VYPR

CWE-352

Cross-Site Request Forgery (CSRF)

CompoundStableLikelihood: Medium

Description

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-111 · CAPEC-462 · CAPEC-467 · CAPEC-62

CVEs mapped to this weakness (5,713)

page 216 of 286
  • CVE-2025-14454MedDec 13, 2025
    risk 0.21cvss 4.3epss 0.00

    The Image Slider by Ays- Responsive Slider and Carousel plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.0. This is due to missing or incorrect nonce validation on the bulk delete functionality. This makes it possible for…

  • CVE-2025-12407MedDec 12, 2025
    risk 0.21cvss 4.3epss 0.00

    The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.2.2.2. This is due to missing or incorrect nonce validation on the 'location_delete' action. This makes it…

  • CVE-2025-14354MedDec 12, 2025
    risk 0.21cvss 4.3epss 0.00

    The Resource Library for Logged In Users plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing nonce validation on multiple administrative functions. This makes it possible for unauthenticated attackers…

  • CVE-2025-14160MedDec 12, 2025
    risk 0.21cvss 4.3epss 0.00

    The Upcoming for Calendly plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.4. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to update…

  • CVE-2025-67593MedDec 9, 2025
    risk 0.21cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Stiofan UsersWP userswp allows Cross Site Request Forgery.This issue affects UsersWP: from n/a through <= 1.2.48.

  • CVE-2025-64256MedDec 9, 2025
    risk 0.21cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple Folio simple-folio allows Cross Site Request Forgery.This issue affects Simple Folio: from n/a through <= 1.1.0.

  • CVE-2025-13684MedDec 5, 2025
    risk 0.21cvss 4.3epss 0.00

    The ARK Related Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 2.19. This is due to missing or incorrect nonce validation on the ark_rp_options_page function. This makes it possible for unauthenticated attackers to modify the plugin's…

  • CVE-2025-12130MedDec 5, 2025
    risk 0.21cvss 4.3epss 0.00

    The WC Vendors – WooCommerce Multivendor, WooCommerce Marketplace, Product Vendors plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.4. This is due to missing or incorrect nonce validation on the…

  • CVE-2025-12373MedDec 5, 2025
    risk 0.21cvss 4.3epss 0.00

    The Torod – The smart shipping and delivery portal for e-shops and retailers plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9. This is due to missing or incorrect nonce validation on the save_settings function. This…

  • CVE-2025-13144MedDec 5, 2025
    risk 0.21cvss 4.3epss 0.00

    The ContentStudio plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.7. This is due to missing or insufficient nonce validation on the add_cstu_settings function. This makes it possible for unauthenticated attackers to…

  • CVE-2025-12189MedDec 5, 2025
    risk 0.21cvss 4.3epss 0.00

    The Bread & Butter: Gate content + Capture leads + Collect first-party data + Nurture with Ai agents plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.11.1374. This is due to missing or incorrect nonce validation on the…

  • CVE-2025-11759MedDec 5, 2025
    risk 0.21cvss 4.3epss 0.00

    The Backup, Restore and Migrate your sites with XCloner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.8.2. This is due to missing or incorrect nonce validation on the Xcloner_Remote_Storage:save() function. This makes it…

  • CVE-2025-12358MedDec 3, 2025
    risk 0.21cvss 4.3epss 0.00

    The ShopEngine Elementor WooCommerce Builder Addon plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.8.5. This is due to missing nonce validation on the "post_add_to_list" function as well as an incorrect permissions…

  • CVE-2025-13685MedDec 2, 2025
    risk 0.21cvss 4.3epss 0.00

    The Photo Gallery by Ays plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.4.8. This is due to missing nonce verification on the bulk action functionality in the 'process_bulk_action()' function. This makes it possible for…

  • CVE-2025-13140MedDec 2, 2025
    risk 0.21cvss 4.3epss 0.00

    The SurveyJS: Drag & Drop WordPress Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12.20. This is due to missing nonce validation on the SurveyJS_DeleteSurvey AJAX action. This makes it possible for…

  • CVE-2025-13737MedNov 28, 2025
    risk 0.21cvss 4.3epss 0.00

    The Nextend Social Login and Register plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.21. This is due to missing or incorrect nonce validation on the 'unlinkUser' function. This makes it possible for unauthenticated…

  • CVE-2025-12901MedNov 12, 2025
    risk 0.21cvss 4.3epss 0.00

    The Asgaros Forum plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.1. This is due to missing nonce validation on the set_subscription_level() function. This makes it possible for unauthenticated attackers to modify the…

  • CVE-2025-10691MedNov 6, 2025
    risk 0.21cvss 4.3epss 0.00

    The Easy Email Subscription plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on the show_editsub_page() function. This makes it possible for unauthenticated attackers…

  • CVE-2025-12070MedNov 4, 2025
    risk 0.21cvss 4.3epss 0.00

    The ViaAds plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.2. This is due to missing nonce validation on the `ViaAds_pluginHandler` function. This makes it possible for unauthenticated attackers to modify the plugin's…

  • CVE-2025-8383MedOct 31, 2025
    risk 0.21cvss 4.3epss 0.00

    The Depicter plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions less than, or equal to, 4.0.4. This is due to missing or incorrect nonce validation on the depicter-document-rules-store function. This makes it possible for unauthenticated attackers to…