CWE-352

Cross-Site Request Forgery (CSRF)

CompoundStableLikelihood: Medium

Description

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

Hierarchy (View 1000)

Parents

CWE-345

Children

none

Related attack patterns (CAPEC)

CAPEC-111 · CAPEC-462 · CAPEC-467 · CAPEC-62

CVEs mapped to this weakness (4,557)

page 44 of 228

CVE	Sev	Risk	CVSS	Published	Description
CVE-2025-32619	Hig	0.46	7.1	Apr 9, 2025	Cross-Site Request Forgery (CSRF) vulnerability in KeyCAPTCHA KeyCAPTCHA keycaptcha allows Stored XSS.This issue affects KeyCAPTCHA: from n/a through <= 2.5.1.
CVE-2025-32617	Hig	0.46	7.1	Apr 9, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Ydesignservices Multiple Location Google Map multiple-location-google-map allows Stored XSS.This issue affects Multiple Location Google Map: from n/a through <= 1.1.
CVE-2025-32616	Hig	0.46	7.1	Apr 9, 2025	Cross-Site Request Forgery (CSRF) vulnerability in nimbata Nimbata Call Tracking nimbata-call-tracking allows Stored XSS.This issue affects Nimbata Call Tracking: from n/a through <= 1.7.4.
CVE-2025-32612	Hig	0.46	7.1	Apr 9, 2025	Cross-Site Request Forgery (CSRF) vulnerability in rafasashi User Session Synchronizer user-session-synchronizer allows Stored XSS.This issue affects User Session Synchronizer: from n/a through <= 1.4.0.
CVE-2025-32610	Hig	0.46	7.1	Apr 9, 2025	Cross-Site Request Forgery (CSRF) vulnerability in FolioVision Foliopress WYSIWYG foliopress-wysiwyg allows Cross Site Request Forgery.This issue affects Foliopress WYSIWYG: from n/a through <= 2.6.18.
CVE-2025-32597	Hig	0.46	7.1	Apr 9, 2025	Cross-Site Request Forgery (CSRF) vulnerability in George Sexton WordPress Events Calendar Plugin – connectDaily connect-daily-web-calendar allows Cross-Site Scripting (XSS).This issue affects WordPress Events Calendar Plugin – connectDaily: from n/a through <= 1.5.4.
CVE-2025-32591	Hig	0.46	7.1	Apr 9, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Kevon Adonis WP Abstracts wp-abstracts-manuscripts-manager allows Cross Site Request Forgery.This issue affects WP Abstracts: from n/a through <= 2.7.5.
CVE-2025-32584	Hig	0.46	7.1	Apr 9, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Chat2 Chat2 chat2 allows Cross Site Request Forgery.This issue affects Chat2: from n/a through <= 4.0.
CVE-2025-32575	Hig	0.46	7.1	Apr 9, 2025	Cross-Site Request Forgery (CSRF) vulnerability in axew3 WP w3all phpBB wp-w3all-phpbb-integration allows Reflected XSS.This issue affects WP w3all phpBB: from n/a through <= 2.9.9.
CVE-2025-32563	Hig	0.46	7.1	Apr 9, 2025	Cross-Site Request Forgery (CSRF) vulnerability in dangrossman WP Calais Auto Tagger calais-auto-tagger allows Cross Site Request Forgery.This issue affects WP Calais Auto Tagger: from n/a through <= 2.0.
CVE-2025-32559	Hig	0.46	7.1	Apr 9, 2025	Cross-Site Request Forgery (CSRF) vulnerability in REVE Chat REVE Chat revechat allows Stored XSS.This issue affects REVE Chat: from n/a through <= 6.4.4.
CVE-2025-32556	Hig	0.46	7.1	Apr 9, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Sandor Kovacs Simple Post Meta Manager simple-post-meta-manager allows Reflected XSS.This issue affects Simple Post Meta Manager: from n/a through <= 1.0.9.
CVE-2025-32555	Hig	0.46	7.1	Apr 9, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Edamam SEO, Nutrition and Print for Recipes by Edamam seo-nutrition-and-print-for-recipes-by-edamam allows Stored XSS.This issue affects SEO, Nutrition and Print for Recipes by Edamam: from n/a through <= 3.3.
CVE-2025-32518	Hig	0.46	7.1	Apr 9, 2025	Cross-Site Request Forgery (CSRF) vulnerability in hossainawlad ALD Login Page ald-login-page allows Stored XSS.This issue affects ALD Login Page: from n/a through <= 1.1.
CVE-2025-32505	Hig	0.46	7.1	Apr 9, 2025	Cross-Site Request Forgery (CSRF) vulnerability in SCAND MultiMailer scand-multi-mailer allows Stored XSS.This issue affects MultiMailer: from n/a through <= 1.0.3.
CVE-2025-32502	Hig	0.46	7.1	Apr 9, 2025	Cross-Site Request Forgery (CSRF) vulnerability in lemmentwickler ePaper Lister for Yumpu magazine-lister-for-yumpu allows Stored XSS.This issue affects ePaper Lister for Yumpu: from n/a through <= 1.4.0.
CVE-2025-32501	Hig	0.46	7.1	Apr 9, 2025	Cross-Site Request Forgery (CSRF) vulnerability in dimafreund Rentsyst rentsyst allows Stored XSS.This issue affects Rentsyst: from n/a through <= 2.0.92.
CVE-2025-32500	Hig	0.46	7.1	Apr 9, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Sudavar Codescar Radio Widget codescar-radio-widget allows Stored XSS.This issue affects Codescar Radio Widget: from n/a through <= 0.4.2.
CVE-2025-32498	Hig	0.46	7.1	Apr 9, 2025	Cross-Site Request Forgery (CSRF) vulnerability in oleglark VKontakte Cross-Post vkontakte-cross-post allows Stored XSS.This issue affects VKontakte Cross-Post: from n/a through <= 0.3.2.
CVE-2025-32497	Hig	0.46	7.1	Apr 9, 2025	Cross-Site Request Forgery (CSRF) vulnerability in squiter Spoiler Block spoiler-block allows Stored XSS.This issue affects Spoiler Block: from n/a through <= 1.7.

