CWE-352
Cross-Site Request Forgery (CSRF)
Description
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-111 · CAPEC-462 · CAPEC-467 · CAPEC-62
CVEs mapped to this weakness (5,713)
page 197 of 286| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-4628 | Med | 0.28 | 4.3 | 0.00 | Mar 12, 2024 | The LadiApp plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the ladiflow_save_hook() function in versions up to, and including, 4.4. This makes it possible for unauthenticated attackers to update the 'ladiflow_hook_configs' option… | ||
| CVE-2024-28158 | Med | 0.28 | 4.3 | 0.00 | Mar 6, 2024 | A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers to trigger a build. | ||
| CVE-2023-6326 | Med | 0.28 | 5.4 | 0.00 | Mar 2, 2024 | The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.9.10. This is due to missing or incorrect nonce validation on the 'process_bulk_action' function. This makes it possible for… | ||
| CVE-2024-1592 | Med | 0.28 | 4.3 | 0.00 | Mar 2, 2024 | The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5.6. This is due to missing or incorrect nonce validation on the process_delete function in class-DNSMPD.php. This makes it… | ||
| CVE-2024-1976 | Med | 0.28 | 4.3 | 0.00 | Feb 29, 2024 | The Marketing Optimizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20200925. This is due to missing or incorrect nonce validation via the admin/main-settings-page.php file. This makes it possible for unauthenticated… | ||
| CVE-2023-51696 | Med | 0.28 | 4.3 | 0.00 | Feb 29, 2024 | Cross-Site Request Forgery (CSRF) vulnerability in СleanTalk - Anti-Spam Protection Spam protection, Anti-Spam, FireWall by CleanTalk.This issue affects Spam protection, Anti-Spam, FireWall by CleanTalk: from n/a through 6.20. | ||
| CVE-2023-51530 | Med | 0.28 | 4.3 | 0.00 | Feb 29, 2024 | Cross-Site Request Forgery (CSRF) vulnerability in GS Plugins Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation.This issue affects Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation: from n/a through… | ||
| CVE-2023-51529 | Med | 0.28 | 4.3 | 0.00 | Feb 29, 2024 | Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Mega – Absolute Addons For Elementor.This issue affects HT Mega – Absolute Addons For Elementor: from n/a through 2.3.3. | ||
| CVE-2023-51528 | Med | 0.28 | 4.3 | 0.00 | Feb 29, 2024 | Cross-Site Request Forgery (CSRF) vulnerability in Senol Sahin AI Power: Complete AI Pack – Powered by GPT-4.This issue affects AI Power: Complete AI Pack – Powered by GPT-4: from n/a through 1.8.12. | ||
| CVE-2024-25932 | Med | 0.28 | 4.3 | 0.00 | Feb 29, 2024 | Cross-Site Request Forgery (CSRF) vulnerability in Manish Kumar Agarwal Change Table Prefix change-table-prefix allows Cross Site Request Forgery.This issue affects Change Table Prefix: from n/a through <= 2.0. | ||
| CVE-2024-25931 | Med | 0.28 | 4.3 | 0.00 | Feb 29, 2024 | Cross-Site Request Forgery (CSRF) vulnerability in Heureka Group Heureka.This issue affects Heureka: from n/a through 1.0.8. | ||
| CVE-2024-25930 | Med | 0.28 | 4.3 | 0.00 | Feb 29, 2024 | Cross-Site Request Forgery (CSRF) vulnerability in Nuggethon Custom Order Statuses for WooCommerce.This issue affects Custom Order Statuses for WooCommerce: from n/a through 1.5.2. | ||
| CVE-2024-24708 | Med | 0.28 | 4.3 | 0.00 | Feb 29, 2024 | Cross-Site Request Forgery (CSRF) vulnerability in W3speedster W3SPEEDSTER.This issue affects W3SPEEDSTER: from n/a through 7.19. | ||
| CVE-2024-24701 | Med | 0.28 | 4.3 | 0.00 | Feb 29, 2024 | Cross-Site Request Forgery (CSRF) vulnerability in Native Grid LLC A no-code page builder for beautiful performance-based content.This issue affects A no-code page builder for beautiful performance-based content: from n/a through 2.1.20. | ||
| CVE-2024-0515 | Med | 0.28 | 4.3 | 0.00 | Feb 29, 2024 | The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the remove_from_compare function. This makes it possible for… | ||
| CVE-2024-0514 | Med | 0.28 | 4.3 | 0.00 | Feb 29, 2024 | The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the add_to_compare function. This makes it possible for unauthenticated… | ||
| CVE-2024-0513 | Med | 0.28 | 4.3 | 0.00 | Feb 29, 2024 | The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the remove_from_wishlist function. This makes it possible for… | ||
