VYPR

CWE-352

Cross-Site Request Forgery (CSRF)

CompoundStableLikelihood: Medium

Description

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-111 · CAPEC-462 · CAPEC-467 · CAPEC-62

CVEs mapped to this weakness (5,713)

page 180 of 286
  • CVE-2025-28876MedMar 11, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Skrill_Team Skrill Official official-skrill-woocommerce allows Cross Site Request Forgery.This issue affects Skrill Official: from n/a through <= 1.0.66.

  • CVE-2025-28868MedMar 11, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in ZipList ZipList Recipe ziplist-recipe-plugin allows Cross Site Request Forgery.This issue affects ZipList Recipe: from n/a through <= 3.1.

  • CVE-2025-28867MedMar 11, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in stesvis Frontpage category filter frontpage-category-filter allows Cross Site Request Forgery.This issue affects Frontpage category filter: from n/a through <= 1.0.2.

  • CVE-2025-28866MedMar 11, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in smerriman Login Logger login-logger allows Cross Site Request Forgery.This issue affects Login Logger: from n/a through <= 1.2.1.

  • CVE-2025-28864MedMar 11, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in planetstudio Builder for Contact Form 7 by Webconstruct cf7-builder allows Cross Site Request Forgery.This issue affects Builder for Contact Form 7 by Webconstruct: from n/a through <= 1.2.2.

  • CVE-2025-28863MedMar 11, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Carlos Minatti Delete Original Image delete-original-image allows Cross Site Request Forgery.This issue affects Delete Original Image: from n/a through <= 0.4.

  • CVE-2025-28862MedMar 11, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Venugopal Comment Date and Gravatar remover remove-date-and-gravatar-under-comment allows Cross Site Request Forgery.This issue affects Comment Date and Gravatar remover: from n/a through <= 1.0.

  • CVE-2025-28859MedMar 11, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in CodeVibrant Maintenance Notice maintenance-notice allows Cross Site Request Forgery.This issue affects Maintenance Notice: from n/a through <= 1.0.6.

  • CVE-2025-28856MedMar 11, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in dangrossman W3Counter Free Real-Time Web Stats blog-stats-by-w3counter allows Cross Site Request Forgery.This issue affects W3Counter Free Real-Time Web Stats: from n/a through <= 4.1.

  • CVE-2025-0748MedMar 7, 2025
    risk 0.28cvss 4.3epss 0.00

    The Homey theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.3. This is due to missing or incorrect nonce validation on the 'homey_verify_user_manually' function. This makes it possible for unauthenticated attackers to update…

  • CVE-2025-27624MedMar 5, 2025
    risk 0.28cvss 5.4epss 0.00

    A cross-site request forgery (CSRF) vulnerability in Jenkins 2.499 and earlier, LTS 2.492.1 and earlier allows attackers to have users toggle their collapsed/expanded status of sidepanel widgets (e.g., Build Queue and Build Executor Status widgets).

  • CVE-2025-0990MedMar 5, 2025
    risk 0.28cvss 4.3epss 0.00

    The I Am Gloria plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.4. This is due to missing or incorrect nonce validation on the iamgloria23_gloria_settings_page function. This makes it possible for unauthenticated…

  • CVE-2025-27579MedMar 3, 2025
    risk 0.28cvss 5.4epss 0.00

    In Bitaxe ESP-Miner before 2.5.0 with AxeOS, one can use an /api/system CSRF attack to update the payout address (aka stratumUser) for a Bitaxe Bitcoin miner, or change the frequency and voltage settings.

  • CVE-2025-26925MedFeb 26, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Required Admin Menu Manager allows Cross Site Request Forgery.This issue affects Admin Menu Manager: from n/a through 1.0.3.

  • CVE-2025-26926MedFeb 25, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in fs-code Booknetic booknetic.This issue affects Booknetic: from n/a through <= 4.0.9.

  • CVE-2025-27357MedFeb 24, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Musa AVCI Önceki Yazı Link onceki-yazi-linki allows Cross Site Request Forgery.This issue affects Önceki Yazı Link: from n/a through <= 1.3.

  • CVE-2025-27353MedFeb 24, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Bob Namaste! LMS namaste-lms allows Cross Site Request Forgery.This issue affects Namaste! LMS: from n/a through <= 2.6.5.

  • CVE-2025-27344MedFeb 24, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in filipstepanov Phee's LinkPreview linkpreview allows Cross Site Request Forgery.This issue affects Phee's LinkPreview: from n/a through <= 1.6.7.

  • CVE-2025-27342MedFeb 24, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in josesan WooCommerce Recargo de Equivalencia woo-recargo-de-equivalencia allows Cross Site Request Forgery.This issue affects WooCommerce Recargo de Equivalencia: from n/a through <= 1.6.24.

  • CVE-2025-27339MedFeb 24, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Will Anderson Minimum Password Strength minimum-password-strength allows Cross Site Request Forgery.This issue affects Minimum Password Strength: from n/a through <= 1.2.0.