CVE-2025-32619HigApr 9, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in KeyCAPTCHA KeyCAPTCHA keycaptcha allows Stored XSS.This issue affects KeyCAPTCHA: from n/a through <= 2.5.1.
CVE-2025-32617HigApr 9, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Ydesignservices Multiple Location Google Map multiple-location-google-map allows Stored XSS.This issue affects Multiple Location Google Map: from n/a through <= 1.1.
CVE-2025-32616HigApr 9, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in nimbata Nimbata Call Tracking nimbata-call-tracking allows Stored XSS.This issue affects Nimbata Call Tracking: from n/a through <= 1.7.4.
CVE-2025-32612HigApr 9, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in rafasashi User Session Synchronizer user-session-synchronizer allows Stored XSS.This issue affects User Session Synchronizer: from n/a through <= 1.4.0.
CVE-2025-32610HigApr 9, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in FolioVision Foliopress WYSIWYG foliopress-wysiwyg allows Cross Site Request Forgery.This issue affects Foliopress WYSIWYG: from n/a through <= 2.6.18.
CVE-2025-32597HigApr 9, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in George Sexton WordPress Events Calendar Plugin – connectDaily connect-daily-web-calendar allows Cross-Site Scripting (XSS).This issue affects WordPress Events Calendar Plugin – connectDaily: from n/a through <= 1.5.4.
CVE-2025-32591HigApr 9, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Kevon Adonis WP Abstracts wp-abstracts-manuscripts-manager allows Cross Site Request Forgery.This issue affects WP Abstracts: from n/a through <= 2.7.5.
CVE-2025-32584HigApr 9, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Chat2 Chat2 chat2 allows Cross Site Request Forgery.This issue affects Chat2: from n/a through <= 4.0.
CVE-2025-32575HigApr 9, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in axew3 WP w3all phpBB wp-w3all-phpbb-integration allows Reflected XSS.This issue affects WP w3all phpBB: from n/a through <= 2.9.9.
CVE-2025-32563HigApr 9, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in dangrossman WP Calais Auto Tagger calais-auto-tagger allows Cross Site Request Forgery.This issue affects WP Calais Auto Tagger: from n/a through <= 2.0.
CVE-2025-32559HigApr 9, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in REVE Chat REVE Chat revechat allows Stored XSS.This issue affects REVE Chat: from n/a through <= 6.4.4.
CVE-2025-32556HigApr 9, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Sandor Kovacs Simple Post Meta Manager simple-post-meta-manager allows Reflected XSS.This issue affects Simple Post Meta Manager: from n/a through <= 1.0.9.
CVE-2025-32555HigApr 9, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Edamam SEO, Nutrition and Print for Recipes by Edamam seo-nutrition-and-print-for-recipes-by-edamam allows Stored XSS.This issue affects SEO, Nutrition and Print for Recipes by Edamam: from n/a through <= 3.3.
CVE-2025-32518HigApr 9, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in hossainawlad ALD Login Page ald-login-page allows Stored XSS.This issue affects ALD Login Page: from n/a through <= 1.1.
CVE-2025-32505HigApr 9, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in SCAND MultiMailer scand-multi-mailer allows Stored XSS.This issue affects MultiMailer: from n/a through <= 1.0.3.
CVE-2025-32502HigApr 9, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in lemmentwickler ePaper Lister for Yumpu magazine-lister-for-yumpu allows Stored XSS.This issue affects ePaper Lister for Yumpu: from n/a through <= 1.4.0.
CVE-2025-32501HigApr 9, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in dimafreund Rentsyst rentsyst allows Stored XSS.This issue affects Rentsyst: from n/a through <= 2.0.92.
CVE-2025-32500HigApr 9, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Sudavar Codescar Radio Widget codescar-radio-widget allows Stored XSS.This issue affects Codescar Radio Widget: from n/a through <= 0.4.2.
CVE-2025-32498HigApr 9, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in oleglark VKontakte Cross-Post vkontakte-cross-post allows Stored XSS.This issue affects VKontakte Cross-Post: from n/a through <= 0.3.2.
CVE-2025-32497HigApr 9, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in squiter Spoiler Block spoiler-block allows Stored XSS.This issue affects Spoiler Block: from n/a through <= 1.7.