CWE-352

Cross-Site Request Forgery (CSRF)

CompoundStableLikelihood: Medium

Description

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

Hierarchy (View 1000)

Parents

CWE-345

Children

none

Related attack patterns (CAPEC)

CAPEC-111 · CAPEC-462 · CAPEC-467 · CAPEC-62

CVEs mapped to this weakness (4,557)

page 38 of 228

CVE	Sev	Risk	CVSS	Published	Description
CVE-2025-48304	Hig	0.46	7.1	Aug 28, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Gary Illyes Google XML News Sitemap plugin gn-xml-sitemap allows Stored XSS.This issue affects Google XML News Sitemap plugin: from n/a through <= 0.02.
CVE-2025-48109	Hig	0.46	7.1	Aug 28, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Xavier Media XM-Backup xm-backup allows Stored XSS.This issue affects XM-Backup: from n/a through <= 0.9.1.
CVE-2025-58217	Hig	0.46	7.1	Aug 27, 2025	Cross-Site Request Forgery (CSRF) vulnerability in GeroNikolov Instant Breaking News instant-breaking-news allows Stored XSS.This issue affects Instant Breaking News: from n/a through <= 1.0.
CVE-2025-52765	Hig	0.46	7.1	Aug 14, 2025	Cross-Site Request Forgery (CSRF) vulnerability in lisensee NetInsight Analytics Implementation Plugin netinsight-analytics-implementation-plugin allows Stored XSS.This issue affects NetInsight Analytics Implementation Plugin: from n/a through <= 1.0.3.
CVE-2025-49044	Hig	0.46	7.1	Aug 14, 2025	Cross-Site Request Forgery (CSRF) vulnerability in tosend.it Simple Poll simple-poll allows Stored XSS.This issue affects Simple Poll: from n/a through <= 1.1.1.
CVE-2025-48153	Hig	0.46	7.1	Jul 16, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Atakan Au Import CDN-Remote Images import-cdn-remote-images allows Stored XSS.This issue affects Import CDN-Remote Images: from n/a through <= 2.1.2.
CVE-2025-53338	Hig	0.46	7.1	Jun 27, 2025	Cross-Site Request Forgery (CSRF) vulnerability in dor re.place replace allows Stored XSS.This issue affects re.place: from n/a through <= 0.2.1.
CVE-2025-53332	Hig	0.46	7.1	Jun 27, 2025	Cross-Site Request Forgery (CSRF) vulnerability in ethoseo Track Everything track-everything allows Stored XSS.This issue affects Track Everything: from n/a through <= 2.0.1.
CVE-2025-53331	Hig	0.46	7.1	Jun 27, 2025	Cross-Site Request Forgery (CSRF) vulnerability in samcharrington RSS Digest rss-digest allows Stored XSS.This issue affects RSS Digest: from n/a through <= 1.5.
CVE-2025-53329	Hig	0.46	7.1	Jun 27, 2025	Cross-Site Request Forgery (CSRF) vulnerability in szajenw Społecznościowa 6 PL 2013 spolecznosciowa-6-pl-2013 allows Stored XSS.This issue affects Społecznościowa 6 PL 2013: from n/a through <= 2.0.6.
CVE-2025-53317	Hig	0.46	7.1	Jun 27, 2025	Cross-Site Request Forgery (CSRF) vulnerability in AcmeeDesign WPShapere - WordPress admin theme wpshapere-lite allows Stored XSS.This issue affects WPShapere - WordPress admin theme: from n/a through <= 1.4.1.
CVE-2025-53315	Hig	0.46	7.1	Jun 27, 2025	Cross-Site Request Forgery (CSRF) vulnerability in alanft Relocate Upload relocate-upload allows Stored XSS.This issue affects Relocate Upload: from n/a through <= 0.24.1.
CVE-2025-53313	Hig	0.46	7.1	Jun 27, 2025	Cross-Site Request Forgery (CSRF) vulnerability in plumwd Twitch TV Embed Suite twitch-tv-embed-suite allows Stored XSS.This issue affects Twitch TV Embed Suite: from n/a through <= 2.1.0.
CVE-2025-53312	Hig	0.46	7.1	Jun 27, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Looks Awesome OnionBuzz onionbuzz-viral-quiz allows Stored XSS.This issue affects OnionBuzz: from n/a through <= 1.0.7.
CVE-2025-53311	Hig	0.46	7.1	Jun 27, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Amol Nirmala Waman Navayan Subscribe navayan-subscribe allows Stored XSS.This issue affects Navayan Subscribe: from n/a through <= 1.13.
CVE-2025-53310	Hig	0.46	7.1	Jun 27, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Funnnny HidePost hidepost allows Reflected XSS.This issue affects HidePost: from n/a through <= 2.3.8.
CVE-2025-53308	Hig	0.46	7.1	Jun 27, 2025	Cross-Site Request Forgery (CSRF) vulnerability in gopi_plus Image Slider With Description image-slider-with-description allows Stored XSS.This issue affects Image Slider With Description: from n/a through <= 9.2.
CVE-2025-53305	Hig	0.46	7.1	Jun 27, 2025	Cross-Site Request Forgery (CSRF) vulnerability in lucidcrew WP Forum Server forum-server allows Stored XSS.This issue affects WP Forum Server: from n/a through <= 1.8.2.
CVE-2025-53274	Hig	0.46	7.1	Jun 27, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Hossin Asaadi WP Permalink Translator wp-permalink-translator allows Stored XSS.This issue affects WP Permalink Translator: from n/a through <= 1.7.6.
CVE-2025-53271	Hig	0.46	7.1	Jun 27, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Anton Bond Additional Order Filters for WooCommerce additional-order-filters-for-woocommerce allows Stored XSS.This issue affects Additional Order Filters for WooCommerce: from n/a through <= 1.22.

