CWE-352

Cross-Site Request Forgery (CSRF)

CompoundStableLikelihood: Medium

Description

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

Hierarchy (View 1000)

Parents

CWE-345

Children

none

Related attack patterns (CAPEC)

CAPEC-111 · CAPEC-462 · CAPEC-467 · CAPEC-62

CVEs mapped to this weakness (4,557)

page 41 of 228

CVE	Sev	Risk	CVSS	Published	Description
CVE-2025-46530	Hig	0.46	7.1	Apr 24, 2025	Cross-Site Request Forgery (CSRF) vulnerability in HuangYe WuDeng Hacklog Remote Attachment hacklog-remote-attachment allows Stored XSS.This issue affects Hacklog Remote Attachment: from n/a through <= 1.3.2.
CVE-2025-46528	Hig	0.46	7.1	Apr 24, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Steve Availability Calendar availability allows Stored XSS.This issue affects Availability Calendar: from n/a through <= 0.2.4.
CVE-2025-46524	Hig	0.46	7.1	Apr 24, 2025	Cross-Site Request Forgery (CSRF) vulnerability in stesvis WP Filter Post Category wp-filter-post-categories allows Stored XSS.This issue affects WP Filter Post Category: from n/a through <= 2.1.4.
CVE-2025-46522	Hig	0.46	7.1	Apr 24, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Billy Bryant Tabs gt-tabs allows Stored XSS.This issue affects Tabs: from n/a through <= 4.0.3.
CVE-2025-46520	Hig	0.46	7.1	Apr 24, 2025	Cross-Site Request Forgery (CSRF) vulnerability in alphasis Related Posts via Taxonomies related-posts-via-taxonomies allows Stored XSS.This issue affects Related Posts via Taxonomies: from n/a through <= 1.0.1.
CVE-2025-46516	Hig	0.46	7.1	Apr 24, 2025	Cross-Site Request Forgery (CSRF) vulnerability in silencecm Twitter Card Generator twitter-card-generator allows Stored XSS.This issue affects Twitter Card Generator: from n/a through <= 1.0.5.
CVE-2025-46514	Hig	0.46	7.1	Apr 24, 2025	Cross-Site Request Forgery (CSRF) vulnerability in milat Milat jQuery Automatic Popup milat-jquery-automatic-popup allows Stored XSS.This issue affects Milat jQuery Automatic Popup: from n/a through <= 1.3.1.
CVE-2025-46512	Hig	0.46	7.1	Apr 24, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Shamim Hasan Custom Functions Plugin custom-functions allows Stored XSS.This issue affects Custom Functions Plugin: from n/a through <= 1.1.
CVE-2025-46510	Hig	0.46	7.1	Apr 24, 2025	Cross-Site Request Forgery (CSRF) vulnerability in harrysudana Contact Form 7 Calendar cf7-calendar allows Stored XSS.This issue affects Contact Form 7 Calendar: from n/a through <= 3.0.1.
CVE-2025-46508	Hig	0.46	7.1	Apr 24, 2025	Cross-Site Request Forgery (CSRF) vulnerability in kasonzhao Advanced lazy load advanced-lazy-load allows Stored XSS.This issue affects Advanced lazy load: from n/a through <= 1.6.0.
CVE-2025-46507	Hig	0.46	7.1	Apr 24, 2025	Cross-Site Request Forgery (CSRF) vulnerability in ldrumm Unsafe Mimetypes unsafe-mimetypes allows Stored XSS.This issue affects Unsafe Mimetypes: from n/a through <= 0.1.4.
CVE-2025-46506	Hig	0.46	7.1	Apr 24, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Lora77 WpZon – Amazon Affiliate Plugin wpzon allows Reflected XSS.This issue affects WpZon – Amazon Affiliate Plugin: from n/a through <= 1.3.
CVE-2025-46504	Hig	0.46	7.1	Apr 24, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Olar Marius Vasaio QR Code vasaio-qr-code allows Stored XSS.This issue affects Vasaio QR Code: from n/a through <= 1.2.5.
CVE-2025-46497	Hig	0.46	7.1	Apr 24, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Navegg Navegg Analytics navegg allows Stored XSS.This issue affects Navegg Analytics: from n/a through <= 3.3.3.
CVE-2025-46492	Hig	0.46	7.1	Apr 24, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Pham Thanh Call Now PHT Blog call-now-coccoc-pht-blog allows Stored XSS.This issue affects Call Now PHT Blog: from n/a through <= 2.4.1.
CVE-2025-46466	Hig	0.46	7.1	Apr 24, 2025	Cross-Site Request Forgery (CSRF) vulnerability in felixtz Modern Polls modern-polls allows Stored XSS.This issue affects Modern Polls: from n/a through <= 1.0.10.
CVE-2025-46465	Hig	0.46	7.1	Apr 24, 2025	Cross-Site Request Forgery (CSRF) vulnerability in John Weissberg Print Science Designer print-science-designer allows Stored XSS.This issue affects Print Science Designer: from n/a through <= 1.3.155.
CVE-2025-46457	Hig	0.46	7.1	Apr 24, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Ahsanullah Akanda Wp Custom CMS Block wp-custom-cms-block allows Stored XSS.This issue affects Wp Custom CMS Block: from n/a through <= 2.1.
CVE-2025-46452	Hig	0.46	7.1	Apr 24, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Olav Kolbu Google News allows Stored XSS. This issue affects Google News: from n/a through 2.5.1.
CVE-2025-46450	Hig	0.46	7.1	Apr 24, 2025	Cross-Site Request Forgery (CSRF) vulnerability in x000x occupancyplan occupancyplan allows Stored XSS.This issue affects occupancyplan: from n/a through <= 1.0.3.0.

