CWE-352

Cross-Site Request Forgery (CSRF)

CompoundStableLikelihood: Medium

Description

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

Hierarchy (View 1000)

Parents

CWE-345

Children

none

Related attack patterns (CAPEC)

CAPEC-111 · CAPEC-462 · CAPEC-467 · CAPEC-62

CVEs mapped to this weakness (4,557)

page 60 of 228

CVE	Sev	Risk	CVSS	Published	Description
CVE-2024-54423	Hig	0.46	7.1	Dec 16, 2024	Cross-Site Request Forgery (CSRF) vulnerability in Jesse Overright Social Media Sharing social-media-sharing allows Stored XSS.This issue affects Social Media Sharing: from n/a through <= 1.1.
CVE-2024-54421	Hig	0.46	7.1	Dec 16, 2024	Cross-Site Request Forgery (CSRF) vulnerability in Sanjay_Negi Floating Video Player floating-player allows Stored XSS.This issue affects Floating Video Player: from n/a through <= 1.0.
CVE-2024-54420	Hig	0.46	7.1	Dec 16, 2024	Cross-Site Request Forgery (CSRF) vulnerability in Aleksandr Novikov Metrika metrika allows Cross Site Request Forgery.This issue affects Metrika: from n/a through <= 1.2.
CVE-2024-54416	Hig	0.46	7.1	Dec 16, 2024	Cross-Site Request Forgery (CSRF) vulnerability in Navdeep Wp Login with Ajax wp-login-with-ajax allows Stored XSS.This issue affects Wp Login with Ajax: from n/a through <= 0.6.
CVE-2024-54415	Hig	0.46	7.1	Dec 16, 2024	Cross-Site Request Forgery (CSRF) vulnerability in cconoly WP-HideThat wp-hide-that allows Stored XSS.This issue affects WP-HideThat: from n/a through <= 1.2.
CVE-2024-54414	Hig	0.46	7.1	Dec 16, 2024	Cross-Site Request Forgery (CSRF) vulnerability in geoWP Geoportail Shortcode geoportail-shortcode allows Stored XSS.This issue affects Geoportail Shortcode: from n/a through <= 2.4.4.
CVE-2024-54413	Hig	0.46	7.1	Dec 16, 2024	Cross-Site Request Forgery (CSRF) vulnerability in brandt-net Display Future Posts display-future-posts allows Stored XSS.This issue affects Display Future Posts: from n/a through <= 0.2.3.
CVE-2024-54412	Hig	0.46	7.1	Dec 16, 2024	Cross-Site Request Forgery (CSRF) vulnerability in etemplates ECT Product Carousel ect-product-carousel allows Stored XSS.This issue affects ECT Product Carousel: from n/a through <= 1.9.
CVE-2024-54411	Hig	0.46	7.1	Dec 16, 2024	Cross-Site Request Forgery (CSRF) vulnerability in hosting.io WP Controller wp-management-controller allows Stored XSS.This issue affects WP Controller: from n/a through <= 3.2.0.
CVE-2024-54410	Hig	0.46	7.1	Dec 16, 2024	Cross-Site Request Forgery (CSRF) vulnerability in eagerterrier SOPA Blackout sopa-blackout allows Stored XSS.This issue affects SOPA Blackout: from n/a through <= 1.4.
CVE-2024-54409	Hig	0.46	7.1	Dec 16, 2024	Cross-Site Request Forgery (CSRF) vulnerability in fzmaster XPD Reduce Image Filesize xpd-reduce-image-filesize allows Stored XSS.This issue affects XPD Reduce Image Filesize: from n/a through <= 1.0.
CVE-2024-54407	Hig	0.46	7.1	Dec 16, 2024	Cross-Site Request Forgery (CSRF) vulnerability in a328496647 CK and SyntaxHighlighter ck-and-syntaxhighlighter allows Stored XSS.This issue affects CK and SyntaxHighlighter: from n/a through <= 3.4.2.
CVE-2024-54405	Hig	0.46	7.1	Dec 16, 2024	Cross-Site Request Forgery (CSRF) vulnerability in etemplates ECT Social Share ect-social-share allows Stored XSS.This issue affects ECT Social Share: from n/a through <= 1.3.
CVE-2024-54404	Hig	0.46	7.1	Dec 16, 2024	Cross-Site Request Forgery (CSRF) vulnerability in Nazmul Ahsan MDC Comment Toolbar mdc-comment-toolbar allows Stored XSS.This issue affects MDC Comment Toolbar: from n/a through <= 1.1.
CVE-2024-54401	Hig	0.46	7.1	Dec 16, 2024	Cross-Site Request Forgery (CSRF) vulnerability in Ciprian Turcu Advanced Fancybox advanced-fancybox allows Stored XSS.This issue affects Advanced Fancybox: from n/a through <= 1.1.1.
CVE-2024-54400	Hig	0.46	7.1	Dec 16, 2024	Cross-Site Request Forgery (CSRF) vulnerability in meloniq AppMaps appmaps allows Stored XSS.This issue affects AppMaps: from n/a through <= 1.1.
CVE-2024-54399	Hig	0.46	7.1	Dec 16, 2024	Cross-Site Request Forgery (CSRF) vulnerability in CRUDLab CRUDLab Google Plus Button crudlab-google-plus allows Stored XSS.This issue affects CRUDLab Google Plus Button: from n/a through <= 1.0.2.
CVE-2024-54398	Hig	0.46	7.1	Dec 16, 2024	Cross-Site Request Forgery (CSRF) vulnerability in jcaruso001 Flaming Forms flaming-forms allows Stored XSS.This issue affects Flaming Forms: from n/a through <= 1.0.1.
CVE-2024-54397	Hig	0.46	7.1	Dec 16, 2024	Cross-Site Request Forgery (CSRF) vulnerability in antonio.gocaj Go Animate goanimate allows Stored XSS.This issue affects Go Animate: from n/a through <= 1.0.
CVE-2024-54394	Hig	0.46	7.1	Dec 16, 2024	Cross-Site Request Forgery (CSRF) vulnerability in khubbaib Mandrill WP email-form-under-post allows Stored XSS.This issue affects Mandrill WP: from n/a through <= 1.0.5.

