CWE-352

Cross-Site Request Forgery (CSRF)

CompoundStableLikelihood: Medium

Description

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

Hierarchy (View 1000)

Parents

CWE-345

Children

none

Related attack patterns (CAPEC)

CAPEC-111 · CAPEC-462 · CAPEC-467 · CAPEC-62

CVEs mapped to this weakness (4,557)

page 55 of 228

CVE	Sev	Risk	CVSS	Published	Description
CVE-2025-23720	Hig	0.46	7.1	Jan 16, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Marco Castelluccio Web Push web-push allows Stored XSS.This issue affects Web Push: from n/a through <= 1.4.0.
CVE-2025-23717	Hig	0.46	7.1	Jan 16, 2025	Cross-Site Request Forgery (CSRF) vulnerability in itmooti Theme My Ontraport Smartform theme-my-ontraport-smartform allows Stored XSS.This issue affects Theme My Ontraport Smartform: from n/a through <= 1.2.11.
CVE-2025-23715	Hig	0.46	7.1	Jan 16, 2025	Cross-Site Request Forgery (CSRF) vulnerability in RaymondDesign Post & Page Notes post-page-notes allows Stored XSS.This issue affects Post & Page Notes: from n/a through <= 0.1.1.
CVE-2025-23713	Hig	0.46	7.1	Jan 16, 2025	Cross-Site Request Forgery (CSRF) vulnerability in artanik Hack me if you can hack-me-if-you-can allows Stored XSS.This issue affects Hack me if you can: from n/a through <= 1.2.
CVE-2025-23712	Hig	0.46	7.1	Jan 16, 2025	Cross-Site Request Forgery (CSRF) vulnerability in kapostintegrations Kapost kapost-byline allows Stored XSS.This issue affects Kapost: from n/a through <= 2.2.9.
CVE-2025-23710	Hig	0.46	7.1	Jan 16, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Mayur Sojitra Flying Twitter Birds flying-twitter-birds allows Stored XSS.This issue affects Flying Twitter Birds: from n/a through <= 1.8.
CVE-2025-23708	Hig	0.46	7.1	Jan 16, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Dominic Fallows DF Draggable df-draggable allows Stored XSS.This issue affects DF Draggable: from n/a through <= 1.13.2.
CVE-2025-23703	Hig	0.46	7.1	Jan 16, 2025	Cross-Site Request Forgery (CSRF) vulnerability in cstoltenkamp Free MailClient FMC mailclient allows Stored XSS.This issue affects Free MailClient FMC: from n/a through <= 1.0.
CVE-2025-23702	Hig	0.46	7.1	Jan 16, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Schalk Burger Anonymize Links anonymize-links allows Stored XSS.This issue affects Anonymize Links: from n/a through <= 1.1.
CVE-2025-23698	Hig	0.46	7.1	Jan 16, 2025	Cross-Site Request Forgery (CSRF) vulnerability in ivanra10 WP Custom Google Search wp-custom-google-search allows Stored XSS.This issue affects WP Custom Google Search: from n/a through <= 1.0.
CVE-2025-23694	Hig	0.46	7.1	Jan 16, 2025	Cross-Site Request Forgery (CSRF) vulnerability in shabboscommerce Shabbos and Yom Tov shabbos-and-yom-tov allows Stored XSS.This issue affects Shabbos and Yom Tov: from n/a through <= 1.9.
CVE-2025-23693	Hig	0.46	7.1	Jan 16, 2025	Cross-Site Request Forgery (CSRF) vulnerability in uosiu Secure CAPTCHA secure-captcha allows Stored XSS.This issue affects Secure CAPTCHA: from n/a through <= 1.2.
CVE-2025-23692	Hig	0.46	7.1	Jan 16, 2025	Cross-Site Request Forgery (CSRF) vulnerability in artanik Slider for Writers slider-for-writers allows Stored XSS.This issue affects Slider for Writers: from n/a through <= 1.3.
CVE-2025-23691	Hig	0.46	7.1	Jan 16, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Braulio Aquino Send to Twitter send-to-twitter allows Stored XSS.This issue affects Send to Twitter: from n/a through <= 1.7.2.
CVE-2025-23690	Hig	0.46	7.1	Jan 16, 2025	Cross-Site Request Forgery (CSRF) vulnerability in ArtkanMedia Book a Place book-a-place allows Stored XSS.This issue affects Book a Place: from n/a through <= 0.7.1.
CVE-2025-23677	Hig	0.46	7.1	Jan 16, 2025	Cross-Site Request Forgery (CSRF) vulnerability in DSmidge HTTP to HTTPS link changer by Eyga.net https-links-in-content allows Stored XSS.This issue affects HTTP to HTTPS link changer by Eyga.net: from n/a through <= 0.2.4.
CVE-2025-23675	Hig	0.46	7.1	Jan 16, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Sana Ullah Import Users to MailChimp import-users-to-mailchimp allows Stored XSS.This issue affects Import Users to MailChimp: from n/a through <= 1.0.
CVE-2025-23673	Hig	0.46	7.1	Jan 16, 2025	Cross-Site Request Forgery (CSRF) vulnerability in dkukral Email on Publish email-on-publish allows Stored XSS.This issue affects Email on Publish: from n/a through <= 1.5.
CVE-2025-23665	Hig	0.46	7.1	Jan 16, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Ravi Kumar Vanukuru RSV GMaps rsv-google-maps allows Stored XSS.This issue affects RSV GMaps: from n/a through <= 1.5.
CVE-2025-23664	Hig	0.46	7.1	Jan 16, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Real Seguro Viagem Real Seguro Viagem seguro-viagem allows Stored XSS.This issue affects Real Seguro Viagem: from n/a through <= 2.0.5.