CVE-2025-46530HigApr 24, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in HuangYe WuDeng Hacklog Remote Attachment hacklog-remote-attachment allows Stored XSS.This issue affects Hacklog Remote Attachment: from n/a through <= 1.3.2.
CVE-2025-46528HigApr 24, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Steve Availability Calendar availability allows Stored XSS.This issue affects Availability Calendar: from n/a through <= 0.2.4.
CVE-2025-46524HigApr 24, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in stesvis WP Filter Post Category wp-filter-post-categories allows Stored XSS.This issue affects WP Filter Post Category: from n/a through <= 2.1.4.
CVE-2025-46522HigApr 24, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Billy Bryant Tabs gt-tabs allows Stored XSS.This issue affects Tabs: from n/a through <= 4.0.3.
CVE-2025-46520HigApr 24, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in alphasis Related Posts via Taxonomies related-posts-via-taxonomies allows Stored XSS.This issue affects Related Posts via Taxonomies: from n/a through <= 1.0.1.
CVE-2025-46516HigApr 24, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in silencecm Twitter Card Generator twitter-card-generator allows Stored XSS.This issue affects Twitter Card Generator: from n/a through <= 1.0.5.
CVE-2025-46514HigApr 24, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in milat Milat jQuery Automatic Popup milat-jquery-automatic-popup allows Stored XSS.This issue affects Milat jQuery Automatic Popup: from n/a through <= 1.3.1.
CVE-2025-46512HigApr 24, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Shamim Hasan Custom Functions Plugin custom-functions allows Stored XSS.This issue affects Custom Functions Plugin: from n/a through <= 1.1.
CVE-2025-46510HigApr 24, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in harrysudana Contact Form 7 Calendar cf7-calendar allows Stored XSS.This issue affects Contact Form 7 Calendar: from n/a through <= 3.0.1.
CVE-2025-46508HigApr 24, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in kasonzhao Advanced lazy load advanced-lazy-load allows Stored XSS.This issue affects Advanced lazy load: from n/a through <= 1.6.0.
CVE-2025-46507HigApr 24, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in ldrumm Unsafe Mimetypes unsafe-mimetypes allows Stored XSS.This issue affects Unsafe Mimetypes: from n/a through <= 0.1.4.
CVE-2025-46506HigApr 24, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Lora77 WpZon – Amazon Affiliate Plugin wpzon allows Reflected XSS.This issue affects WpZon – Amazon Affiliate Plugin: from n/a through <= 1.3.
CVE-2025-46504HigApr 24, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Olar Marius Vasaio QR Code vasaio-qr-code allows Stored XSS.This issue affects Vasaio QR Code: from n/a through <= 1.2.5.
CVE-2025-46497HigApr 24, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Navegg Navegg Analytics navegg allows Stored XSS.This issue affects Navegg Analytics: from n/a through <= 3.3.3.
CVE-2025-46492HigApr 24, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Pham Thanh Call Now PHT Blog call-now-coccoc-pht-blog allows Stored XSS.This issue affects Call Now PHT Blog: from n/a through <= 2.4.1.
CVE-2025-46466HigApr 24, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in felixtz Modern Polls modern-polls allows Stored XSS.This issue affects Modern Polls: from n/a through <= 1.0.10.
CVE-2025-46465HigApr 24, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in John Weissberg Print Science Designer print-science-designer allows Stored XSS.This issue affects Print Science Designer: from n/a through <= 1.3.155.
CVE-2025-46457HigApr 24, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Ahsanullah Akanda Wp Custom CMS Block wp-custom-cms-block allows Stored XSS.This issue affects Wp Custom CMS Block: from n/a through <= 2.1.
CVE-2025-46452HigApr 24, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Olav Kolbu Google News allows Stored XSS. This issue affects Google News: from n/a through 2.5.1.
CVE-2025-46450HigApr 24, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in x000x occupancyplan occupancyplan allows Stored XSS.This issue affects occupancyplan: from n/a through <= 1.0.3.0.