VYPR

CWE-352

Cross-Site Request Forgery (CSRF)

CompoundStableLikelihood: Medium

Description

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-111 · CAPEC-462 · CAPEC-467 · CAPEC-62

CVEs mapped to this weakness (5,713)

page 181 of 286
  • CVE-2025-27336MedFeb 24, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Alex Prokopenko / JustCoded Just Variables just-wp-variables allows Cross Site Request Forgery.This issue affects Just Variables: from n/a through <= 1.2.3.

  • CVE-2025-27335MedFeb 24, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Free plug in by SEO Roma Auto Tag Links auto-tag-links allows Cross Site Request Forgery.This issue affects Auto Tag Links: from n/a through <= 1.0.13.

  • CVE-2025-27328MedFeb 24, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in queeez WP-PostRatings Cheater wp-postratings-cheater allows Cross Site Request Forgery.This issue affects WP-PostRatings Cheater: from n/a through <= 1.5.

  • CVE-2025-27318MedFeb 24, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in ixiter Simple Google Sitemap simple-google-sitemap allows Cross Site Request Forgery.This issue affects Simple Google Sitemap: from n/a through <= 1.6.

  • CVE-2025-27317MedFeb 24, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in IT-RAYS RAYS Grid rays-grid allows Cross Site Request Forgery.This issue affects RAYS Grid: from n/a through <= 1.3.1.

  • CVE-2025-27316MedFeb 24, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in hosting.io JPG, PNG Compression and Optimization wp-image-compression allows Cross Site Request Forgery.This issue affects JPG, PNG Compression and Optimization: from n/a through <= 1.7.35.

  • CVE-2025-27315MedFeb 24, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in wptom All-In-One Cufon all-in-one-cufon allows Cross Site Request Forgery.This issue affects All-In-One Cufon: from n/a through <= 1.3.0.

  • CVE-2025-27311MedFeb 24, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in luk3thomas Bulk Content Creator bulk-content-creator allows Cross Site Request Forgery.This issue affects Bulk Content Creator: from n/a through <= 1.2.1.

  • CVE-2025-27290MedFeb 24, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in seyyed-amir Erima Zarinpal Donate erima-zarinpal-donate allows Cross Site Request Forgery.This issue affects Erima Zarinpal Donate: from n/a through <= 1.0.

  • CVE-2024-13405MedFeb 19, 2025
    risk 0.28cvss 4.3epss 0.00

    The Apptivo Business Site CRM plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.3. This is due to missing or incorrect nonce validation on the 'awp_ip_deny' page. This makes it possible for unauthenticated attackers to block…

  • CVE-2025-0796MedFeb 18, 2025
    risk 0.28cvss 4.3epss 0.00

    The Mortgage Lead Capture System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.2.11. This is due to missing or incorrect nonce validation on the 'wprequal_reset_defaults' action. This makes it possible for…

  • CVE-2025-1358MedFeb 16, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability classified as problematic was found in Pix Software Vivaz 6.0.10. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.…

  • CVE-2024-9661MedFeb 7, 2025
    risk 0.28cvss 4.3epss 0.00

    The WP All Import Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.9.7. This is due to missing nonce validation on the delete_and_edit function. This makes it possible for unauthenticated attackers to delete imported…

  • CVE-2025-25146MedFeb 7, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in saleandro Songkick Concerts and Festivals songkick-concerts-and-festivals allows Cross Site Request Forgery.This issue affects Songkick Concerts and Festivals: from n/a through <= 0.9.7.

  • CVE-2025-25143MedFeb 7, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in ibasit GlobalQuran globalquran allows Cross Site Request Forgery.This issue affects GlobalQuran: from n/a through <= 1.0.

  • CVE-2025-25103MedFeb 7, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in bnielsen Indeed API indeed-api allows Cross Site Request Forgery.This issue affects Indeed API: from n/a through <= 0.5.

  • CVE-2025-24982MedFeb 4, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-site request forgery vulnerability exists in Activity Log WinterLock versions prior to 1.2.5. If a user views a malicious page while logged in, the log data may be deleted.

  • CVE-2025-24742MedJan 27, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in WPGMaps WP Go Maps wp-google-maps.This issue affects WP Go Maps: from n/a through <= 9.0.40.

  • CVE-2025-24540MedJan 27, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd coming-soon allows Cross Site Request Forgery.This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a through…

  • CVE-2025-24739MedJan 24, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Shahjahan Jewel FluentSMTP fluent-smtp allows Cross Site Request Forgery.This issue affects FluentSMTP: from n/a through <= 2.2.80.