VYPR

CWE-352

Cross-Site Request Forgery (CSRF)

CompoundStableLikelihood: Medium

Description

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-111 · CAPEC-462 · CAPEC-467 · CAPEC-62

CVEs mapped to this weakness (5,713)

page 186 of 286
  • CVE-2024-54321MedDec 13, 2024
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Hive Support Hive Support hive-support allows Cross Site Request Forgery.This issue affects Hive Support: from n/a through <= 1.1.2.

  • CVE-2024-54307MedDec 13, 2024
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in aipost AIcomments aicomments allows Cross Site Request Forgery.This issue affects AIcomments: from n/a through <= 1.4.1.

  • CVE-2024-54306MedDec 13, 2024
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in aitool AIKCT Engine Chatbot, ChatGPT, Gemini, GPT-4o Best AI Chatbot ai-seo-translator allows Cross Site Request Forgery.This issue affects AIKCT Engine Chatbot, ChatGPT, Gemini, GPT-4o Best AI Chatbot: from n/a through <= 1.6.2.

  • CVE-2024-54300MedDec 13, 2024
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Basar Ventures AutoWP autowp-ai-content-writer-rewriter allows Cross Site Request Forgery.This issue affects AutoWP: from n/a through <= 2.0.8.

  • CVE-2024-12526MedDec 12, 2024
    risk 0.28cvss 4.3epss 0.00

    The Arena.IM – Live Blogging for real-time events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.4.1. This is due to missing or incorrect nonce validation on the 'albfre_user_action' AJAX action. This makes it possible…

  • CVE-2024-53809MedDec 6, 2024
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Bob Namaste! LMS namaste-lms allows Cross Site Request Forgery.This issue affects Namaste! LMS: from n/a through <= 2.6.4.1.

  • CVE-2024-53775MedDec 2, 2024
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in benmoreassynt DancePress (TRWA) dancepress-trwa allows Cross Site Request Forgery.This issue affects DancePress (TRWA): from n/a through <= 3.1.11.

  • CVE-2024-53707MedDec 2, 2024
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in ahmeti Ahmeti Wp Güzel Sözler ahmeti-wp-guzel-sozler allows Cross Site Request Forgery.This issue affects Ahmeti Wp Güzel Sözler: from n/a through <= 4.0.

  • CVE-2024-52479MedDec 2, 2024
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Astoundify Jobify jobify allows Cross Site Request Forgery.This issue affects Jobify: from n/a through < 4.3.0.

  • CVE-2024-11014MedNov 29, 2024
    risk 0.28cvss 4.3epss 0.00

    Cross-site request forgery (CSRF) vulnerability in NEC Corporation UNIVERGE IX from Ver9.2 to Ver10.10.21, for Ver10.8 up to Ver10.8.27 and for Ver10.9 up to Ver10.9.14 allows a attacker to hijack the authentication of screens on the device via the management interface.

  • CVE-2024-51669MedNov 19, 2024
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Kalmang Dynamic Widgets dynamic-widgets.This issue affects Dynamic Widgets: from n/a through <= 1.6.4.

  • CVE-2024-52420MedNov 19, 2024
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Themeisle Disable Admin Notices individually disable-admin-notices allows Cross Site Request Forgery.This issue affects Disable Admin Notices individually: from n/a through <= 1.4.0.

  • CVE-2024-51686MedNov 19, 2024
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Deepak Khokhar Manage User Columns manage-user-columns allows Cross Site Request Forgery.This issue affects Manage User Columns: from n/a through <= 1.0.5.

  • CVE-2024-43338MedNov 19, 2024
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Automattic Crowdsignal Dashboard – Polls, Surveys & more polldaddy allows Cross Site Request Forgery.This issue affects Crowdsignal Dashboard – Polls, Surveys & more: from n/a through <= 3.1.3.

  • CVE-2024-43930MedOct 31, 2024
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in eyecix JobSearch allows Cross Site Request Forgery.This issue affects JobSearch: from n/a through 2.5.3.

  • CVE-2024-49628MedOct 20, 2024
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in whiletrue Most And Least Read Posts Widget most-and-least-read-posts-widget allows Cross Site Request Forgery.This issue affects Most And Least Read Posts Widget: from n/a through <= 2.5.18.

  • CVE-2024-49627MedOct 20, 2024
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Noor Alam WordPress Image SEO allows Cross Site Request Forgery.This issue affects WordPress Image SEO: from n/a through 1.1.4.

  • CVE-2024-49275MedOct 20, 2024
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Northern Beaches Websites IdeaPush ideapush allows Cross Site Request Forgery.This issue affects IdeaPush: from n/a through <= 8.69.

  • CVE-2024-49272MedOct 20, 2024
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in wpweb Social Auto Poster social-auto-poster allows Cross Site Request Forgery.This issue affects Social Auto Poster: from n/a through <= 5.3.15.

  • CVE-2024-49250MedOct 20, 2024
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Syed Balkhi Table of Contents Plus table-of-contents-plus allows Cross Site Request Forgery.This issue affects Table of Contents Plus: from n/a through <= 2408.