VYPR

CWE-352

Cross-Site Request Forgery (CSRF)

CompoundStableLikelihood: Medium

Description

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-111 · CAPEC-462 · CAPEC-467 · CAPEC-62

CVEs mapped to this weakness (5,713)

page 178 of 286
  • CVE-2025-30805MedMar 27, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in wpdesk Flexible Cookies flexible-cookies allows Cross Site Request Forgery.This issue affects Flexible Cookies: from n/a through <= 1.1.8.

  • CVE-2025-30804MedMar 27, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in maennchen1.de wpShopGermany IT-RECHT KANZLEI wpshopgermany-it-recht-kanzlei allows Cross Site Request Forgery.This issue affects wpShopGermany IT-RECHT KANZLEI: from n/a through <= 2.0.

  • CVE-2025-30801MedMar 27, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Abu Bakar TWB Woocommerce Reviews twb-woocommerce-reviews allows Cross Site Request Forgery.This issue affects TWB Woocommerce Reviews: from n/a through <= 1.7.7.

  • CVE-2025-30764MedMar 27, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in AntoineH Football Pool football-pool allows Cross Site Request Forgery.This issue affects Football Pool: from n/a through <= 2.12.2.

  • CVE-2024-13710MedMar 25, 2025
    risk 0.28cvss 4.3epss 0.00

    The Estatebud – Properties & Listings plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.5.0. This is due to missing or incorrect nonce validation on the 'estatebud_settings' page. This makes it possible for unauthenticated…

  • CVE-2025-1320MedMar 25, 2025
    risk 0.28cvss 4.3epss 0.00

    The teachPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.0.9. This is due to missing or incorrect nonce validation on the import.php page. This makes it possible for unauthenticated attackers to delete imports via a…

  • CVE-2025-30617MedMar 24, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in takien Rewrite rewrite allows Cross Site Request Forgery.This issue affects Rewrite: from n/a through <= 0.2.1.

  • CVE-2025-30601MedMar 24, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in flipdish Flipdish Ordering System flipdish-ordering-system allows Cross Site Request Forgery.This issue affects Flipdish Ordering System: from n/a through <= 1.5.2.

  • CVE-2025-30598MedMar 24, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Link OSS Upload oss-upload allows Cross Site Request Forgery.This issue affects OSS Upload: from n/a through <= 4.8.9.

  • CVE-2025-30585MedMar 24, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in marynixie Generate Post Thumbnails generate-post-thumbnails allows Cross Site Request Forgery.This issue affects Generate Post Thumbnails: from n/a through <= 0.8.

  • CVE-2025-30576MedMar 24, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in HuangYe WuDeng Hacklog Remote Image Autosave hacklog-remote-image-autosave allows Cross Site Request Forgery.This issue affects Hacklog Remote Image Autosave: from n/a through <= 2.1.0.

  • CVE-2025-30568MedMar 24, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in hitoy Super Static Cache super-static-cache allows Cross Site Request Forgery.This issue affects Super Static Cache: from n/a through <= 3.3.5.

  • CVE-2025-30557MedMar 24, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in odihost Easy 301 Redirects odihost-easy-redirect-301 allows Cross Site Request Forgery.This issue affects Easy 301 Redirects: from n/a through <= 1.33.

  • CVE-2025-30556MedMar 24, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in flyaga Fix Rss Feeds fix-rss-feed allows Cross Site Request Forgery.This issue affects Fix Rss Feeds: from n/a through <= 3.1.

  • CVE-2025-30549MedMar 24, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Yummly Yummly Rich Recipes yummly-rich-recipes allows Cross Site Request Forgery.This issue affects Yummly Rich Recipes: from n/a through <= 4.2.

  • CVE-2025-30546MedMar 24, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in boroV Cackle cackle allows Cross Site Request Forgery.This issue affects Cackle: from n/a through <= 4.33.

  • CVE-2025-30542MedMar 24, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in wpsolutions SoundCloud Ultimate soundcloud-ultimate allows Cross Site Request Forgery.This issue affects SoundCloud Ultimate: from n/a through <= 1.5.

  • CVE-2025-30541MedMar 24, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes Info Boxes Shortcode and Widget info-boxes-shortcode-and-widget allows Cross Site Request Forgery.This issue affects Info Boxes Shortcode and Widget: from n/a through <= 1.15.

  • CVE-2025-30538MedMar 24, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in ChrisHurst Simple Optimizer simple-optimizer allows Cross Site Request Forgery.This issue affects Simple Optimizer: from n/a through <= 1.2.7.

  • CVE-2025-30535MedMar 24, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in muro External image replace external-image-replace allows Cross Site Request Forgery.This issue affects External image replace: from n/a through <= 1.0.8.