CWE-352

Cross-Site Request Forgery (CSRF)

CompoundStableLikelihood: Medium

Description

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

Hierarchy (View 1000)

Parents

CWE-345

Children

none

Related attack patterns (CAPEC)

CAPEC-111 · CAPEC-462 · CAPEC-467 · CAPEC-62

CVEs mapped to this weakness (4,557)

page 53 of 228

CVE	Sev	Risk	CVSS	Published	Description
CVE-2025-24561	Hig	0.46	7.1	Jan 24, 2025	Cross-Site Request Forgery (CSRF) vulnerability in awcode ReviewsTap reviewstap allows Stored XSS.This issue affects ReviewsTap: from n/a through <= 1.1.2.
CVE-2025-24555	Hig	0.46	7.1	Jan 24, 2025	Cross-Site Request Forgery (CSRF) vulnerability in subscriptiondna Subscription DNA subscriptiondna allows Stored XSS.This issue affects Subscription DNA: from n/a through <= 2.1.
CVE-2025-22768	Hig	0.46	7.1	Jan 23, 2025	Cross-Site Request Forgery (CSRF) vulnerability in JinHan Park Rocket Media Library Mime Type rocket-media-library-mime-type allows Stored XSS.This issue affects Rocket Media Library Mime Type: from n/a through <= 2.1.0.
CVE-2025-23806	Hig	0.46	7.1	Jan 22, 2025	Cross-Site Request Forgery (CSRF) vulnerability in ThemeFarmer Ultimate Subscribe ultimate-subscribe allows Reflected XSS.This issue affects Ultimate Subscribe: from n/a through <= 1.3.
CVE-2025-23803	Hig	0.46	7.1	Jan 22, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Rik Schennink Snippy snippy allows Reflected XSS.This issue affects Snippy: from n/a through <= 1.4.1.
CVE-2025-24001	Hig	0.46	7.1	Jan 21, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Ngô Thắng IT PPO Call To Actions ppo-call-to-actions allows Cross Site Request Forgery.This issue affects PPO Call To Actions: from n/a through <= 0.1.3.
CVE-2025-23902	Hig	0.46	7.1	Jan 16, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Taras Dashkevych Error Notification error-notification allows Cross Site Request Forgery.This issue affects Error Notification: from n/a through <= 0.2.7.
CVE-2025-23901	Hig	0.46	7.1	Jan 16, 2025	Cross-Site Request Forgery (CSRF) vulnerability in cybio GravatarLocalCache gravatarlocalcache allows Cross Site Request Forgery.This issue affects GravatarLocalCache: from n/a through <= 1.1.2.
CVE-2025-23900	Hig	0.46	7.1	Jan 16, 2025	Cross-Site Request Forgery (CSRF) vulnerability in genkisan Genki Announcement genki-announcement allows Cross Site Request Forgery.This issue affects Genki Announcement: from n/a through <= 1.4.1.
CVE-2025-23898	Hig	0.46	7.1	Jan 16, 2025	Cross-Site Request Forgery (CSRF) vulnerability in ivobrett Apply with LinkedIn buttons apply-with-linkedin-buttons allows Stored XSS.This issue affects Apply with LinkedIn buttons: from n/a through <= 2.3.
CVE-2025-23895	Hig	0.46	7.1	Jan 16, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Dan Cameron Add RSS add-rss allows Stored XSS.This issue affects Add RSS: from n/a through <= 1.5.
CVE-2025-23884	Hig	0.46	7.1	Jan 16, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Chris Roberts Annie annie allows Cross Site Request Forgery.This issue affects Annie: from n/a through <= 2.1.1.
CVE-2025-23880	Hig	0.46	7.1	Jan 16, 2025	Cross-Site Request Forgery (CSRF) vulnerability in anmari amr personalise amr-personalise allows Cross Site Request Forgery.This issue affects amr personalise: from n/a through <= 2.10.
CVE-2025-23875	Hig	0.46	7.1	Jan 16, 2025	Cross-Site Request Forgery (CSRF) vulnerability in madeglobal Better Protected Pages better-protected-pages allows Stored XSS.This issue affects Better Protected Pages: from n/a through <= 1.0.
CVE-2025-23872	Hig	0.46	7.1	Jan 16, 2025	Cross-Site Request Forgery (CSRF) vulnerability in payform PayForm payform allows Stored XSS.This issue affects PayForm: from n/a through <= 2.0.
CVE-2025-23871	Hig	0.46	7.1	Jan 16, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Bas Matthee LSD Google Maps Embedder lsd-google-maps-embedder allows Cross Site Request Forgery.This issue affects LSD Google Maps Embedder: from n/a through <= 1.1.
CVE-2025-23870	Hig	0.46	7.1	Jan 16, 2025	Cross-Site Request Forgery (CSRF) vulnerability in wygk Copyright Safeguard Footer Notice copyright-safeguard-footer-notice allows Stored XSS.This issue affects Copyright Safeguard Footer Notice: from n/a through <= 3.0.
CVE-2025-23869	Hig	0.46	7.1	Jan 16, 2025	Cross-Site Request Forgery (CSRF) vulnerability in shibulijack CJ Custom Content cj-custom-content allows Stored XSS.This issue affects CJ Custom Content: from n/a through <= 2.0.
CVE-2025-23861	Hig	0.46	7.1	Jan 16, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Zack Katz Debt Calculator debt-calculator allows Cross Site Request Forgery.This issue affects Debt Calculator: from n/a through <= 1.0.1.
CVE-2025-23848	Hig	0.46	7.1	Jan 16, 2025	Cross-Site Request Forgery (CSRF) vulnerability in dpowney Hotspots Analytics hotspots allows Stored XSS.This issue affects Hotspots Analytics: from n/a through <= 4.0.12.