CVE-2025-23720HigJan 16, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Marco Castelluccio Web Push web-push allows Stored XSS.This issue affects Web Push: from n/a through <= 1.4.0.
CVE-2025-23717HigJan 16, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in itmooti Theme My Ontraport Smartform theme-my-ontraport-smartform allows Stored XSS.This issue affects Theme My Ontraport Smartform: from n/a through <= 1.2.11.
CVE-2025-23715HigJan 16, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in RaymondDesign Post & Page Notes post-page-notes allows Stored XSS.This issue affects Post & Page Notes: from n/a through <= 0.1.1.
CVE-2025-23713HigJan 16, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in artanik Hack me if you can hack-me-if-you-can allows Stored XSS.This issue affects Hack me if you can: from n/a through <= 1.2.
CVE-2025-23712HigJan 16, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in kapostintegrations Kapost kapost-byline allows Stored XSS.This issue affects Kapost: from n/a through <= 2.2.9.
CVE-2025-23710HigJan 16, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Mayur Sojitra Flying Twitter Birds flying-twitter-birds allows Stored XSS.This issue affects Flying Twitter Birds: from n/a through <= 1.8.
CVE-2025-23708HigJan 16, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Dominic Fallows DF Draggable df-draggable allows Stored XSS.This issue affects DF Draggable: from n/a through <= 1.13.2.
CVE-2025-23703HigJan 16, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in cstoltenkamp Free MailClient FMC mailclient allows Stored XSS.This issue affects Free MailClient FMC: from n/a through <= 1.0.
CVE-2025-23702HigJan 16, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Schalk Burger Anonymize Links anonymize-links allows Stored XSS.This issue affects Anonymize Links: from n/a through <= 1.1.
CVE-2025-23698HigJan 16, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in ivanra10 WP Custom Google Search wp-custom-google-search allows Stored XSS.This issue affects WP Custom Google Search: from n/a through <= 1.0.
CVE-2025-23694HigJan 16, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in shabboscommerce Shabbos and Yom Tov shabbos-and-yom-tov allows Stored XSS.This issue affects Shabbos and Yom Tov: from n/a through <= 1.9.
CVE-2025-23693HigJan 16, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in uosiu Secure CAPTCHA secure-captcha allows Stored XSS.This issue affects Secure CAPTCHA: from n/a through <= 1.2.
CVE-2025-23692HigJan 16, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in artanik Slider for Writers slider-for-writers allows Stored XSS.This issue affects Slider for Writers: from n/a through <= 1.3.
CVE-2025-23691HigJan 16, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Braulio Aquino Send to Twitter send-to-twitter allows Stored XSS.This issue affects Send to Twitter: from n/a through <= 1.7.2.
CVE-2025-23690HigJan 16, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in ArtkanMedia Book a Place book-a-place allows Stored XSS.This issue affects Book a Place: from n/a through <= 0.7.1.
CVE-2025-23677HigJan 16, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in DSmidge HTTP to HTTPS link changer by Eyga.net https-links-in-content allows Stored XSS.This issue affects HTTP to HTTPS link changer by Eyga.net: from n/a through <= 0.2.4.
CVE-2025-23675HigJan 16, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Sana Ullah Import Users to MailChimp import-users-to-mailchimp allows Stored XSS.This issue affects Import Users to MailChimp: from n/a through <= 1.0.
CVE-2025-23673HigJan 16, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in dkukral Email on Publish email-on-publish allows Stored XSS.This issue affects Email on Publish: from n/a through <= 1.5.
CVE-2025-23665HigJan 16, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Ravi Kumar Vanukuru RSV GMaps rsv-google-maps allows Stored XSS.This issue affects RSV GMaps: from n/a through <= 1.5.
CVE-2025-23664HigJan 16, 2025
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Real Seguro Viagem Real Seguro Viagem seguro-viagem allows Stored XSS.This issue affects Real Seguro Viagem: from n/a through <= 2.0.5.