CWE-352
Cross-Site Request Forgery (CSRF)
Description
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-111 · CAPEC-462 · CAPEC-467 · CAPEC-62
CVEs mapped to this weakness (5,713)
page 203 of 286| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-47757 | Med | 0.28 | 4.3 | 0.00 | Nov 17, 2023 | Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in AWeber AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth allows Accessing Functionality Not Properly Constrained by ACLs, Cross-Site Request… | ||
| CVE-2023-35877 | Med | 0.28 | 4.3 | 0.00 | Nov 13, 2023 | Cross-Site Request Forgery (CSRF) vulnerability in Vadym K. Extra User Details allows Stored XSS.This issue affects Extra User Details: from n/a through 0.5. | ||
| CVE-2023-46201 | Med | 0.28 | 4.3 | 0.00 | Nov 13, 2023 | Cross-Site Request Forgery (CSRF) vulnerability in Jeff Sherk Auto Login New User After Registration allows Stored XSS.This issue affects Auto Login New User After Registration: from n/a through 1.9.6. | ||
| CVE-2023-31078 | Med | 0.28 | 4.3 | 0.00 | Nov 10, 2023 | Cross-Site Request Forgery (CSRF) vulnerability in Marco Steinbrecher WP BrowserUpdate plugin <= 4.4.1 versions. | ||
| CVE-2023-31077 | Med | 0.28 | 4.3 | 0.00 | Nov 10, 2023 | Cross-Site Request Forgery (CSRF) vulnerability in ReCorp Export WP Page to Static HTML/CSS plugin <= 2.1.9 versions. | ||
| CVE-2023-29440 | Med | 0.28 | 4.3 | 0.00 | Nov 10, 2023 | Cross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple Job Board plugin <= 2.10.3 versions. | ||
| CVE-2023-29426 | Med | 0.28 | 4.3 | 0.00 | Nov 10, 2023 | Cross-Site Request Forgery (CSRF) vulnerability in Robert Schulz (sprd.Net AG) Spreadshop plugin <= 1.6.5 versions. | ||
| CVE-2023-32502 | Med | 0.28 | 4.3 | 0.00 | Nov 9, 2023 | Cross-Site Request Forgery (CSRF) vulnerability in Sybre Waaijer Pro Mime Types – Manage file media types plugin <= 1.0.7 versions. | ||
| CVE-2023-32501 | Med | 0.28 | 4.3 | 0.00 | Nov 9, 2023 | Cross-Site Request Forgery (CSRF) vulnerability in E4J s.R.L. VikBooking Hotel Booking Engine & PMS plugin <= 1.6.1 versions. | ||
| CVE-2023-32125 | Med | 0.28 | 4.3 | 0.00 | Nov 9, 2023 | Cross-Site Request Forgery (CSRF) vulnerability in Daniel Powney Multi Rating plugin <= 5.0.6 versions. | ||
| CVE-2023-32092 | Med | 0.28 | 4.3 | 0.00 | Nov 9, 2023 | Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin <= 6.0.9.0 versions. | ||
| CVE-2023-31093 | Med | 0.28 | 4.3 | 0.00 | Nov 9, 2023 | Cross-Site Request Forgery (CSRF) vulnerability in Chronosly Chronosly Events Calendar plugin <= 2.6.2 versions. | ||
| CVE-2023-32512 | Med | 0.28 | 4.3 | 0.00 | Nov 9, 2023 | Cross-Site Request Forgery (CSRF) vulnerability in ShortPixel ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization plugin <= 3.7.1 versions. | ||
| CVE-2023-34031 | Med | 0.28 | 4.3 | 0.00 | Nov 9, 2023 | Cross-Site Request Forgery (CSRF) vulnerability in Pascal Casier bbPress Toolkit plugin <= 1.0.12 versions. | ||
| CVE-2023-34024 | Med | 0.28 | 4.3 | 0.00 | Nov 9, 2023 | Cross-Site Request Forgery (CSRF) vulnerability in Guillemant David WP Full Auto Tags Manager plugin <= 2.2 versions. | ||
| CVE-2023-32739 | Med | 0.28 | 4.3 | 0.00 | Nov 9, 2023 | Cross-Site Request Forgery (CSRF) vulnerability in Web_Trendy WP Custom Cursors | WordPress Cursor Plugin plugin < 3.2 versions. | ||
| CVE-2023-32602 | Med | 0.28 | 4.3 | 0.00 | Nov 9, 2023 | Cross-Site Request Forgery (CSRF) vulnerability in LOKALYZE CALL ME NOW plugin <= 3.0 versions. | ||
| CVE-2023-32594 | Med | 0.28 | 4.3 | 0.00 | Nov 9, 2023 | Cross-Site Request Forgery (CSRF) vulnerability in Benedict B., Maciej Gryniuk Hyphenator plugin <= 5.1.5 versions. | ||
| CVE-2023-34033 | Med | 0.28 | 4.3 | 0.00 | Nov 9, 2023 | Cross-Site Request Forgery (CSRF) vulnerability in Malinky Ajax Pagination and Infinite Scroll plugin <= 2.0.1 versions. | ||
| CVE-2023-34371 | Med | 0.28 | 4.3 | 0.00 | Nov 9, 2023 | Cross-Site Request Forgery (CSRF) vulnerability in Didier Sampaolo SpamReferrerBlock plugin <= 2.22 versions. |
- risk 0.28cvss 4.3epss 0.00
Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in AWeber AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth allows Accessing Functionality Not Properly Constrained by ACLs, Cross-Site Request…
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Vadym K. Extra User Details allows Stored XSS.This issue affects Extra User Details: from n/a through 0.5.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Jeff Sherk Auto Login New User After Registration allows Stored XSS.This issue affects Auto Login New User After Registration: from n/a through 1.9.6.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Marco Steinbrecher WP BrowserUpdate plugin <= 4.4.1 versions.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in ReCorp Export WP Page to Static HTML/CSS plugin <= 2.1.9 versions.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple Job Board plugin <= 2.10.3 versions.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Robert Schulz (sprd.Net AG) Spreadshop plugin <= 1.6.5 versions.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Sybre Waaijer Pro Mime Types – Manage file media types plugin <= 1.0.7 versions.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in E4J s.R.L. VikBooking Hotel Booking Engine & PMS plugin <= 1.6.1 versions.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Daniel Powney Multi Rating plugin <= 5.0.6 versions.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin <= 6.0.9.0 versions.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Chronosly Chronosly Events Calendar plugin <= 2.6.2 versions.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in ShortPixel ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization plugin <= 3.7.1 versions.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Pascal Casier bbPress Toolkit plugin <= 1.0.12 versions.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Guillemant David WP Full Auto Tags Manager plugin <= 2.2 versions.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Web_Trendy WP Custom Cursors | WordPress Cursor Plugin plugin < 3.2 versions.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in LOKALYZE CALL ME NOW plugin <= 3.0 versions.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Benedict B., Maciej Gryniuk Hyphenator plugin <= 5.1.5 versions.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Malinky Ajax Pagination and Infinite Scroll plugin <= 2.0.1 versions.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Didier Sampaolo SpamReferrerBlock plugin <= 2.22 versions.