VYPR

CWE-352

Cross-Site Request Forgery (CSRF)

CompoundStableLikelihood: Medium

Description

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-111 · CAPEC-462 · CAPEC-467 · CAPEC-62

CVEs mapped to this weakness (5,713)

page 188 of 286
  • CVE-2024-35684MedJun 8, 2024
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in 10up ElasticPress elasticpress.This issue affects ElasticPress: from n/a through <= 5.1.1.

  • CVE-2024-35632MedJun 3, 2024
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks. Integration for Contact Form 7 and Constant Contact.This issue affects Integration for Contact Form 7 and Constant Contact: from n/a through 1.1.5.

  • CVE-2024-35638MedJun 3, 2024
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in JumpDEMAND Inc. ActiveDEMAND.This issue affects ActiveDEMAND: from n/a through 0.2.43.

  • CVE-2024-4344MedJun 2, 2024
    risk 0.28cvss 4.3epss 0.00

    The Shield Security – Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 19.1.13. This is due to missing or incorrect nonce validation on the exec function. This makes it…

  • CVE-2024-35636MedJun 1, 2024
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Uploadcare Uploadcare File Uploader and Adaptive Delivery (beta) uploadcare.This issue affects Uploadcare File Uploader and Adaptive Delivery (beta): from n/a through 3.0.11.

  • CVE-2024-4426MedMay 30, 2024
    risk 0.28cvss 4.3epss 0.00

    The Comparison Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.5. This is due to missing or incorrect nonce validation on several functions hooked to AJAX actions. This makes it possible for unauthenticated…

  • CVE-2024-3947MedMay 30, 2024
    risk 0.28cvss 4.3epss 0.00

    The WP To Do plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.0. This is due to missing or incorrect nonce validation on the wptodo_settings() function. This makes it possible for unauthenticated attackers to modify the…

  • CVE-2024-3945MedMay 30, 2024
    risk 0.28cvss 4.3epss 0.00

    The WP To Do plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.0. This is due to missing or incorrect nonce validation on the wptodo_manage() function. This makes it possible for unauthenticated attackers to add new todo…

  • CVE-2024-3943MedMay 30, 2024
    risk 0.28cvss 4.3epss 0.00

    The WP To Do plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.0. This is due to missing or incorrect nonce validation on the wptodo_addcomment function. This makes it possible for unauthenticated attackers to add comments…

  • CVE-2024-4409MedMay 24, 2024
    risk 0.28cvss 4.3epss 0.00

    The WP-ViperGB plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.1. This is due to missing or incorrect nonce validation when saving plugin settings. This makes it possible for unauthenticated attackers to change the…

  • CVE-2024-34807MedMay 17, 2024
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in CodeBard Fast Custom Social Share by CodeBard fast-custom-social-share-by-codebard.This issue affects Fast Custom Social Share by CodeBard: from n/a through <= 1.1.2.

  • CVE-2024-34806MedMay 17, 2024
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Creative Motion Clearfy Cache.This issue affects Clearfy Cache: from n/a through 2.2.1.

  • CVE-2024-34756MedMay 17, 2024
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Contact Form 7 HubSpot.This issue affects Integration for Contact Form 7 HubSpot: from n/a through 1.3.1.

  • CVE-2024-34755MedMay 17, 2024
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Contact Form 7 and Salesforce.This issue affects Integration for Contact Form 7 and Salesforce: from n/a through 1.3.9.

  • CVE-2024-4204MedMay 16, 2024
    risk 0.28cvss 4.3epss 0.00

    The Bulk Posts Editing For WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.3. This is due to missing or incorrect nonce validation on the plugin's AJAX actions.. This makes it possible for unauthenticated…

  • CVE-2024-4689MedMay 14, 2024
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in ShortPixel ShortPixel Adaptive Images shortpixel-adaptive-images.This issue affects ShortPixel Adaptive Images: from n/a through <= 3.8.3.

  • CVE-2024-4463MedMay 14, 2024
    risk 0.28cvss 4.3epss 0.00

    The Squelch Tabs and Accordions Shortcodes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.4.7. This is due to missing or incorrect nonce validation when saving plugin settings. This makes it possible for unauthenticated…

  • CVE-2024-4312MedMay 14, 2024
    risk 0.28cvss 4.3epss 0.00

    The Soccer Engine – Soccer Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12. This is due to missing or incorrect nonce validation when saving match and team settings. This makes it possible for…

  • CVE-2024-4082MedMay 14, 2024
    risk 0.28cvss 4.3epss 0.00

    The Joli FAQ SEO – WordPress FAQ Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.2. This is due to missing or incorrect nonce validation when saving settings. This makes it possible for unauthenticated attackers…

  • CVE-2024-34828MedMay 14, 2024
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 4.1.32.