CWE-352

Cross-Site Request Forgery (CSRF)

CompoundStableLikelihood: Medium

Description

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

Hierarchy (View 1000)

Parents

CWE-345

Children

none

Related attack patterns (CAPEC)

CAPEC-111 · CAPEC-462 · CAPEC-467 · CAPEC-62

CVEs mapped to this weakness (4,557)

page 39 of 228

CVE	Sev	Risk	CVSS	Published	Description
CVE-2025-52795	Hig	0.46	7.1	Jun 20, 2025	Cross-Site Request Forgery (CSRF) vulnerability in aharonyan WP Front User Submit / Front Editor front-editor allows Cross Site Request Forgery.This issue affects WP Front User Submit / Front Editor: from n/a through <= 5.0.6.
CVE-2025-52794	Hig	0.46	7.1	Jun 20, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Creative-Solutions Creative Contact Form sexy-contact-form allows Stored XSS.This issue affects Creative Contact Form: from n/a through <= 1.0.0.
CVE-2025-52793	Hig	0.46	7.1	Jun 20, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Esselink.nu Esselink.nu Settings esselinknu-settings allows Reflected XSS.This issue affects Esselink.nu Settings: from n/a through <= 4.5.
CVE-2025-52792	Hig	0.46	7.1	Jun 20, 2025	Cross-Site Request Forgery (CSRF) vulnerability in vgstef WP User Stylesheet Switcher wp-user-stylesheet-switcher allows Stored XSS.This issue affects WP User Stylesheet Switcher: from n/a through <= v2.2.0.
CVE-2025-52791	Hig	0.46	7.1	Jun 20, 2025	Cross-Site Request Forgery (CSRF) vulnerability in devfelixmoira Knowledge Base – Knowledge Base Maker knowledge-base-maker allows Stored XSS.This issue affects Knowledge Base – Knowledge Base Maker: from n/a through <= 1.1.8.
CVE-2025-52790	Hig	0.46	7.1	Jun 20, 2025	Cross-Site Request Forgery (CSRF) vulnerability in r-win WP-DownloadCounter wp-downloadcounter allows Stored XSS.This issue affects WP-DownloadCounter: from n/a through <= 1.01.
CVE-2025-52789	Hig	0.46	7.1	Jun 20, 2025	Cross-Site Request Forgery (CSRF) vulnerability in George Lewe Lewe ChordPress chordpress allows Stored XSS.This issue affects Lewe ChordPress: from n/a through <= 4.0.1.
CVE-2025-52784	Hig	0.46	7.1	Jun 20, 2025	Cross-Site Request Forgery (CSRF) vulnerability in hideoguchi Bluff Post bluff-post allows Stored XSS.This issue affects Bluff Post: from n/a through <= 1.1.1.
CVE-2025-52783	Hig	0.46	7.1	Jun 20, 2025	Cross-Site Request Forgery (CSRF) vulnerability in themelocation Change Cart button Colors WooCommerce wc-style allows Stored XSS.This issue affects Change Cart button Colors WooCommerce: from n/a through <= 1.0.
CVE-2025-52781	Hig	0.46	7.1	Jun 20, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Beee TinyNav tinynav allows Stored XSS.This issue affects TinyNav: from n/a through <= 1.4.
CVE-2025-52780	Hig	0.46	7.1	Jun 20, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Mohammad Parsa Logo Manager For Samandehi samandehi-logo-manager allows Stored XSS.This issue affects Logo Manager For Samandehi: from n/a through <= 0.5.
CVE-2025-52772	Hig	0.46	7.1	Jun 20, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Adnan Haque (a11n) Virtual Moderator allows Cross-Site Scripting (XSS). This issue affects Virtual Moderator: from n/a through 1.4.
CVE-2025-49511	Hig	0.46	7.1	Jun 10, 2025	Cross-Site Request Forgery (CSRF) vulnerability in uxper Civi Framework civi-framework allows Cross Site Request Forgery.This issue affects Civi Framework: from n/a through <= 2.1.6.
CVE-2025-49453	Hig	0.46	7.1	Jun 6, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Jatinder Pal Singh BP Profile as Homepage bp-profile-as-homepage allows Stored XSS.This issue affects BP Profile as Homepage: from n/a through <= 1.1.
CVE-2025-49425	Hig	0.46	7.1	Jun 6, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Adrian Hanft Konami Easter Egg konami-easter-egg allows Stored XSS.This issue affects Konami Easter Egg: from n/a through <= v0.4.
CVE-2025-30995	Hig	0.46	7.1	Jun 6, 2025	Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes Widgetize Pages Light widgetize-pages-light allows Stored XSS.This issue affects Widgetize Pages Light: from n/a through <= 3.0.
CVE-2025-28981	Hig	0.46	7.1	Jun 6, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Soli WP Mail Options wp-mail-options allows Stored XSS.This issue affects WP Mail Options: from n/a through <= 0.2.3.
CVE-2025-28974	Hig	0.46	7.1	Jun 6, 2025	Cross-Site Request Forgery (CSRF) vulnerability in mail250 Free WP Mail SMTP free-wp-mail-smtp allows Stored XSS.This issue affects Free WP Mail SMTP: from n/a through <= 1.0.
CVE-2025-28966	Hig	0.46	7.1	Jun 6, 2025	Cross-Site Request Forgery (CSRF) vulnerability in dilemma123 Recent Posts Slider Responsive recent-posts-slider-responsive allows Stored XSS.This issue affects Recent Posts Slider Responsive: from n/a through <= 1.0.1.
CVE-2025-28964	Hig	0.46	7.1	Jun 6, 2025	Cross-Site Request Forgery (CSRF) vulnerability in mangup Personal Favicon personal-favicon allows Stored XSS.This issue affects Personal Favicon: from n/a through <= 2.0.

