CWE-352
Cross-Site Request Forgery (CSRF)
Description
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-111 · CAPEC-462 · CAPEC-467 · CAPEC-62
CVEs mapped to this weakness (5,713)
page 174 of 286| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-39472 | Med | 0.28 | 4.3 | 0.00 | Apr 16, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in wpweb WooCommerce Social Login woo-social-login allows Cross Site Request Forgery.This issue affects WooCommerce Social Login: from n/a through < 2.8.3. | ||
| CVE-2025-39600 | Med | 0.28 | 4.3 | 0.00 | Apr 16, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for WooCommerce and QuickBooks wp-woocommerce-quickbooks allows Cross Site Request Forgery.This issue affects Integration for WooCommerce and QuickBooks: from n/a through <= 1.3.1. | ||
| CVE-2025-39593 | Med | 0.28 | 4.3 | 0.00 | Apr 16, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in EverAccounting Ever Accounting wp-ever-accounting allows Cross Site Request Forgery.This issue affects Ever Accounting: from n/a through <= 2.1.5. | ||
| CVE-2025-39546 | Med | 0.28 | 4.3 | 0.00 | Apr 16, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in quomodosoft ElementsReady Addons for Elementor element-ready-lite allows Cross Site Request Forgery.This issue affects ElementsReady Addons for Elementor: from n/a through <= 6.6.2. | ||
| CVE-2025-39517 | Med | 0.28 | 4.3 | 0.00 | Apr 16, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in WP Map Plugins Basic Interactive World Map basic-interactive-world-map allows Cross Site Request Forgery.This issue affects Basic Interactive World Map: from n/a through <= 2.7. | ||
| CVE-2025-39512 | Med | 0.28 | 4.3 | 0.00 | Apr 16, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in Yuya Hoshino Bulk Term Editor bulk-term-editor allows Cross Site Request Forgery.This issue affects Bulk Term Editor: from n/a through <= 1.1.4. | ||
| CVE-2025-26903 | Med | 0.28 | 4.3 | 0.00 | Apr 15, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in RealMag777 InPost Gallery inpost-gallery allows Cross Site Request Forgery.This issue affects InPost Gallery: from n/a through <= 2.1.4.3. | ||
| CVE-2025-24358 | Med | 0.28 | — | 0.00 | Apr 15, 2025 | gorilla/csrf provides Cross Site Request Forgery (CSRF) prevention middleware for Go web applications & services. Prior to 1.7.2, gorilla/csrf does not validate the Origin header against an allowlist. Its executes its validation of the Referer header for cross-origin requests… | ||
| CVE-2025-30965 | Med | 0.28 | 4.3 | 0.00 | Apr 15, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in NotFound WPJobBoard allows Cross Site Request Forgery. This issue affects WPJobBoard: from n/a through n/a. | ||
| CVE-2025-32282 | Med | 0.28 | 4.3 | 0.00 | Apr 10, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in ShareThis ShareThis Dashboard for Google Analytics googleanalytics.This issue affects ShareThis Dashboard for Google Analytics: from n/a through <= 3.2.3. | ||
| CVE-2025-26902 | Med | 0.28 | 4.3 | 0.00 | Apr 9, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in Brizy Brizy Pro allows Cross Site Request Forgery.This issue affects Brizy Pro: from n/a through 2.6.1. | ||
| CVE-2025-32678 | Med | 0.28 | 4.3 | 0.00 | Apr 9, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in Ashish Ajani WP Show Stats wp-show-stats allows Cross Site Request Forgery.This issue affects WP Show Stats: from n/a through <= 1.5. | ||
| CVE-2025-32494 | Med | 0.28 | 4.3 | 0.00 | Apr 9, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in bozdoz reCAPTCHA Jetpack recaptcha-jetpack allows Cross Site Request Forgery.This issue affects reCAPTCHA Jetpack: from n/a through <= 0.2.2. | ||
| CVE-2025-32485 | Med | 0.28 | 4.3 | 0.00 | Apr 9, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in Bjoern WP Performance Pack wp-performance-pack allows Cross Site Request Forgery.This issue affects WP Performance Pack: from n/a through <= 2.5.4. | ||
| CVE-2025-31034 | Med | 0.28 | 4.3 | 0.00 | Apr 9, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in AboZain Albanna Customize Login Page customize-login-page allows Cross Site Request Forgery.This issue affects Customize Login Page: from n/a through <= 1.1. | ||
| CVE-2025-31005 | Med | 0.28 | 4.3 | 0.00 | Apr 9, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in Uzair Easyfonts easyfonts allows Cross Site Request Forgery.This issue affects Easyfonts: from n/a through <= 1.1.2. | ||
| CVE-2025-25056 | Med | 0.28 | 4.3 | 0.00 | Apr 9, 2025 | Cross-site request forgery vulnerability exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If a user views a malicious page while logged in, unintended operations may be performed. | ||
