VYPR

CWE-352

Cross-Site Request Forgery (CSRF)

CompoundStableLikelihood: Medium

Description

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-111 · CAPEC-462 · CAPEC-467 · CAPEC-62

CVEs mapped to this weakness (5,713)

page 172 of 286
  • CVE-2025-47681MedMay 7, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Ability, Inc Web Accessibility with Max Access accessibility-toolbar allows Cross Site Request Forgery.This issue affects Web Accessibility with Max Access: from n/a through <= 2.0.9.

  • CVE-2025-47674MedMay 7, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Credova Financial Credova_Financial credova-financial allows Cross Site Request Forgery.This issue affects Credova_Financial: from n/a through <= 2.5.0.

  • CVE-2025-47647MedMay 7, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes Sidebar Manager Light sidebar-manager-light allows Cross Site Request Forgery.This issue affects Sidebar Manager Light: from n/a through <= 1.18.

  • CVE-2025-47633MedMay 7, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Awin Awin – Advertiser Tracking for WooCommerce awin-advertiser-tracking allows Cross Site Request Forgery.This issue affects Awin – Advertiser Tracking for WooCommerce: from n/a through <= 2.0.0.

  • CVE-2025-47624MedMay 7, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in apasionados DoFollow Case by Case dofollow-case-by-case allows Cross Site Request Forgery.This issue affects DoFollow Case by Case: from n/a through <= 3.5.1.

  • CVE-2025-47614MedMay 7, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Chris Clark LessButtons Social Sharing and Statistics lessbuttons allows Cross Site Request Forgery.This issue affects LessButtons Social Sharing and Statistics: from n/a through <= 1.6.1.

  • CVE-2025-47609MedMay 7, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in easymebiz EasyMe Connect easyme-connect allows Cross Site Request Forgery.This issue affects EasyMe Connect: from n/a through <= 3.0.3.

  • CVE-2025-47606MedMay 7, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Igor Benic Simple Giveaways giveasap allows Cross Site Request Forgery.This issue affects Simple Giveaways: from n/a through <= 2.49.0.

  • CVE-2025-47597MedMay 7, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Maulik Vora WP Podcasts Manager wp-podcasts-manager allows Cross Site Request Forgery.This issue affects WP Podcasts Manager: from n/a through <= 1.3.

  • CVE-2025-47596MedMay 7, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Syed Balkhi Beacon Lead Magnets and Lead Capture beacon-by allows Cross Site Request Forgery.This issue affects Beacon Lead Magnets and Lead Capture: from n/a through <= 1.5.8.

  • CVE-2025-47594MedMay 7, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in DAEXT Soccer Live Scores allows Cross Site Request Forgery. This issue affects Soccer Live Scores: from n/a through 1.0.5.

  • CVE-2025-47590MedMay 7, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in JExtensions Store WPSpeed wpspeed allows Cross Site Request Forgery.This issue affects WPSpeed: from n/a through <= 2.6.5.

  • CVE-2025-47551MedMay 7, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in ctltwp Wiki Embed wiki-embed allows Cross Site Request Forgery.This issue affects Wiki Embed: from n/a through <= 1.4.6.

  • CVE-2025-47543MedMay 7, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in themetechmount TrueBooker truebooker-appointment-booking allows Cross Site Request Forgery.This issue affects TrueBooker: from n/a through <= 1.0.7.

  • CVE-2025-47542MedMay 7, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Michael Simple calendar for Elementor simple-calendar-for-elementor allows Cross Site Request Forgery.This issue affects Simple calendar for Elementor: from n/a through <= 1.6.5.

  • CVE-2025-47523MedMay 7, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Lukáš Hartmann Seznam Webmaster seznam-webmaster allows Cross Site Request Forgery.This issue affects Seznam Webmaster: from n/a through <= 1.4.7.

  • CVE-2025-47519MedMay 7, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Easy PayPal Events easy-paypal-events-tickets allows Cross Site Request Forgery.This issue affects Easy PayPal Events: from n/a through <= 1.2.2.

  • CVE-2025-47470MedMay 7, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in senols GPT3 AI Content Writer gpt3-ai-content-generator allows Cross Site Request Forgery.This issue affects GPT3 AI Content Writer: from n/a through <= 1.9.14.

  • CVE-2025-47468MedMay 7, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in hashthemes Hash Form hash-form allows Cross Site Request Forgery.This issue affects Hash Form: from n/a through <= 1.2.8.

  • CVE-2025-47459MedMay 7, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Roxnor FundEngine wp-fundraising-donation allows Cross Site Request Forgery.This issue affects FundEngine: from n/a through <= 1.7.3.