CVE-2025-24561HigJan 24, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in awcode ReviewsTap reviewstap allows Stored XSS.This issue affects ReviewsTap: from n/a through <= 1.1.2.
CVE-2025-24555HigJan 24, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in subscriptiondna Subscription DNA subscriptiondna allows Stored XSS.This issue affects Subscription DNA: from n/a through <= 2.1.
CVE-2025-22768HigJan 23, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in JinHan Park Rocket Media Library Mime Type rocket-media-library-mime-type allows Stored XSS.This issue affects Rocket Media Library Mime Type: from n/a through <= 2.1.0.
CVE-2025-23806HigJan 22, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in ThemeFarmer Ultimate Subscribe ultimate-subscribe allows Reflected XSS.This issue affects Ultimate Subscribe: from n/a through <= 1.3.
CVE-2025-23803HigJan 22, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Rik Schennink Snippy snippy allows Reflected XSS.This issue affects Snippy: from n/a through <= 1.4.1.
CVE-2025-24001HigJan 21, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Ngô Thắng IT PPO Call To Actions ppo-call-to-actions allows Cross Site Request Forgery.This issue affects PPO Call To Actions: from n/a through <= 0.1.3.
CVE-2025-23902HigJan 16, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Taras Dashkevych Error Notification error-notification allows Cross Site Request Forgery.This issue affects Error Notification: from n/a through <= 0.2.7.
CVE-2025-23901HigJan 16, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in cybio GravatarLocalCache gravatarlocalcache allows Cross Site Request Forgery.This issue affects GravatarLocalCache: from n/a through <= 1.1.2.
CVE-2025-23900HigJan 16, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in genkisan Genki Announcement genki-announcement allows Cross Site Request Forgery.This issue affects Genki Announcement: from n/a through <= 1.4.1.
CVE-2025-23898HigJan 16, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in ivobrett Apply with LinkedIn buttons apply-with-linkedin-buttons allows Stored XSS.This issue affects Apply with LinkedIn buttons: from n/a through <= 2.3.
CVE-2025-23895HigJan 16, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Dan Cameron Add RSS add-rss allows Stored XSS.This issue affects Add RSS: from n/a through <= 1.5.
CVE-2025-23884HigJan 16, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Chris Roberts Annie annie allows Cross Site Request Forgery.This issue affects Annie: from n/a through <= 2.1.1.
CVE-2025-23880HigJan 16, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in anmari amr personalise amr-personalise allows Cross Site Request Forgery.This issue affects amr personalise: from n/a through <= 2.10.
CVE-2025-23875HigJan 16, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in madeglobal Better Protected Pages better-protected-pages allows Stored XSS.This issue affects Better Protected Pages: from n/a through <= 1.0.
CVE-2025-23872HigJan 16, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in payform PayForm payform allows Stored XSS.This issue affects PayForm: from n/a through <= 2.0.
CVE-2025-23871HigJan 16, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Bas Matthee LSD Google Maps Embedder lsd-google-maps-embedder allows Cross Site Request Forgery.This issue affects LSD Google Maps Embedder: from n/a through <= 1.1.
CVE-2025-23870HigJan 16, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in wygk Copyright Safeguard Footer Notice copyright-safeguard-footer-notice allows Stored XSS.This issue affects Copyright Safeguard Footer Notice: from n/a through <= 3.0.
CVE-2025-23869HigJan 16, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in shibulijack CJ Custom Content cj-custom-content allows Stored XSS.This issue affects CJ Custom Content: from n/a through <= 2.0.
CVE-2025-23861HigJan 16, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Zack Katz Debt Calculator debt-calculator allows Cross Site Request Forgery.This issue affects Debt Calculator: from n/a through <= 1.0.1.
CVE-2025-23848HigJan 16, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in dpowney Hotspots Analytics hotspots allows Stored XSS.This issue affects Hotspots Analytics: from n/a through <= 4.0.12.