CWE-352

Cross-Site Request Forgery (CSRF)

CompoundStableLikelihood: Medium

Description

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

Hierarchy (View 1000)

Parents

CWE-345

Children

none

Related attack patterns (CAPEC)

CAPEC-111 · CAPEC-462 · CAPEC-467 · CAPEC-62

CVEs mapped to this weakness (4,557)

page 47 of 228

CVE	Sev	Risk	CVSS	Published	Description
CVE-2025-31460	Hig	0.46	7.1	Mar 28, 2025	Cross-Site Request Forgery (CSRF) vulnerability in danielmuldernl OmniLeads Scripts and Tags Manager omnileads-scripts-and-tags-manager allows Stored XSS.This issue affects OmniLeads Scripts and Tags Manager: from n/a through <= 1.3.
CVE-2025-31459	Hig	0.46	7.1	Mar 28, 2025	Cross-Site Request Forgery (CSRF) vulnerability in PasqualePuzio Login Alert login-alert allows Stored XSS.This issue affects Login Alert: from n/a through <= 0.2.1.
CVE-2025-31458	Hig	0.46	7.1	Mar 28, 2025	Cross-Site Request Forgery (CSRF) vulnerability in forsgren Video Embedder video-embedder allows Stored XSS.This issue affects Video Embedder: from n/a through <= 1.7.1.
CVE-2025-31449	Hig	0.46	7.1	Mar 28, 2025	Cross-Site Request Forgery (CSRF) vulnerability in EricH The Visitor Counter the-visitor-counter allows Stored XSS.This issue affects The Visitor Counter: from n/a through <= 1.4.3.
CVE-2025-31444	Hig	0.46	7.1	Mar 28, 2025	Cross-Site Request Forgery (CSRF) vulnerability in youtag ShowTime Slideshow showtime-slideshow allows Stored XSS.This issue affects ShowTime Slideshow: from n/a through <= 1.6.
CVE-2025-31443	Hig	0.46	7.1	Mar 28, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Krzysztof Furtak KK I Like It kk-i-like-it allows Stored XSS.This issue affects KK I Like It: from n/a through <= 1.7.5.3.
CVE-2025-31440	Hig	0.46	7.1	Mar 28, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Team Terms of Use terms-of-use-2 allows Stored XSS.This issue affects Terms of Use: from n/a through <= 2.0.
CVE-2025-31435	Hig	0.46	7.1	Mar 28, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Efficient Scripts Microblog Poster microblog-poster allows Stored XSS.This issue affects Microblog Poster: from n/a through <= 2.1.6.
CVE-2025-22658	Hig	0.46	7.1	Mar 27, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Listings for Appfolio Listings for Appfolio listings-for-appfolio allows Stored XSS.This issue affects Listings for Appfolio: from n/a through <= 1.2.0.
CVE-2025-25100	Hig	0.46	7.1	Mar 27, 2025	Cross-Site Request Forgery (CSRF) vulnerability in victoracano Cazamba cazamba allows Reflected XSS.This issue affects Cazamba: from n/a through <= 1.2.
CVE-2025-25086	Hig	0.46	7.1	Mar 27, 2025	Cross-Site Request Forgery (CSRF) vulnerability in WPDeveloper Secret Meta facebook-secret-meta allows Reflected XSS.This issue affects Secret Meta: from n/a through <= 1.2.1.
CVE-2025-30919	Hig	0.46	7.1	Mar 27, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Store Locator Widgets Store Locator Widget store-locator-widget allows Stored XSS.This issue affects Store Locator Widget: from n/a through <= 2025r2.
CVE-2025-30857	Hig	0.46	7.1	Mar 27, 2025	Cross-Site Request Forgery (CSRF) vulnerability in PressMaximum Currency Switcher for WooCommerce currency-switcher-for-woocommerce allows Stored XSS.This issue affects Currency Switcher for WooCommerce: from n/a through <= 0.0.7.
CVE-2025-30787	Hig	0.46	7.1	Mar 27, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Eli EZ SQL Reports Shortcode Widget and DB Backup elisqlreports allows Stored XSS.This issue affects EZ SQL Reports Shortcode Widget and DB Backup: from n/a through <= 5.25.08.
CVE-2025-30769	Hig	0.46	7.1	Mar 27, 2025	Cross-Site Request Forgery (CSRF) vulnerability in alexvtn WIP WooCarousel Lite wip-woocarousel-lite allows Stored XSS.This issue affects WIP WooCarousel Lite: from n/a through <= 1.1.7.
CVE-2025-30621	Hig	0.46	7.1	Mar 24, 2025	Cross-Site Request Forgery (CSRF) vulnerability in kornelly Translator translator allows Stored XSS.This issue affects Translator: from n/a through <= 0.3.
CVE-2025-30620	Hig	0.46	7.1	Mar 24, 2025	Cross-Site Request Forgery (CSRF) vulnerability in coderscom WP Odoo Form Integrator wp-odoo-form-integrator allows Stored XSS.This issue affects WP Odoo Form Integrator: from n/a through <= 1.1.0.
CVE-2025-30612	Hig	0.46	7.1	Mar 24, 2025	Cross-Site Request Forgery (CSRF) vulnerability in mandegarweb Replace Default Words replace-default-words allows Stored XSS.This issue affects Replace Default Words: from n/a through <= 1.3.
CVE-2025-30608	Hig	0.46	7.1	Mar 24, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Anthony WordPress SQL Backup wordpress-sql-backup allows Stored XSS.This issue affects WordPress SQL Backup: from n/a through <= 3.5.2.
CVE-2025-30603	Hig	0.46	7.1	Mar 24, 2025	Cross-Site Request Forgery (CSRF) vulnerability in DEJAN CopyLink copy-link allows Stored XSS.This issue affects CopyLink: from n/a through <= 1.1.