| CVE-2024-0512 | Med | 0.28 | 4.3 | 0.00 | Feb 29, 2024 | The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the add_to_wishlist function. This makes it possible for… | ||
| CVE-2024-0379 | Med | 0.28 | 4.3 | 0.01 | Feb 29, 2024 | The Custom Twitter Feeds – A Tweets Widget or X Feed Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation on the ctf_auto_save_tokens function. This makes it… | ||
| CVE-2023-52226 | Med | 0.28 | 4.3 | 0.00 | Feb 28, 2024 | Cross-Site Request Forgery (CSRF) vulnerability in Advanced Flamingo.This issue affects Advanced Flamingo: from n/a through 1.0. |
- risk 0.28cvss 4.3epss 0.00
The LadiApp plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the ladiflow_save_hook() function in versions up to, and including, 4.4. This makes it possible for unauthenticated attackers to update the 'ladiflow_hook_configs' option…
- risk 0.28cvss 4.3epss 0.00
A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers to trigger a build.
- risk 0.28cvss 5.4epss 0.00
The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.9.10. This is due to missing or incorrect nonce validation on the 'process_bulk_action' function. This makes it possible for…
- risk 0.28cvss 4.3epss 0.00
The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5.6. This is due to missing or incorrect nonce validation on the process_delete function in class-DNSMPD.php. This makes it…
- risk 0.28cvss 4.3epss 0.00
The Marketing Optimizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20200925. This is due to missing or incorrect nonce validation via the admin/main-settings-page.php file. This makes it possible for unauthenticated…
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in СleanTalk - Anti-Spam Protection Spam protection, Anti-Spam, FireWall by CleanTalk.This issue affects Spam protection, Anti-Spam, FireWall by CleanTalk: from n/a through 6.20.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in GS Plugins Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation.This issue affects Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation: from n/a through…
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Mega – Absolute Addons For Elementor.This issue affects HT Mega – Absolute Addons For Elementor: from n/a through 2.3.3.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Senol Sahin AI Power: Complete AI Pack – Powered by GPT-4.This issue affects AI Power: Complete AI Pack – Powered by GPT-4: from n/a through 1.8.12.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Manish Kumar Agarwal Change Table Prefix change-table-prefix allows Cross Site Request Forgery.This issue affects Change Table Prefix: from n/a through <= 2.0.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Heureka Group Heureka.This issue affects Heureka: from n/a through 1.0.8.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Nuggethon Custom Order Statuses for WooCommerce.This issue affects Custom Order Statuses for WooCommerce: from n/a through 1.5.2.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in W3speedster W3SPEEDSTER.This issue affects W3SPEEDSTER: from n/a through 7.19.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Native Grid LLC A no-code page builder for beautiful performance-based content.This issue affects A no-code page builder for beautiful performance-based content: from n/a through 2.1.20.
- risk 0.28cvss 4.3epss 0.00
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the remove_from_compare function. This makes it possible for…
- risk 0.28cvss 4.3epss 0.00
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the add_to_compare function. This makes it possible for unauthenticated…
- risk 0.28cvss 4.3epss 0.00
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the remove_from_wishlist function. This makes it possible for…
- risk 0.28cvss 4.3epss 0.00
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the add_to_wishlist function. This makes it possible for…
- risk 0.28cvss 4.3epss 0.01
The Custom Twitter Feeds – A Tweets Widget or X Feed Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation on the ctf_auto_save_tokens function. This makes it…
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Advanced Flamingo.This issue affects Advanced Flamingo: from n/a through 1.0.