CWE-352
Cross-Site Request Forgery (CSRF)
Description
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-111 · CAPEC-462 · CAPEC-467 · CAPEC-62
CVEs mapped to this weakness (5,713)
page 205 of 286| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-36754 | Med | 0.28 | 4.3 | 0.00 | Oct 20, 2023 | The Paid Memberships Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.2. This is due to missing or incorrect nonce validation on the pmpro_page_save() function. This makes it possible for unauthenticated attackers to… | ||
| CVE-2020-36753 | Med | 0.28 | 4.3 | 0.00 | Oct 20, 2023 | The Hueman theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6.3. This is due to missing or incorrect nonce validation on the save_meta_box() function. This makes it possible for unauthenticated attackers to save metabox data via… | ||
| CVE-2023-3254 | Med | 0.28 | 4.3 | 0.00 | Oct 18, 2023 | The Widgets for Google Reviews plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 10.9. This is due to missing or incorrect nonce validation within setup_no_reg_header.php. This makes it possible for unauthenticated attackers to… | ||
| CVE-2023-5531 | Med | 0.28 | 4.3 | 0.00 | Oct 12, 2023 | The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the delete functionality. This makes it possible for unauthenticated attackers to… | ||
| CVE-2023-41730 | Med | 0.28 | 4.3 | 0.00 | Oct 10, 2023 | Cross-Site Request Forgery (CSRF) vulnerability in SendPress Newsletters plugin <= 1.22.3.31 versions. | ||
| CVE-2023-37998 | Med | 0.28 | 4.3 | 0.00 | Oct 3, 2023 | Cross-Site Request Forgery (CSRF) vulnerability in Saas Disabler allows Cross Site Request Forgery.This issue affects Disabler: from n/a through 3.0.3. | ||
| CVE-2023-41942 | Med | 0.28 | 4.3 | 0.00 | Sep 6, 2023 | A cross-site request forgery (CSRF) vulnerability in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers to clear the SQS queue. | ||
| CVE-2023-4161 | Med | 0.28 | 4.3 | 0.00 | Aug 31, 2023 | The WooCommerce PDF Invoice Builder for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the SaveCustomField function in versions up to, and including, 1.2.90. This makes it possible for unauthenticated attackers to create invoice fields… | ||
| CVE-2023-40351 | Med | 0.28 | 4.3 | 0.00 | Aug 16, 2023 | A cross-site request forgery (CSRF) vulnerability in Jenkins Favorite View Plugin 5.v77a_37f62782d and earlier allows attackers to add or remove views from another user's favorite views tab bar. | ||
| CVE-2023-40337 | Med | 0.28 | 4.3 | 0.00 | Aug 16, 2023 | A cross-site request forgery (CSRF) vulnerability in Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier allows attackers to copy a view inside a folder. | ||
| CVE-2023-39153 | Med | 0.28 | 5.4 | 0.01 | Jul 26, 2023 | A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Authentication Plugin 1.17.1 and earlier allows attackers to trick users into logging in to the attacker's account. | ||
| CVE-2023-37954 | Med | 0.28 | 4.3 | 0.00 | Jul 12, 2023 | A cross-site request forgery (CSRF) vulnerability in Jenkins Rebuilder Plugin 320.v5a_0933a_e7d61 and earlier allows attackers to rebuild a previous build. | ||
| CVE-2021-4427 | Med | 0.28 | 4.3 | 0.01 | Jul 12, 2023 | The Vuukle Comments, Reactions, Share Bar, Revenue plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4.31. This is due to missing or incorrect nonce validation in the /admin/partials/free-comments-for-wordpress-vuukle-admin-displ… | ||
| CVE-2021-4426 | Med | 0.28 | 4.3 | 0.01 | Jul 12, 2023 | The Absolute Reviews plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.8. This is due to missing or incorrect nonce validation on the metabox_review_save() function. This makes it possible for unauthenticated attackers to save… | ||
| CVE-2021-4425 | Med | 0.28 | 4.3 | 0.01 | Jul 12, 2023 | The Defender Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.6. This is due to missing or incorrect nonce validation on the verify_otp_login_time() function. This makes it possible for unauthenticated attackers to… | ||
| CVE-2020-36761 | Med | 0.28 | 4.3 | 0.01 | Jul 12, 2023 | The Top 10 plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.10.4. This is due to missing or incorrect nonce validation on the tptn_export_tables() function. This makes it possible for unauthenticated attackers to generate an… | ||
| CVE-2020-36760 | Med | 0.28 | 4.3 | 0.01 | Jul 12, 2023 | The Ocean Extra plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.5]. This is due to missing or incorrect nonce validation on the add_core_extensions_bundle_validation() function. This makes it possible for unauthenticated… | ||
| CVE-2021-4422 | Med | 0.28 | 4.3 | 0.01 | Jul 12, 2023 | The POST SMTP Mailer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.20. This is due to missing or incorrect nonce validation on the handleCsvExport() function. This makes it possible for unauthenticated attackers to trigger… | ||