CVE-2025-31460HigMar 28, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in danielmuldernl OmniLeads Scripts and Tags Manager omnileads-scripts-and-tags-manager allows Stored XSS.This issue affects OmniLeads Scripts and Tags Manager: from n/a through <= 1.3.
CVE-2025-31459HigMar 28, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in PasqualePuzio Login Alert login-alert allows Stored XSS.This issue affects Login Alert: from n/a through <= 0.2.1.
CVE-2025-31458HigMar 28, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in forsgren Video Embedder video-embedder allows Stored XSS.This issue affects Video Embedder: from n/a through <= 1.7.1.
CVE-2025-31449HigMar 28, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in EricH The Visitor Counter the-visitor-counter allows Stored XSS.This issue affects The Visitor Counter: from n/a through <= 1.4.3.
CVE-2025-31444HigMar 28, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in youtag ShowTime Slideshow showtime-slideshow allows Stored XSS.This issue affects ShowTime Slideshow: from n/a through <= 1.6.
CVE-2025-31443HigMar 28, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Krzysztof Furtak KK I Like It kk-i-like-it allows Stored XSS.This issue affects KK I Like It: from n/a through <= 1.7.5.3.
CVE-2025-31440HigMar 28, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Team Terms of Use terms-of-use-2 allows Stored XSS.This issue affects Terms of Use: from n/a through <= 2.0.
CVE-2025-31435HigMar 28, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Efficient Scripts Microblog Poster microblog-poster allows Stored XSS.This issue affects Microblog Poster: from n/a through <= 2.1.6.
CVE-2025-22658HigMar 27, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Listings for Appfolio Listings for Appfolio listings-for-appfolio allows Stored XSS.This issue affects Listings for Appfolio: from n/a through <= 1.2.0.
CVE-2025-25100HigMar 27, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in victoracano Cazamba cazamba allows Reflected XSS.This issue affects Cazamba: from n/a through <= 1.2.
CVE-2025-25086HigMar 27, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in WPDeveloper Secret Meta facebook-secret-meta allows Reflected XSS.This issue affects Secret Meta: from n/a through <= 1.2.1.
CVE-2025-30919HigMar 27, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Store Locator Widgets Store Locator Widget store-locator-widget allows Stored XSS.This issue affects Store Locator Widget: from n/a through <= 2025r2.
CVE-2025-30857HigMar 27, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in PressMaximum Currency Switcher for WooCommerce currency-switcher-for-woocommerce allows Stored XSS.This issue affects Currency Switcher for WooCommerce: from n/a through <= 0.0.7.
CVE-2025-30787HigMar 27, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Eli EZ SQL Reports Shortcode Widget and DB Backup elisqlreports allows Stored XSS.This issue affects EZ SQL Reports Shortcode Widget and DB Backup: from n/a through <= 5.25.08.
CVE-2025-30769HigMar 27, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in alexvtn WIP WooCarousel Lite wip-woocarousel-lite allows Stored XSS.This issue affects WIP WooCarousel Lite: from n/a through <= 1.1.7.
CVE-2025-30621HigMar 24, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in kornelly Translator translator allows Stored XSS.This issue affects Translator: from n/a through <= 0.3.
CVE-2025-30620HigMar 24, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in coderscom WP Odoo Form Integrator wp-odoo-form-integrator allows Stored XSS.This issue affects WP Odoo Form Integrator: from n/a through <= 1.1.0.
CVE-2025-30612HigMar 24, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in mandegarweb Replace Default Words replace-default-words allows Stored XSS.This issue affects Replace Default Words: from n/a through <= 1.3.
CVE-2025-30608HigMar 24, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Anthony WordPress SQL Backup wordpress-sql-backup allows Stored XSS.This issue affects WordPress SQL Backup: from n/a through <= 3.5.2.
CVE-2025-30603HigMar 24, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in DEJAN CopyLink copy-link allows Stored XSS.This issue affects CopyLink: from n/a through <= 1.1.