VYPR

CWE-352

Cross-Site Request Forgery (CSRF)

CompoundStableLikelihood: Medium

Description

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-111 · CAPEC-462 · CAPEC-467 · CAPEC-62

CVEs mapped to this weakness (5,713)

page 176 of 286
  • CVE-2025-31840MedApr 1, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in digireturn Simple Fixed Notice dn-cookie-notice allows Cross Site Request Forgery.This issue affects Simple Fixed Notice: from n/a through <= 1.6.

  • CVE-2025-31839MedApr 1, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in digireturn DN Footer Contacts dn-footer-contacts allows Cross Site Request Forgery.This issue affects DN Footer Contacts: from n/a through <= 1.8.1.

  • CVE-2025-31828MedApr 1, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in alextselegidis Easy!Appointments easyappointments allows Cross Site Request Forgery.This issue affects Easy!Appointments: from n/a through <= 1.4.2.

  • CVE-2025-31814MedApr 1, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in OwnerRez OwnerRez API ownerrez allows Cross Site Request Forgery.This issue affects OwnerRez API: from n/a through <= 1.2.0.

  • CVE-2025-31809MedApr 1, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Labinator Labinator Content Types Duplicator labinator-content-types-duplicator allows Cross Site Request Forgery.This issue affects Labinator Content Types Duplicator: from n/a through <= 1.1.3.

  • CVE-2025-31808MedApr 1, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in IT Path Solutions SCSS WP Editor scss-wp-editor allows Cross Site Request Forgery.This issue affects SCSS WP Editor: from n/a through <= 1.2.1.

  • CVE-2025-31807MedApr 1, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in CloudRedux Product Notices for WooCommerce product-notices-for-woocommerce allows Cross Site Request Forgery.This issue affects Product Notices for WooCommerce: from n/a through <= 1.3.4.

  • CVE-2025-31784MedApr 1, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Rudy Susanto Embed Extended embed-extended allows Cross Site Request Forgery.This issue affects Embed Extended: from n/a through <= 1.4.0.

  • CVE-2025-31776MedApr 1, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Aphotrax Uptime Robot Plugin for WordPress uptime-robot-monitor allows Cross Site Request Forgery.This issue affects Uptime Robot Plugin for WordPress: from n/a through <= 2.3.

  • CVE-2025-31775MedApr 1, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Smackcoders Inc., Google SEO Pressor Snippet google-seo-author-snippets allows Cross Site Request Forgery.This issue affects Google SEO Pressor Snippet: from n/a through <= 2.0.

  • CVE-2025-31769MedApr 1, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in NiteoThemes CLP – Custom Login Page by NiteoThemes clp-custom-login-page allows Cross Site Request Forgery.This issue affects CLP – Custom Login Page by NiteoThemes: from n/a through <= 1.5.5.

  • CVE-2025-31763MedApr 1, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Preliot Cache control by Cacholong cache-control-by-cacholong allows Cross Site Request Forgery.This issue affects Cache control by Cacholong: from n/a through <= 5.4.1.

  • CVE-2025-31756MedApr 1, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in tuyennv TZ PlusGallery tz-plus-gallery allows Cross Site Request Forgery.This issue affects TZ PlusGallery: from n/a through <= 1.5.5.

  • CVE-2025-3037MedMar 31, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability has been found in yzk2356911358 StudentServlet-JSP cc0cdce25fbe43b6c58b60a77a2c85f52d2102f5/d4d7a0643f1dae908a4831206f2714b21820f991 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The…

  • CVE-2025-31602MedMar 31, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Proptech Plugin Apimo Connector apimo allows Cross Site Request Forgery.This issue affects Apimo Connector: from n/a through <= 2.6.5.1.

  • CVE-2025-31600MedMar 31, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in designnbuy DesignO designo allows Cross Site Request Forgery.This issue affects DesignO: from n/a through <= 2.6.0.

  • CVE-2025-31572MedMar 31, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in v20202020 Multi Days Events and Multi Events in One Day Calendar dragon-calendar-free-version allows Cross Site Request Forgery.This issue affects Multi Days Events and Multi Events in One Day Calendar: from n/a through <= 1.1.3.

  • CVE-2025-31410MedMar 31, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Ashish Ajani WP Church Donation wp-church-donation allows Cross Site Request Forgery.This issue affects WP Church Donation: from n/a through <= 1.7.

  • CVE-2025-31010MedMar 28, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in ReichertBrothers SimplyRETS Real Estate IDX simply-rets allows Cross Site Request Forgery.This issue affects SimplyRETS Real Estate IDX: from n/a through <= 3.0.5.

  • CVE-2025-31474MedMar 28, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in matthewprice1178 WP Database Optimizer wp-database-optimizer allows Cross Site Request Forgery.This issue affects WP Database Optimizer: from n/a through <= 1.2.1.3.