| CVE-2021-4421 | Med | 0.28 | 4.3 | 0.00 | Jul 12, 2023 | The Advanced Popups plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on the metabox_popup_save() function. This makes it possible for unauthenticated attackers to save… | ||
| CVE-2021-4420 | Med | 0.28 | 4.3 | 0.00 | Jul 12, 2023 | The Sell Media plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.5. This is due to missing or incorrect nonce validation on the sell_media_process() function. This makes it possible for unauthenticated attackers to sell media… |
- risk 0.28cvss 4.3epss 0.00
The Paid Memberships Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.2. This is due to missing or incorrect nonce validation on the pmpro_page_save() function. This makes it possible for unauthenticated attackers to…
- risk 0.28cvss 4.3epss 0.00
The Hueman theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6.3. This is due to missing or incorrect nonce validation on the save_meta_box() function. This makes it possible for unauthenticated attackers to save metabox data via…
- risk 0.28cvss 4.3epss 0.00
The Widgets for Google Reviews plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 10.9. This is due to missing or incorrect nonce validation within setup_no_reg_header.php. This makes it possible for unauthenticated attackers to…
- risk 0.28cvss 4.3epss 0.00
The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the delete functionality. This makes it possible for unauthenticated attackers to…
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in SendPress Newsletters plugin <= 1.22.3.31 versions.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Saas Disabler allows Cross Site Request Forgery.This issue affects Disabler: from n/a through 3.0.3.
- risk 0.28cvss 4.3epss 0.00
A cross-site request forgery (CSRF) vulnerability in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers to clear the SQS queue.
- risk 0.28cvss 4.3epss 0.00
The WooCommerce PDF Invoice Builder for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the SaveCustomField function in versions up to, and including, 1.2.90. This makes it possible for unauthenticated attackers to create invoice fields…
- risk 0.28cvss 4.3epss 0.00
A cross-site request forgery (CSRF) vulnerability in Jenkins Favorite View Plugin 5.v77a_37f62782d and earlier allows attackers to add or remove views from another user's favorite views tab bar.
- risk 0.28cvss 4.3epss 0.00
A cross-site request forgery (CSRF) vulnerability in Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier allows attackers to copy a view inside a folder.
- risk 0.28cvss 5.4epss 0.01
A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Authentication Plugin 1.17.1 and earlier allows attackers to trick users into logging in to the attacker's account.
- risk 0.28cvss 4.3epss 0.00
A cross-site request forgery (CSRF) vulnerability in Jenkins Rebuilder Plugin 320.v5a_0933a_e7d61 and earlier allows attackers to rebuild a previous build.
- risk 0.28cvss 4.3epss 0.01
The Vuukle Comments, Reactions, Share Bar, Revenue plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4.31. This is due to missing or incorrect nonce validation in the /admin/partials/free-comments-for-wordpress-vuukle-admin-displ…
- risk 0.28cvss 4.3epss 0.01
The Absolute Reviews plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.8. This is due to missing or incorrect nonce validation on the metabox_review_save() function. This makes it possible for unauthenticated attackers to save…
- risk 0.28cvss 4.3epss 0.01
The Defender Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.6. This is due to missing or incorrect nonce validation on the verify_otp_login_time() function. This makes it possible for unauthenticated attackers to…
- risk 0.28cvss 4.3epss 0.01
The Top 10 plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.10.4. This is due to missing or incorrect nonce validation on the tptn_export_tables() function. This makes it possible for unauthenticated attackers to generate an…
- risk 0.28cvss 4.3epss 0.01
The Ocean Extra plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.5]. This is due to missing or incorrect nonce validation on the add_core_extensions_bundle_validation() function. This makes it possible for unauthenticated…
- risk 0.28cvss 4.3epss 0.01
The POST SMTP Mailer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.20. This is due to missing or incorrect nonce validation on the handleCsvExport() function. This makes it possible for unauthenticated attackers to trigger…
- risk 0.28cvss 4.3epss 0.00
The Advanced Popups plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on the metabox_popup_save() function. This makes it possible for unauthenticated attackers to save…
- risk 0.28cvss 4.3epss 0.00
The Sell Media plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.5. This is due to missing or incorrect nonce validation on the sell_media_process() function. This makes it possible for unauthenticated attackers to sell media…