CVE-2024-54423HigDec 16, 2024
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Jesse Overright Social Media Sharing social-media-sharing allows Stored XSS.This issue affects Social Media Sharing: from n/a through <= 1.1.
CVE-2024-54421HigDec 16, 2024
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Sanjay_Negi Floating Video Player floating-player allows Stored XSS.This issue affects Floating Video Player: from n/a through <= 1.0.
CVE-2024-54420HigDec 16, 2024
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Aleksandr Novikov Metrika metrika allows Cross Site Request Forgery.This issue affects Metrika: from n/a through <= 1.2.
CVE-2024-54416HigDec 16, 2024
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Navdeep Wp Login with Ajax wp-login-with-ajax allows Stored XSS.This issue affects Wp Login with Ajax: from n/a through <= 0.6.
CVE-2024-54415HigDec 16, 2024
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in cconoly WP-HideThat wp-hide-that allows Stored XSS.This issue affects WP-HideThat: from n/a through <= 1.2.
CVE-2024-54414HigDec 16, 2024
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in geoWP Geoportail Shortcode geoportail-shortcode allows Stored XSS.This issue affects Geoportail Shortcode: from n/a through <= 2.4.4.
CVE-2024-54413HigDec 16, 2024
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in brandt-net Display Future Posts display-future-posts allows Stored XSS.This issue affects Display Future Posts: from n/a through <= 0.2.3.
CVE-2024-54412HigDec 16, 2024
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in etemplates ECT Product Carousel ect-product-carousel allows Stored XSS.This issue affects ECT Product Carousel: from n/a through <= 1.9.
CVE-2024-54411HigDec 16, 2024
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in hosting.io WP Controller wp-management-controller allows Stored XSS.This issue affects WP Controller: from n/a through <= 3.2.0.
CVE-2024-54410HigDec 16, 2024
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in eagerterrier SOPA Blackout sopa-blackout allows Stored XSS.This issue affects SOPA Blackout: from n/a through <= 1.4.
CVE-2024-54409HigDec 16, 2024
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in fzmaster XPD Reduce Image Filesize xpd-reduce-image-filesize allows Stored XSS.This issue affects XPD Reduce Image Filesize: from n/a through <= 1.0.
CVE-2024-54407HigDec 16, 2024
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in a328496647 CK and SyntaxHighlighter ck-and-syntaxhighlighter allows Stored XSS.This issue affects CK and SyntaxHighlighter: from n/a through <= 3.4.2.
CVE-2024-54405HigDec 16, 2024
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in etemplates ECT Social Share ect-social-share allows Stored XSS.This issue affects ECT Social Share: from n/a through <= 1.3.
CVE-2024-54404HigDec 16, 2024
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Nazmul Ahsan MDC Comment Toolbar mdc-comment-toolbar allows Stored XSS.This issue affects MDC Comment Toolbar: from n/a through <= 1.1.
CVE-2024-54401HigDec 16, 2024
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Ciprian Turcu Advanced Fancybox advanced-fancybox allows Stored XSS.This issue affects Advanced Fancybox: from n/a through <= 1.1.1.
CVE-2024-54400HigDec 16, 2024
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in meloniq AppMaps appmaps allows Stored XSS.This issue affects AppMaps: from n/a through <= 1.1.
CVE-2024-54399HigDec 16, 2024
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in CRUDLab CRUDLab Google Plus Button crudlab-google-plus allows Stored XSS.This issue affects CRUDLab Google Plus Button: from n/a through <= 1.0.2.
CVE-2024-54398HigDec 16, 2024
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in jcaruso001 Flaming Forms flaming-forms allows Stored XSS.This issue affects Flaming Forms: from n/a through <= 1.0.1.
CVE-2024-54397HigDec 16, 2024
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in antonio.gocaj Go Animate goanimate allows Stored XSS.This issue affects Go Animate: from n/a through <= 1.0.
CVE-2024-54394HigDec 16, 2024
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in khubbaib Mandrill WP email-form-under-post allows Stored XSS.This issue affects Mandrill WP: from n/a through <= 1.0.5.