CWE-352
Cross-Site Request Forgery (CSRF)
Description
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-111 · CAPEC-462 · CAPEC-467 · CAPEC-62
CVEs mapped to this weakness (5,713)
page 169 of 286| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-6062 | Med | 0.28 | 4.3 | 0.00 | Jun 14, 2025 | The Yougler Blogger Profile Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, v1.01. This is due to missing or incorrect nonce validation on the 'yougler-plugin.php' page. This makes it possible for unauthenticated… | ||
| CVE-2025-4592 | Med | 0.28 | 4.3 | 0.00 | Jun 14, 2025 | The AI Image Lab – Free AI Image Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6. This is due to missing or incorrect nonce validation on the 'wpz-ai-images' page. This makes it possible for unauthenticated… | ||
| CVE-2025-5928 | Med | 0.28 | 4.3 | 0.00 | Jun 13, 2025 | The WP Sliding Login/Dashboard Panel plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.1. This is due to missing or incorrect nonce validation on the wp_sliding_panel_user_options() function. This makes it possible for… | ||
| CVE-2025-49510 | Med | 0.28 | 4.3 | 0.00 | Jun 10, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in WPFactory Min Max Step Quantity Limits Manager for WooCommerce product-quantity-for-woocommerce allows Cross Site Request Forgery.This issue affects Min Max Step Quantity Limits Manager for WooCommerce: from n/a through <= 5.1.0. | ||
| CVE-2025-5925 | Med | 0.28 | 4.3 | 0.00 | Jun 10, 2025 | The Bunny’s Print CSS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.95. This is due to missing or incorrect nonce validation on the pcss_options_subpanel() function. This makes it possible for unauthenticated attackers… | ||
| CVE-2025-5900 | Med | 0.28 | 4.3 | 0.00 | Jun 9, 2025 | A vulnerability, which was classified as problematic, was found in Tenda AC9 15.03.02.13. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be… | ||
| CVE-2025-5888 | Med | 0.28 | 4.3 | 0.01 | Jun 9, 2025 | A vulnerability was found in jsnjfz WebStack-Guns 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to… | ||
| CVE-2025-5885 | Med | 0.28 | 4.3 | 0.00 | Jun 9, 2025 | A vulnerability has been found in Konica Minolta bizhub up to 20250202 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public… | ||
| CVE-2025-5766 | Med | 0.28 | 4.3 | 0.00 | Jun 6, 2025 | A vulnerability was found in code-projects Laundry System 1.0. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public… | ||
| CVE-2025-49449 | Med | 0.28 | 4.3 | 0.00 | Jun 6, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in WP Map Plugins Interactive Regional Map of Africa interactive-map-of-africa allows Cross Site Request Forgery.This issue affects Interactive Regional Map of Africa: from n/a through <= 1.0. | ||
| CVE-2025-49446 | Med | 0.28 | 4.3 | 0.00 | Jun 6, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in minhlaobao Admin Notes admin-note allows Cross Site Request Forgery.This issue affects Admin Notes: from n/a through <= 1.1. | ||
| CVE-2025-49445 | Med | 0.28 | 4.3 | 0.00 | Jun 6, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in WP Map Plugins Interactive UK Regional Map interactive-uk-regional-map allows Cross Site Request Forgery.This issue affects Interactive UK Regional Map: from n/a through <= 2.0. | ||
| CVE-2025-49440 | Med | 0.28 | 4.3 | 0.00 | Jun 6, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in Vuong Nguyen WP Security Master wp-security-master allows Cross Site Request Forgery.This issue affects WP Security Master: from n/a through <= 1.0.2. | ||
| CVE-2025-49439 | Med | 0.28 | 4.3 | 0.00 | Jun 6, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in mariusz88atelierweb Atelier Create CV atelier-create-cv allows Cross Site Request Forgery.This issue affects Atelier Create CV: from n/a through <= 1.1.5. | ||
| CVE-2025-49435 | Med | 0.28 | 4.3 | 0.00 | Jun 6, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in Hasina77 Wp Easy Allopass wordpress-easy-allopass allows Cross Site Request Forgery.This issue affects Wp Easy Allopass: from n/a through <= 4.1.1. | ||
| CVE-2025-49332 | Med | 0.28 | 4.3 | 0.00 | Jun 6, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in codepeople WP Time Slots Booking Form wp-time-slots-booking-form allows Cross Site Request Forgery.This issue affects WP Time Slots Booking Form: from n/a through <= 1.2.30. | ||
| CVE-2025-49317 | Med | 0.28 | 4.3 | 0.00 | Jun 6, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in NTC WP Page Loading wp-page-loading allows Cross Site Request Forgery.This issue affects WP Page Loading: from n/a through <= 1.0.6. | ||
| CVE-2025-49291 | Med | 0.28 | 4.3 | 0.00 | Jun 6, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in codepeople Calculated Fields Form calculated-fields-form allows Cross Site Request Forgery.This issue affects Calculated Fields Form: from n/a through <= 5.3.58. | ||
