CWE-352
Cross-Site Request Forgery (CSRF)
CompoundStableLikelihood: Medium
Description
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-111 · CAPEC-462 · CAPEC-467 · CAPEC-62
CVEs mapped to this weakness (4,552)
page 2 of 228| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-39617 | Cri | 0.62 | 9.6 | 0.00 | Apr 8, 2026 | Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Bluestreet bluestreet allows Cross Site Request Forgery.This issue affects Bluestreet: from n/a through <= 1.7.3. | |
| CVE-2025-52835 | Cri | 0.62 | 9.6 | 0.00 | Dec 30, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in ConoHa by GMO WING WordPress Migrator wing-migrator allows Upload a Web Shell to a Web Server.This issue affects WING WordPress Migrator: from n/a through <= 1.2.0. | |
| CVE-2025-11022 | Cri | 0.62 | 9.6 | 0.00 | Dec 9, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in Personal Project Panilux allows Cross Site Request Forgery. This CSRF vulnerability resulting in Command Injection has been identified. This issue affects Panilux: before v.0.10.0. NOTE: The vendor was contacted and responded that they deny ownership of the mentioned product. | |
| CVE-2025-60156 | Cri | 0.62 | 9.6 | 0.00 | Sep 26, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in webandprint AR For WordPress ar-for-wordpress allows Upload a Web Shell to a Web Server.This issue affects AR For WordPress: from n/a through <= 8.34. | |
| CVE-2025-58255 | Cri | 0.62 | 9.6 | 0.00 | Sep 22, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in yonisink Custom Post Type Images custom-post-types-image allows Code Injection.This issue affects Custom Post Type Images: from n/a through <= 0.5. | |
| CVE-2025-58997 | Cri | 0.62 | 9.6 | 0.00 | Sep 9, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in Frenify Mow mow allows Code Injection.This issue affects Mow: from n/a through <= 4.10. | |
| CVE-2025-49381 | Cri | 0.62 | 9.6 | 0.00 | Aug 20, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in ads.txt Guru ads.txt Guru Connect adstxt-guru-connect allows Cross Site Request Forgery.This issue affects ads.txt Guru Connect: from n/a through <= 1.1.1. | |
| CVE-2025-54010 | Cri | 0.62 | 9.6 | 0.00 | Jul 16, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in Shahjahan Jewel FluentSnippets easy-code-manager allows Cross Site Request Forgery.This issue affects FluentSnippets: from n/a through <= 10.50. | |
| CVE-2025-53314 | Cri | 0.62 | 9.6 | 0.00 | Jun 27, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in sh1zen WP Optimizer wp-optimizer allows SQL Injection.This issue affects WP Optimizer: from n/a through <= 2.5.0. | |
| CVE-2025-39601 | Cri | 0.62 | 9.6 | 0.00 | Apr 16, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in WPFactory Custom CSS, JS & PHP custom-css allows Remote Code Inclusion.This issue affects Custom CSS, JS & PHP: from n/a through <= 2.4.1. | |
| CVE-2025-30967 | Cri | 0.62 | 9.6 | 0.00 | Apr 15, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in NotFound WPJobBoard allows Upload a Web Shell to a Web Server. This issue affects WPJobBoard: from n/a through n/a. | |
| CVE-2025-32641 | Cri | 0.62 | 9.6 | 0.00 | Apr 9, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in anantaddons Anant Addons for Elementor anant-addons-for-elementor allows Cross Site Request Forgery.This issue affects Anant Addons for Elementor: from n/a through <= 1.1.8. | |
| CVE-2025-32576 | Cri | 0.62 | 9.6 | 0.00 | Apr 9, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in Agence web Eoxia - Montpellier WP shop wpshop allows Upload a Web Shell to a Web Server.This issue affects WP shop: from n/a through <= 2.6.1. | |
| CVE-2025-32496 | Cri | 0.62 | 9.6 | 0.00 | Apr 9, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in Uncodethemes Ultra Demo Importer ut-demo-importer allows Upload a Web Shell to a Web Server.This issue affects Ultra Demo Importer: from n/a through <= 1.0.5. | |
| CVE-2025-30615 | Cri | 0.62 | 9.6 | 0.00 | Mar 24, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in Jacob Schwartz WP e-Commerce Style Email wp-e-commerce-style-email allows Code Injection.This issue affects WP e-Commerce Style Email: from n/a through <= 0.6.2. | |
| CVE-2025-25107 | Cri | 0.62 | 9.6 | 0.00 | Feb 7, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in sainwp OneStore Sites onestore-sites allows Cross Site Request Forgery.This issue affects OneStore Sites: from n/a through <= 0.1.1. | |
| CVE-2025-25106 | Cri | 0.62 | 9.6 | 0.00 | Feb 7, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in FancyWP Starter Templates by FancyWP starter-templates allows Cross Site Request Forgery.This issue affects Starter Templates by FancyWP: from n/a through <= 2.0.0. | |
| CVE-2025-25101 | Cri | 0.62 | 9.6 | 0.01 | Feb 7, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in MetricThemes Munk Sites munk-sites allows Cross Site Request Forgery.This issue affects Munk Sites: from n/a through <= 1.0.7. | |
| CVE-2024-54372 | Cri | 0.62 | 9.6 | 0.00 | Dec 16, 2024 | Cross-Site Request Forgery (CSRF) vulnerability in Sourov Amin Insertify insertify allows Code Injection.This issue affects Insertify: from n/a through <= 1.1.4. | |
| CVE-2024-54368 | Cri | 0.62 | 9.6 | 0.00 | Dec 16, 2024 | Cross-Site Request Forgery (CSRF) vulnerability in rubengarzajr GitSync git-sync allows Code Injection.This issue affects GitSync: from n/a through <= 1.1.0. |