CVE-2025-48304HigAug 28, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Gary Illyes Google XML News Sitemap plugin gn-xml-sitemap allows Stored XSS.This issue affects Google XML News Sitemap plugin: from n/a through <= 0.02.
CVE-2025-48109HigAug 28, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Xavier Media XM-Backup xm-backup allows Stored XSS.This issue affects XM-Backup: from n/a through <= 0.9.1.
CVE-2025-58217HigAug 27, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in GeroNikolov Instant Breaking News instant-breaking-news allows Stored XSS.This issue affects Instant Breaking News: from n/a through <= 1.0.
CVE-2025-52765HigAug 14, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in lisensee NetInsight Analytics Implementation Plugin netinsight-analytics-implementation-plugin allows Stored XSS.This issue affects NetInsight Analytics Implementation Plugin: from n/a through <= 1.0.3.
CVE-2025-49044HigAug 14, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in tosend.it Simple Poll simple-poll allows Stored XSS.This issue affects Simple Poll: from n/a through <= 1.1.1.
CVE-2025-48153HigJul 16, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Atakan Au Import CDN-Remote Images import-cdn-remote-images allows Stored XSS.This issue affects Import CDN-Remote Images: from n/a through <= 2.1.2.
CVE-2025-53338HigJun 27, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in dor re.place replace allows Stored XSS.This issue affects re.place: from n/a through <= 0.2.1.
CVE-2025-53332HigJun 27, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in ethoseo Track Everything track-everything allows Stored XSS.This issue affects Track Everything: from n/a through <= 2.0.1.
CVE-2025-53331HigJun 27, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in samcharrington RSS Digest rss-digest allows Stored XSS.This issue affects RSS Digest: from n/a through <= 1.5.
CVE-2025-53329HigJun 27, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in szajenw Społecznościowa 6 PL 2013 spolecznosciowa-6-pl-2013 allows Stored XSS.This issue affects Społecznościowa 6 PL 2013: from n/a through <= 2.0.6.
CVE-2025-53317HigJun 27, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in AcmeeDesign WPShapere - WordPress admin theme wpshapere-lite allows Stored XSS.This issue affects WPShapere - WordPress admin theme: from n/a through <= 1.4.1.
CVE-2025-53315HigJun 27, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in alanft Relocate Upload relocate-upload allows Stored XSS.This issue affects Relocate Upload: from n/a through <= 0.24.1.
CVE-2025-53313HigJun 27, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in plumwd Twitch TV Embed Suite twitch-tv-embed-suite allows Stored XSS.This issue affects Twitch TV Embed Suite: from n/a through <= 2.1.0.
CVE-2025-53312HigJun 27, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Looks Awesome OnionBuzz onionbuzz-viral-quiz allows Stored XSS.This issue affects OnionBuzz: from n/a through <= 1.0.7.
CVE-2025-53311HigJun 27, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Amol Nirmala Waman Navayan Subscribe navayan-subscribe allows Stored XSS.This issue affects Navayan Subscribe: from n/a through <= 1.13.
CVE-2025-53310HigJun 27, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Funnnny HidePost hidepost allows Reflected XSS.This issue affects HidePost: from n/a through <= 2.3.8.
CVE-2025-53308HigJun 27, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in gopi_plus Image Slider With Description image-slider-with-description allows Stored XSS.This issue affects Image Slider With Description: from n/a through <= 9.2.
CVE-2025-53305HigJun 27, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in lucidcrew WP Forum Server forum-server allows Stored XSS.This issue affects WP Forum Server: from n/a through <= 1.8.2.
CVE-2025-53274HigJun 27, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Hossin Asaadi WP Permalink Translator wp-permalink-translator allows Stored XSS.This issue affects WP Permalink Translator: from n/a through <= 1.7.6.
CVE-2025-53271HigJun 27, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Anton Bond Additional Order Filters for WooCommerce additional-order-filters-for-woocommerce allows Stored XSS.This issue affects Additional Order Filters for WooCommerce: from n/a through <= 1.22.