| CVE-2025-49286 | Med | 0.28 | 4.3 | 0.00 | Jun 6, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in WP Table Builder WP Table Builder wp-table-builder allows Cross Site Request Forgery.This issue affects WP Table Builder: from n/a through <= 2.0.6. | ||
| CVE-2025-49285 | Med | 0.28 | 4.3 | 0.00 | Jun 6, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in WP Legal Pages WP Cookie Notice for GDPR, CCPA & ePrivacy Consent gdpr-cookie-consent allows Cross Site Request Forgery.This issue affects WP Cookie Notice for GDPR, CCPA & ePrivacy Consent: from n/a through <= 3.8.0. |
- risk 0.28cvss 4.3epss 0.00
The Yougler Blogger Profile Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, v1.01. This is due to missing or incorrect nonce validation on the 'yougler-plugin.php' page. This makes it possible for unauthenticated…
- risk 0.28cvss 4.3epss 0.00
The AI Image Lab – Free AI Image Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6. This is due to missing or incorrect nonce validation on the 'wpz-ai-images' page. This makes it possible for unauthenticated…
- risk 0.28cvss 4.3epss 0.00
The WP Sliding Login/Dashboard Panel plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.1. This is due to missing or incorrect nonce validation on the wp_sliding_panel_user_options() function. This makes it possible for…
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in WPFactory Min Max Step Quantity Limits Manager for WooCommerce product-quantity-for-woocommerce allows Cross Site Request Forgery.This issue affects Min Max Step Quantity Limits Manager for WooCommerce: from n/a through <= 5.1.0.
- risk 0.28cvss 4.3epss 0.00
The Bunny’s Print CSS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.95. This is due to missing or incorrect nonce validation on the pcss_options_subpanel() function. This makes it possible for unauthenticated attackers…
- risk 0.28cvss 4.3epss 0.00
A vulnerability, which was classified as problematic, was found in Tenda AC9 15.03.02.13. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be…
- risk 0.28cvss 4.3epss 0.01
A vulnerability was found in jsnjfz WebStack-Guns 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to…
- risk 0.28cvss 4.3epss 0.00
A vulnerability has been found in Konica Minolta bizhub up to 20250202 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public…
- risk 0.28cvss 4.3epss 0.00
A vulnerability was found in code-projects Laundry System 1.0. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public…
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in WP Map Plugins Interactive Regional Map of Africa interactive-map-of-africa allows Cross Site Request Forgery.This issue affects Interactive Regional Map of Africa: from n/a through <= 1.0.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in minhlaobao Admin Notes admin-note allows Cross Site Request Forgery.This issue affects Admin Notes: from n/a through <= 1.1.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in WP Map Plugins Interactive UK Regional Map interactive-uk-regional-map allows Cross Site Request Forgery.This issue affects Interactive UK Regional Map: from n/a through <= 2.0.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Vuong Nguyen WP Security Master wp-security-master allows Cross Site Request Forgery.This issue affects WP Security Master: from n/a through <= 1.0.2.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in mariusz88atelierweb Atelier Create CV atelier-create-cv allows Cross Site Request Forgery.This issue affects Atelier Create CV: from n/a through <= 1.1.5.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Hasina77 Wp Easy Allopass wordpress-easy-allopass allows Cross Site Request Forgery.This issue affects Wp Easy Allopass: from n/a through <= 4.1.1.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in codepeople WP Time Slots Booking Form wp-time-slots-booking-form allows Cross Site Request Forgery.This issue affects WP Time Slots Booking Form: from n/a through <= 1.2.30.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in NTC WP Page Loading wp-page-loading allows Cross Site Request Forgery.This issue affects WP Page Loading: from n/a through <= 1.0.6.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in codepeople Calculated Fields Form calculated-fields-form allows Cross Site Request Forgery.This issue affects Calculated Fields Form: from n/a through <= 5.3.58.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in WP Table Builder WP Table Builder wp-table-builder allows Cross Site Request Forgery.This issue affects WP Table Builder: from n/a through <= 2.0.6.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in WP Legal Pages WP Cookie Notice for GDPR, CCPA & ePrivacy Consent gdpr-cookie-consent allows Cross Site Request Forgery.This issue affects WP Cookie Notice for GDPR, CCPA & ePrivacy Consent: from n/a through <= 3.8.0.