VYPR

CWE-352

Cross-Site Request Forgery (CSRF)

CompoundStableLikelihood: Medium

Description

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-111 · CAPEC-462 · CAPEC-467 · CAPEC-62

CVEs mapped to this weakness (5,713)

page 223 of 286
  • CVE-2023-1922MedApr 6, 2023
    risk 0.21cvss 4.3epss 0.00

    The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_pause_cdn_integration_ajax_request_callback function. This makes it possible for…

  • CVE-2023-1921MedApr 6, 2023
    risk 0.21cvss 4.3epss 0.00

    The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_start_cdn_integration_ajax_request_callback function. This makes it possible for…

  • CVE-2023-1920MedApr 6, 2023
    risk 0.21cvss 4.3epss 0.00

    The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_purgecache_varnish_callback function. This makes it possible for unauthenticated…

  • CVE-2023-1919MedApr 6, 2023
    risk 0.21cvss 4.3epss 0.00

    The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_preload_single_save_settings_callback function. This makes it possible for…

  • CVE-2023-1918MedApr 6, 2023
    risk 0.21cvss 4.3epss 0.00

    The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_preload_single_callback function. This makes it possible for unauthenticated attackers…

  • CVE-2023-1870MedApr 5, 2023
    risk 0.21cvss 4.3epss 0.00

    The YourChannel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.4. This is due to missing or incorrect nonce validation on the saveLang function. This makes it possible for unauthenticated attackers to change the plugin's…

  • CVE-2023-1346MedMar 10, 2023
    risk 0.21cvss 4.3epss 0.00

    The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the clear_page_cache function. This makes it possible for unauthenticated…

  • CVE-2023-1345MedMar 10, 2023
    risk 0.21cvss 4.3epss 0.00

    The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the queue_posts function. This makes it possible for unauthenticated attackers…

  • CVE-2023-1344MedMar 10, 2023
    risk 0.21cvss 4.3epss 0.00

    The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the uucss_update_rule function. This makes it possible for unauthenticated…

  • CVE-2023-1343MedMar 10, 2023
    risk 0.21cvss 4.3epss 0.00

    The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the attach_rule function. This makes it possible for unauthenticated attackers…

  • CVE-2023-1342MedMar 10, 2023
    risk 0.21cvss 4.3epss 0.00

    The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the ucss_connect function. This makes it possible for unauthenticated…

  • CVE-2023-1341MedMar 10, 2023
    risk 0.21cvss 4.3epss 0.00

    The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the ajax_deactivate function. This makes it possible for unauthenticated…

  • CVE-2023-1340MedMar 10, 2023
    risk 0.21cvss 4.3epss 0.00

    The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the clear_uucss_logs function. This makes it possible for unauthenticated…

  • CVE-2023-1028MedFeb 28, 2023
    risk 0.21cvss 4.3epss 0.00

    The WP Meta SEO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the setIgnore function. This makes it possible for unauthenticated attackers to update plugin options…

  • CVE-2023-1068MedFeb 27, 2023
    risk 0.21cvss 4.3epss 0.00

    The Download Read More Excerpt Link plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.0. This is due to missing or incorrect nonce validation on the read_more_excerpt_link_menu_options() function. This makes it possible for…

  • CVE-2023-1029MedFeb 24, 2023
    risk 0.21cvss 4.3epss 0.00

    The WP Meta SEO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the regenerateSitemaps function. This makes it possible for unauthenticated attackers to regenerate…

  • CVE-2023-0406MedJan 19, 2023
    risk 0.21cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4.

  • CVE-2022-4867MedDec 31, 2022
    risk 0.21cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 2.0.0-beta1.

  • CVE-2022-4845MedDec 29, 2022
    risk 0.21cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.

  • CVE-2020-36625MedDec 22, 2022
    risk 0.21cvss 4.3epss 0.00

    A vulnerability was found in destiny.gg chat. It has been rated as problematic. This issue affects the function websocket.Upgrader of the file main.go. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The name of the patch is…