CVE-2025-52795HigJun 20, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in aharonyan WP Front User Submit / Front Editor front-editor allows Cross Site Request Forgery.This issue affects WP Front User Submit / Front Editor: from n/a through <= 5.0.6.
CVE-2025-52794HigJun 20, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Creative-Solutions Creative Contact Form sexy-contact-form allows Stored XSS.This issue affects Creative Contact Form: from n/a through <= 1.0.0.
CVE-2025-52793HigJun 20, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Esselink.nu Esselink.nu Settings esselinknu-settings allows Reflected XSS.This issue affects Esselink.nu Settings: from n/a through <= 4.5.
CVE-2025-52792HigJun 20, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in vgstef WP User Stylesheet Switcher wp-user-stylesheet-switcher allows Stored XSS.This issue affects WP User Stylesheet Switcher: from n/a through <= v2.2.0.
CVE-2025-52791HigJun 20, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in devfelixmoira Knowledge Base – Knowledge Base Maker knowledge-base-maker allows Stored XSS.This issue affects Knowledge Base – Knowledge Base Maker: from n/a through <= 1.1.8.
CVE-2025-52790HigJun 20, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in r-win WP-DownloadCounter wp-downloadcounter allows Stored XSS.This issue affects WP-DownloadCounter: from n/a through <= 1.01.
CVE-2025-52789HigJun 20, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in George Lewe Lewe ChordPress chordpress allows Stored XSS.This issue affects Lewe ChordPress: from n/a through <= 4.0.1.
CVE-2025-52784HigJun 20, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in hideoguchi Bluff Post bluff-post allows Stored XSS.This issue affects Bluff Post: from n/a through <= 1.1.1.
CVE-2025-52783HigJun 20, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in themelocation Change Cart button Colors WooCommerce wc-style allows Stored XSS.This issue affects Change Cart button Colors WooCommerce: from n/a through <= 1.0.
CVE-2025-52781HigJun 20, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Beee TinyNav tinynav allows Stored XSS.This issue affects TinyNav: from n/a through <= 1.4.
CVE-2025-52780HigJun 20, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Mohammad Parsa Logo Manager For Samandehi samandehi-logo-manager allows Stored XSS.This issue affects Logo Manager For Samandehi: from n/a through <= 0.5.
CVE-2025-52772HigJun 20, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Adnan Haque (a11n) Virtual Moderator allows Cross-Site Scripting (XSS). This issue affects Virtual Moderator: from n/a through 1.4.
CVE-2025-49511HigJun 10, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in uxper Civi Framework civi-framework allows Cross Site Request Forgery.This issue affects Civi Framework: from n/a through <= 2.1.6.
CVE-2025-49453HigJun 6, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Jatinder Pal Singh BP Profile as Homepage bp-profile-as-homepage allows Stored XSS.This issue affects BP Profile as Homepage: from n/a through <= 1.1.
CVE-2025-49425HigJun 6, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Adrian Hanft Konami Easter Egg konami-easter-egg allows Stored XSS.This issue affects Konami Easter Egg: from n/a through <= v0.4.
CVE-2025-30995HigJun 6, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes Widgetize Pages Light widgetize-pages-light allows Stored XSS.This issue affects Widgetize Pages Light: from n/a through <= 3.0.
CVE-2025-28981HigJun 6, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Soli WP Mail Options wp-mail-options allows Stored XSS.This issue affects WP Mail Options: from n/a through <= 0.2.3.
CVE-2025-28974HigJun 6, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in mail250 Free WP Mail SMTP free-wp-mail-smtp allows Stored XSS.This issue affects Free WP Mail SMTP: from n/a through <= 1.0.
CVE-2025-28966HigJun 6, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in dilemma123 Recent Posts Slider Responsive recent-posts-slider-responsive allows Stored XSS.This issue affects Recent Posts Slider Responsive: from n/a through <= 1.0.1.
CVE-2025-28964HigJun 6, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in mangup Personal Favicon personal-favicon allows Stored XSS.This issue affects Personal Favicon: from n/a through <= 2.0.