| CVE-2025-32280 | Med | 0.28 | 4.3 | 0.00 | Apr 4, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in weDevs WP Project Manager wedevs-project-manager allows Cross Site Request Forgery.This issue affects WP Project Manager: from n/a through < 2.6.25. | ||
| CVE-2025-32278 | Med | 0.28 | 4.3 | 0.00 | Apr 4, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in wprio Table Block by RioVizual riovizual allows Cross Site Request Forgery.This issue affects Table Block by RioVizual: from n/a through <= 2.3.1. | ||
| CVE-2025-32276 | Med | 0.28 | 4.3 | 0.00 | Apr 4, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in Quý Lê 91 Administrator Z administrator-z allows Cross Site Request Forgery.This issue affects Administrator Z: from n/a through <= 2026.03.02. |
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in wpweb WooCommerce Social Login woo-social-login allows Cross Site Request Forgery.This issue affects WooCommerce Social Login: from n/a through < 2.8.3.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for WooCommerce and QuickBooks wp-woocommerce-quickbooks allows Cross Site Request Forgery.This issue affects Integration for WooCommerce and QuickBooks: from n/a through <= 1.3.1.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in EverAccounting Ever Accounting wp-ever-accounting allows Cross Site Request Forgery.This issue affects Ever Accounting: from n/a through <= 2.1.5.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in quomodosoft ElementsReady Addons for Elementor element-ready-lite allows Cross Site Request Forgery.This issue affects ElementsReady Addons for Elementor: from n/a through <= 6.6.2.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in WP Map Plugins Basic Interactive World Map basic-interactive-world-map allows Cross Site Request Forgery.This issue affects Basic Interactive World Map: from n/a through <= 2.7.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Yuya Hoshino Bulk Term Editor bulk-term-editor allows Cross Site Request Forgery.This issue affects Bulk Term Editor: from n/a through <= 1.1.4.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in RealMag777 InPost Gallery inpost-gallery allows Cross Site Request Forgery.This issue affects InPost Gallery: from n/a through <= 2.1.4.3.
- risk 0.28cvss —epss 0.00
gorilla/csrf provides Cross Site Request Forgery (CSRF) prevention middleware for Go web applications & services. Prior to 1.7.2, gorilla/csrf does not validate the Origin header against an allowlist. Its executes its validation of the Referer header for cross-origin requests…
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in NotFound WPJobBoard allows Cross Site Request Forgery. This issue affects WPJobBoard: from n/a through n/a.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in ShareThis ShareThis Dashboard for Google Analytics googleanalytics.This issue affects ShareThis Dashboard for Google Analytics: from n/a through <= 3.2.3.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Brizy Brizy Pro allows Cross Site Request Forgery.This issue affects Brizy Pro: from n/a through 2.6.1.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Ashish Ajani WP Show Stats wp-show-stats allows Cross Site Request Forgery.This issue affects WP Show Stats: from n/a through <= 1.5.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in bozdoz reCAPTCHA Jetpack recaptcha-jetpack allows Cross Site Request Forgery.This issue affects reCAPTCHA Jetpack: from n/a through <= 0.2.2.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Bjoern WP Performance Pack wp-performance-pack allows Cross Site Request Forgery.This issue affects WP Performance Pack: from n/a through <= 2.5.4.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in AboZain Albanna Customize Login Page customize-login-page allows Cross Site Request Forgery.This issue affects Customize Login Page: from n/a through <= 1.1.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Uzair Easyfonts easyfonts allows Cross Site Request Forgery.This issue affects Easyfonts: from n/a through <= 1.1.2.
- risk 0.28cvss 4.3epss 0.00
Cross-site request forgery vulnerability exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If a user views a malicious page while logged in, unintended operations may be performed.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in weDevs WP Project Manager wedevs-project-manager allows Cross Site Request Forgery.This issue affects WP Project Manager: from n/a through < 2.6.25.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in wprio Table Block by RioVizual riovizual allows Cross Site Request Forgery.This issue affects Table Block by RioVizual: from n/a through <= 2.3.1.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Quý Lê 91 Administrator Z administrator-z allows Cross Site Request Forgery.This issue affects Administrator Z: from n/a through <= 2026.03.02.