1. This is due to missing or incorrect nonce validation on the 'copymatic-menu' page. This makes it possible for…
- risk 0.28cvss 4.3epss 0.00
A vulnerability classified as problematic has been found in code-projects E-Commerce Site 1.0. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and…
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Xfinitysoft WP Post Hide wp-post-hide allows Cross Site Request Forgery.This issue affects WP Post Hide: from n/a through <= 1.0.9.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in WP Swings Wallet System for WooCommerce wallet-system-for-woocommerce allows Cross Site Request Forgery.This issue affects Wallet System for WooCommerce: from n/a through <= 2.6.7.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Toast Plugins Animator scroll-triggered-animations allows Cross Site Request Forgery.This issue affects Animator: from n/a through <= 3.0.16.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Webba Appointment Booking Webba Booking webba-booking-lite allows Cross Site Request Forgery.This issue affects Webba Booking: from n/a through <= 5.1.20.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Software Newsletters newsletters-lite allows Cross Site Request Forgery.This issue affects Newsletters: from n/a through <= 4.10.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in WesternDeal WooCommerce Google Sheet Connector wc-gsheetconnector allows Cross Site Request Forgery.This issue affects WooCommerce Google Sheet Connector: from n/a through <= 1.3.20.
- risk 0.28cvss 4.3epss 0.00
A vulnerability classified as problematic has been found in CodeAstro Online Movie Ticket Booking System 1.0. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the…