VYPR

CWE-352

Cross-Site Request Forgery (CSRF)

CompoundStableLikelihood: Medium

Description

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-111 · CAPEC-462 · CAPEC-467 · CAPEC-62

CVEs mapped to this weakness (5,713)

page 63 of 286
  • CVE-2025-62945HigOct 27, 2025
    risk 0.46cvss 7.1epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Eduard Pinuaga Linares Did Prestashop Display did-prestashop-display allows Stored XSS.This issue affects Did Prestashop Display: from n/a through <= 1.0.30.

  • CVE-2025-62934HigOct 27, 2025
    risk 0.46cvss 7.1epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Mejar WP Business Hours wp-business-hours allows Stored XSS.This issue affects WP Business Hours: from n/a through <= 1.4.

  • CVE-2025-62933HigOct 27, 2025
    risk 0.46cvss 7.1epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Prakash Awesome Testimonials awesome-testimonials allows Stored XSS.This issue affects Awesome Testimonials: from n/a through <= 2.2.1.

  • CVE-2025-62896HigOct 27, 2025
    risk 0.46cvss 7.1epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in digitaldonkey Multilang Contact Form multilang-contact-form allows Stored XSS.This issue affects Multilang Contact Form: from n/a through <= 1.5.

  • CVE-2025-62886HigOct 27, 2025
    risk 0.46cvss 7.1epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in wpdevart Pricing Table builder wpdevart-pricing-table allows Stored XSS.This issue affects Pricing Table builder: from n/a through <= 1.5.3.

  • CVE-2025-62005HigOct 22, 2025
    risk 0.46cvss 7.1epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in FantasticPlugins SUMO Memberships for WooCommerce sumomemberships allows Cross Site Request Forgery.This issue affects SUMO Memberships for WooCommerce: from n/a through < 7.8.0.

  • CVE-2025-60168HigOct 22, 2025
    risk 0.46cvss 7.1epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in integrationshotelrunner HotelRunner Booking Widget hotelrunner allows Stored XSS.This issue affects HotelRunner Booking Widget: from n/a through <= 1.6.

  • CVE-2025-60132HigOct 22, 2025
    risk 0.46cvss 7.1epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in johnh10 Video Blogster Lite video-blogster-lite allows Stored XSS.This issue affects Video Blogster Lite: from n/a through <= 1.2.

  • CVE-2025-59845HigSep 26, 2025
    risk 0.46cvss 8.2epss 0.00

    Apollo Studio Embeddable Explorer & Embeddable Sandbox are website embeddable software solutions from Apollo GraphQL. Prior to Apollo Sandbox version 2.7.2 and Apollo Explorer version 3.7.3, a cross-site request forgery (CSRF) vulnerability was identified. The vulnerability…

  • CVE-2025-60173HigSep 26, 2025
    risk 0.46cvss 7.1epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Ashwani kumar GST for WooCommerce gst-for-woocommerce allows Stored XSS.This issue affects GST for WooCommerce: from n/a through <= 2.0.

  • CVE-2025-60172HigSep 26, 2025
    risk 0.46cvss 7.1epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in flytedesk Flytedesk Digital flytedesk-digital allows Stored XSS.This issue affects Flytedesk Digital: from n/a through <= 20181101.

  • CVE-2025-60171HigSep 26, 2025
    risk 0.46cvss 7.1epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in yourplugins Conditional Cart Messages for WooCommerce – YourPlugins.com yourplugins-wc-conditional-cart-notices allows Stored XSS.This issue affects Conditional Cart Messages for WooCommerce – YourPlugins.com: from n/a…

  • CVE-2025-60170HigSep 26, 2025
    risk 0.46cvss 7.1epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Taraprasad Swain HTACCESS IP Blocker htaccess-ip-blocker allows Stored XSS.This issue affects HTACCESS IP Blocker: from n/a through <= 1.0.

  • CVE-2025-60169HigSep 26, 2025
    risk 0.46cvss 7.1epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in W3S Cloud Technology W3SCloud Contact Form 7 to Zoho CRM w3s-cf7-zoho allows Stored XSS.This issue affects W3SCloud Contact Form 7 to Zoho CRM: from n/a through <= 3.2.

  • CVE-2025-60164HigSep 26, 2025
    risk 0.46cvss 7.1epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in NewsMAN NewsmanApp newsmanapp allows Stored XSS.This issue affects NewsmanApp: from n/a through <= 2.7.7.

  • CVE-2025-58956HigSep 22, 2025
    risk 0.46cvss 7.1epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in loopus WP Attractive Donations System wp-attractive-donations-system-easy-stripe-paypal-donations allows Stored XSS.This issue affects WP Attractive Donations System: from n/a through < 1.29.

  • CVE-2025-58688HigSep 22, 2025
    risk 0.46cvss 7.1epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Casengo Casengo Live Chat Support the-casengo-chat-widget allows Stored XSS.This issue affects Casengo Live Chat Support: from n/a through <= 2.1.4.

  • CVE-2025-58687HigSep 22, 2025
    risk 0.46cvss 7.1epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in WP CMS Ninja Current Age Plugin current-age allows Stored XSS.This issue affects Current Age Plugin: from n/a through <= 1.6.

  • CVE-2025-58677HigSep 22, 2025
    risk 0.46cvss 7.1epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in puravida1976 ShrinkTheWeb (STW) Website Previews shrinktheweb-website-preview-plugin allows Stored XSS.This issue affects ShrinkTheWeb (STW) Website Previews: from n/a through <= 2.8.5.

  • CVE-2025-58676HigSep 22, 2025
    risk 0.46cvss 7.1epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in extendyourweb HORIZONTAL SLIDER horizontal-slider allows Stored XSS.This issue affects HORIZONTAL SLIDER: from n/a through <= 2.4.