VYPR

CWE-352

Cross-Site Request Forgery (CSRF)

CompoundStableLikelihood: Medium

Description

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-111 · CAPEC-462 · CAPEC-467 · CAPEC-62

CVEs mapped to this weakness (5,713)

page 174 of 286
  • CVE-2025-39472MedApr 16, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in wpweb WooCommerce Social Login woo-social-login allows Cross Site Request Forgery.This issue affects WooCommerce Social Login: from n/a through < 2.8.3.

  • CVE-2025-39600MedApr 16, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for WooCommerce and QuickBooks wp-woocommerce-quickbooks allows Cross Site Request Forgery.This issue affects Integration for WooCommerce and QuickBooks: from n/a through <= 1.3.1.

  • CVE-2025-39593MedApr 16, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in EverAccounting Ever Accounting wp-ever-accounting allows Cross Site Request Forgery.This issue affects Ever Accounting: from n/a through <= 2.1.5.

  • CVE-2025-39546MedApr 16, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in quomodosoft ElementsReady Addons for Elementor element-ready-lite allows Cross Site Request Forgery.This issue affects ElementsReady Addons for Elementor: from n/a through <= 6.6.2.

  • CVE-2025-39517MedApr 16, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in WP Map Plugins Basic Interactive World Map basic-interactive-world-map allows Cross Site Request Forgery.This issue affects Basic Interactive World Map: from n/a through <= 2.7.

  • CVE-2025-39512MedApr 16, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Yuya Hoshino Bulk Term Editor bulk-term-editor allows Cross Site Request Forgery.This issue affects Bulk Term Editor: from n/a through <= 1.1.4.

  • CVE-2025-26903MedApr 15, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in RealMag777 InPost Gallery inpost-gallery allows Cross Site Request Forgery.This issue affects InPost Gallery: from n/a through <= 2.1.4.3.

  • CVE-2025-24358MedApr 15, 2025
    risk 0.28cvss epss 0.00

    gorilla/csrf provides Cross Site Request Forgery (CSRF) prevention middleware for Go web applications & services. Prior to 1.7.2, gorilla/csrf does not validate the Origin header against an allowlist. Its executes its validation of the Referer header for cross-origin requests…

  • CVE-2025-30965MedApr 15, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in NotFound WPJobBoard allows Cross Site Request Forgery. This issue affects WPJobBoard: from n/a through n/a.

  • CVE-2025-32282MedApr 10, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in ShareThis ShareThis Dashboard for Google Analytics googleanalytics.This issue affects ShareThis Dashboard for Google Analytics: from n/a through <= 3.2.3.

  • CVE-2025-26902MedApr 9, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Brizy Brizy Pro allows Cross Site Request Forgery.This issue affects Brizy Pro: from n/a through 2.6.1.

  • CVE-2025-32678MedApr 9, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Ashish Ajani WP Show Stats wp-show-stats allows Cross Site Request Forgery.This issue affects WP Show Stats: from n/a through <= 1.5.

  • CVE-2025-32494MedApr 9, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in bozdoz reCAPTCHA Jetpack recaptcha-jetpack allows Cross Site Request Forgery.This issue affects reCAPTCHA Jetpack: from n/a through <= 0.2.2.

  • CVE-2025-32485MedApr 9, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Bjoern WP Performance Pack wp-performance-pack allows Cross Site Request Forgery.This issue affects WP Performance Pack: from n/a through <= 2.5.4.

  • CVE-2025-31034MedApr 9, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in AboZain Albanna Customize Login Page customize-login-page allows Cross Site Request Forgery.This issue affects Customize Login Page: from n/a through <= 1.1.

  • CVE-2025-31005MedApr 9, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Uzair Easyfonts easyfonts allows Cross Site Request Forgery.This issue affects Easyfonts: from n/a through <= 1.1.2.

  • CVE-2025-25056MedApr 9, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-site request forgery vulnerability exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If a user views a malicious page while logged in, unintended operations may be performed.

  • CVE-2025-32280MedApr 4, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in weDevs WP Project Manager wedevs-project-manager allows Cross Site Request Forgery.This issue affects WP Project Manager: from n/a through < 2.6.25.

  • CVE-2025-32278MedApr 4, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in wprio Table Block by RioVizual riovizual allows Cross Site Request Forgery.This issue affects Table Block by RioVizual: from n/a through <= 2.3.1.

  • CVE-2025-32276MedApr 4, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Quý Lê 91 Administrator Z administrator-z allows Cross Site Request Forgery.This issue affects Administrator Z: from n/a through <= 2026.03.02.