VYPR

CWE-352

Cross-Site Request Forgery (CSRF)

CompoundStableLikelihood: Medium

Description

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-111 · CAPEC-462 · CAPEC-467 · CAPEC-62

CVEs mapped to this weakness (5,713)

page 166 of 286
  • CVE-2025-54673MedAug 14, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Chartify chart-builder allows Cross Site Request Forgery.This issue affects Chartify: from n/a through <= 3.5.3.

  • CVE-2025-54672MedAug 14, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Jordy Meow Photo Engine wplr-sync allows Cross Site Request Forgery.This issue affects Photo Engine: from n/a through <= 6.4.3.

  • CVE-2025-54671MedAug 14, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in bobbingwide oik oik allows Cross Site Request Forgery.This issue affects oik: from n/a through <= 4.15.2.

  • CVE-2025-7965MedAug 11, 2025
    risk 0.28cvss 4.3epss 0.00

    The CBX Restaurant Booking WordPress plugin through 1.2.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

  • CVE-2025-8814MedAug 10, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was found in atjiu pybbs up to 6.0.0 and classified as problematic. This issue affects the function setCookie of the file src/main/java/co/yiiu/pybbs/util/CookieUtil.java. The manipulation leads to cross-site request forgery. The attack may be initiated remotely.…

  • CVE-2025-8739MedAug 8, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was found in zhenfeng13 My-Blog up to 1.0.0 and classified as problematic. This issue affects some unknown processing of the file /admin/tags/save. The manipulation of the argument tagName leads to cross-site request forgery. The attack may be initiated remotely.…

  • CVE-2025-8505MedAug 3, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability has been found in 495300897 wx-shop up to de1b66331368695779cfc6e4d11a64caddf8716e and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has…

  • CVE-2025-8335MedJul 30, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability classified as problematic has been found in code-projects Simple Car Rental System 1.0. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the…

  • CVE-2025-8223MedJul 27, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability, which was classified as problematic, was found in jerryshensjf JPACookieShop 蛋糕商城JPA版 up to 24a15c02b4f75042c9f7f615a3fed2ec1cefb999. This affects an unknown part of the file AdminTypeCustController.java. The manipulation leads to cross-site request…

  • CVE-2025-7835MedJul 24, 2025
    risk 0.28cvss 4.3epss 0.00

    The iThoughts Advanced Code Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.10. This is due to missing or incorrect nonce validation on the 'ithoughts_ace_update_options' AJAX action. This makes it possible for…

  • CVE-2025-7834MedJul 19, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability, which was classified as problematic, was found in PHPGurukul Complaint Management System 2.0. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to…

  • CVE-2025-6781MedJul 18, 2025
    risk 0.28cvss 4.3epss 0.00

    The Copymatic – AI Content Writer & Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1. This is due to missing or incorrect nonce validation on the 'copymatic-menu' page. This makes it possible for…

  • CVE-2025-7756MedJul 17, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability classified as problematic has been found in code-projects E-Commerce Site 1.0. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and…

  • CVE-2025-54042MedJul 16, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Xfinitysoft WP Post Hide wp-post-hide allows Cross Site Request Forgery.This issue affects WP Post Hide: from n/a through <= 1.0.9.

  • CVE-2025-54041MedJul 16, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in WP Swings Wallet System for WooCommerce wallet-system-for-woocommerce allows Cross Site Request Forgery.This issue affects Wallet System for WooCommerce: from n/a through <= 2.6.7.

  • CVE-2025-54039MedJul 16, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Toast Plugins Animator scroll-triggered-animations allows Cross Site Request Forgery.This issue affects Animator: from n/a through <= 3.0.16.

  • CVE-2025-54036MedJul 16, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Webba Appointment Booking Webba Booking webba-booking-lite allows Cross Site Request Forgery.This issue affects Webba Booking: from n/a through <= 5.1.20.

  • CVE-2025-54035MedJul 16, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Software Newsletters newsletters-lite allows Cross Site Request Forgery.This issue affects Newsletters: from n/a through <= 4.10.

  • CVE-2025-54030MedJul 16, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in WesternDeal WooCommerce Google Sheet Connector wc-gsheetconnector allows Cross Site Request Forgery.This issue affects WooCommerce Google Sheet Connector: from n/a through <= 1.3.20.

  • CVE-2025-7133MedJul 7, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability classified as problematic has been found in CodeAstro Online Movie Ticket Booking System 1.0. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the…