VYPR

CWE-352

Cross-Site Request Forgery (CSRF)

CompoundStableLikelihood: Medium

Description

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-111 · CAPEC-462 · CAPEC-467 · CAPEC-62

CVEs mapped to this weakness (5,713)

page 220 of 286
  • CVE-2024-1334MedFeb 29, 2024
    risk 0.21cvss 4.3epss 0.00

    The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the enableOptimization function. This makes it possible for…

  • CVE-2023-48653MedFeb 29, 2024
    risk 0.21cvss 4.3epss 0.00

    Concrete CMS before 8.5.14 and 9 before 9.2.3 allows Cross Site Request Forgery (CSRF) via ccm/calendar/dialogs/event/delete/submit. An attacker can force an admin to delete events on the site because the event ID is numeric and sequential.

  • CVE-2023-48651MedFeb 29, 2024
    risk 0.21cvss 4.3epss 0.00

    Concrete CMS 9 before 9.2.3 is vulnerable to Cross Site Request Forgery (CSRF) at /ccm/system/dialogs/file/delete/1/submit.

  • CVE-2024-0767MedFeb 28, 2024
    risk 0.21cvss 4.3epss 0.00

    The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.4. This is due to missing or incorrect nonce validation on the ajax_plugin_activation function. This makes it possible…

  • CVE-2024-1912MedFeb 27, 2024
    risk 0.21cvss 4.3epss 0.00

    The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxUpdateFolderPosition function. This makes it possible for unauthenticated…

  • CVE-2024-1910MedFeb 27, 2024
    risk 0.21cvss 4.3epss 0.00

    The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxClearCategory function. This makes it possible for unauthenticated attackers…

  • CVE-2024-1909MedFeb 27, 2024
    risk 0.21cvss 4.3epss 0.00

    The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxRenameCategory function. This makes it possible for unauthenticated attackers…

  • CVE-2024-1907MedFeb 27, 2024
    risk 0.21cvss 4.3epss 0.00

    The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxDeleteCategory function. This makes it possible for unauthenticated attackers…

  • CVE-2024-1906MedFeb 27, 2024
    risk 0.21cvss 4.3epss 0.00

    The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxAddCategory function. This makes it possible for unauthenticated attackers to…

  • CVE-2024-1362MedFeb 23, 2024
    risk 0.21cvss 4.3epss 0.00

    The Colibri Page Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.253. This is due to missing or incorrect nonce validation on the cp_shortcode_refresh() function. This makes it possible for unauthenticated…

  • CVE-2024-1361MedFeb 23, 2024
    risk 0.21cvss 4.3epss 0.00

    The Colibri Page Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.253. This is due to missing or incorrect nonce validation on the apiCall() function. This makes it possible for unauthenticated attackers to call a…

  • CVE-2024-25982MedFeb 19, 2024
    risk 0.21cvss 4.3epss 0.01

    The link to update all installed language packs did not include the necessary token to prevent a CSRF risk.

  • CVE-2024-0859MedFeb 5, 2024
    risk 0.21cvss 4.3epss 0.00

    The Affiliates Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.9.34. This is due to missing or incorrect nonce validation on the process_bulk_action function in ListAffiliatesTable.php. This makes it possible for…

  • CVE-2024-0796MedFeb 5, 2024
    risk 0.21cvss 4.3epss 0.00

    The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6.1. This is due to missing or incorrect nonce validation on several…

  • CVE-2024-23902MedJan 24, 2024
    risk 0.21cvss 4.3epss 0.00

    A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier allows attackers to connect to an attacker-specified URL.

  • CVE-2023-6493MedJan 5, 2024
    risk 0.21cvss 4.3epss 0.00

    The Depicter Slider – Responsive Image Slider, Video Slider & Post Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.6. This is due to missing or incorrect nonce validation on the 'save' function. This makes it…

  • CVE-2023-6980MedJan 3, 2024
    risk 0.21cvss 4.3epss 0.00

    The WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5. This is due to missing or incorrect nonce validation on the 'delete' action of…

  • CVE-2023-5383MedNov 22, 2023
    risk 0.21cvss 4.3epss 0.00

    The Funnelforms Free plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4. This is due to missing or incorrect nonce validation on the fnsf_copy_posts function. This makes it possible for unauthenticated attackers to create…

  • CVE-2023-47238MedNov 9, 2023
    risk 0.21cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in WebberZone Top 10 – WordPress Popular posts by WebberZone plugin <= 3.3.2 versions.

  • CVE-2023-5602MedOct 20, 2023
    risk 0.21cvss 4.3epss 0.00

    The Social Media Share Buttons & Social Sharing Icons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.5. This is due to missing or incorrect nonce validation on several functions corresponding to AJAX actions. This makes…