CWE-352

Cross-Site Request Forgery (CSRF)

CompoundStableLikelihood: Medium

Description

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

Hierarchy (View 1000)

Parents

CWE-345

Children

none

Related attack patterns (CAPEC)

CAPEC-111 · CAPEC-462 · CAPEC-467 · CAPEC-62

CVEs mapped to this weakness (4,557)

page 63 of 228

CVE	Sev	Risk	CVSS	Published	Description
CVE-2024-53717	Hig	0.46	7.1	Dec 2, 2024	Cross-Site Request Forgery (CSRF) vulnerability in yonisink yPHPlista yphplista allows Stored XSS.This issue affects yPHPlista: from n/a through <= 1.1.1.
CVE-2024-53716	Hig	0.46	7.1	Dec 2, 2024	Cross-Site Request Forgery (CSRF) vulnerability in overtrue wp auto top wp-auto-top allows Stored XSS.This issue affects wp auto top: from n/a through <= 2.9.3.
CVE-2024-53715	Hig	0.46	7.1	Dec 2, 2024	Cross-Site Request Forgery (CSRF) vulnerability in Thomas Hoefter Simple Travel Map simple-travel-map allows Stored XSS.This issue affects Simple Travel Map: from n/a through <= 0.1.
CVE-2024-53714	Hig	0.46	7.1	Dec 2, 2024	Cross-Site Request Forgery (CSRF) vulnerability in Irish_Cathal Continue Shopping From Cart continue-shopping-from-cart-page allows Stored XSS.This issue affects Continue Shopping From Cart: from n/a through <= 1.3.
CVE-2024-53713	Hig	0.46	7.1	Dec 2, 2024	Cross-Site Request Forgery (CSRF) vulnerability in rickota Silverlight Video Player smooth-streaming-player allows Stored XSS.This issue affects Silverlight Video Player: from n/a through <= 1.0.
CVE-2024-53712	Hig	0.46	7.1	Dec 2, 2024	Cross-Site Request Forgery (CSRF) vulnerability in kevmimcc Kevin's kevins-plugin allows Stored XSS.This issue affects Kevin's: from n/a through <= 2.0.0.
CVE-2024-53711	Hig	0.46	7.1	Dec 2, 2024	Cross-Site Request Forgery (CSRF) vulnerability in tranchesdunet Hotlink2Watermark hotlink2watermark allows Stored XSS.This issue affects Hotlink2Watermark: from n/a through <= 0.3.2.
CVE-2024-53710	Hig	0.46	7.1	Dec 2, 2024	Cross-Site Request Forgery (CSRF) vulnerability in ITERAS ITERAS iteras allows Stored XSS.This issue affects ITERAS: from n/a through <= 1.8.0.
CVE-2024-52477	Hig	0.46	7.1	Dec 2, 2024	Cross-Site Request Forgery (CSRF) vulnerability in docxpresso Document & Data Automation document-data-automation allows Stored XSS.This issue affects Document & Data Automation: from n/a through <= 1.6.1.
CVE-2024-53750	Hig	0.46	7.1	Dec 1, 2024	Cross-Site Request Forgery (CSRF) vulnerability in Maeve Lander PayPal Responder allows Stored XSS.This issue affects PayPal Responder: from n/a through 1.2.
CVE-2024-53778	Hig	0.46	7.1	Nov 30, 2024	Cross-Site Request Forgery (CSRF) vulnerability in Essential Marketer Essential Breadcrumbs essential-breadcrumbs allows Stored XSS.This issue affects Essential Breadcrumbs: from n/a through <= 1.1.1.
CVE-2024-53736	Hig	0.46	7.1	Nov 28, 2024	Cross-Site Request Forgery (CSRF) vulnerability in Jason Grim Custom Shortcode Sidebars custom-shortcode-sidebars allows Stored XSS.This issue affects Custom Shortcode Sidebars: from n/a through <= 1.2.
CVE-2024-53734	Hig	0.46	7.1	Nov 28, 2024	Cross-Site Request Forgery (CSRF) vulnerability in Jamie O Idealien Category Enhancements idealien-category-enhancements allows Stored XSS.This issue affects Idealien Category Enhancements: from n/a through <= 1.2.
CVE-2024-53732	Hig	0.46	7.1	Nov 28, 2024	Cross-Site Request Forgery (CSRF) vulnerability in wpwox Footer Flyout Widget footer-flyout-widget allows Stored XSS.This issue affects Footer Flyout Widget: from n/a through <= 1.1.
CVE-2024-52421	Hig	0.46	7.1	Nov 19, 2024	Cross-Site Request Forgery (CSRF) vulnerability in wp-buy WP Popup Window Maker easy-popup-lightbox-maker allows Stored XSS.This issue affects WP Popup Window Maker: from n/a through <= 2.0.
CVE-2024-52388	Hig	0.46	7.1	Nov 19, 2024	Cross-Site Request Forgery (CSRF) vulnerability in mikeage Hebrew Date hebrewdates allows Stored XSS.This issue affects Hebrew Date: from n/a through <= 2.1.0.
CVE-2024-51657	Hig	0.46	7.1	Nov 19, 2024	Cross-Site Request Forgery (CSRF) vulnerability in Woopy Plugins SmartLink Dynamic URLs smartlink-dinamic-urls allows Stored XSS.This issue affects SmartLink Dynamic URLs: from n/a through <= 1.1.0.
CVE-2024-51656	Hig	0.46	7.1	Nov 19, 2024	Cross-Site Request Forgery (CSRF) vulnerability in litefeel Flash Show And Hide Box flash-show-and-hide-box allows Stored XSS.This issue affects Flash Show And Hide Box: from n/a through <= 1.6.
CVE-2024-51655	Hig	0.46	7.1	Nov 19, 2024	Cross-Site Request Forgery (CSRF) vulnerability in microkid Custom Author URL author-slug allows Stored XSS.This issue affects Custom Author URL: from n/a through <= 2.0.1.
CVE-2024-51654	Hig	0.46	7.1	Nov 19, 2024	Cross-Site Request Forgery (CSRF) vulnerability in Eric Allen APK Downloader apk-downloader allows Stored XSS.This issue affects APK Downloader: from n/a through <= 1.0.0.

CVE-2024-53717HigDec 2, 2024
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in yonisink yPHPlista yphplista allows Stored XSS.This issue affects yPHPlista: from n/a through <= 1.1.1.
CVE-2024-53716HigDec 2, 2024
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in overtrue wp auto top wp-auto-top allows Stored XSS.This issue affects wp auto top: from n/a through <= 2.9.3.
CVE-2024-53715HigDec 2, 2024
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Thomas Hoefter Simple Travel Map simple-travel-map allows Stored XSS.This issue affects Simple Travel Map: from n/a through <= 0.1.
CVE-2024-53714HigDec 2, 2024
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Irish_Cathal Continue Shopping From Cart continue-shopping-from-cart-page allows Stored XSS.This issue affects Continue Shopping From Cart: from n/a through <= 1.3.
CVE-2024-53713HigDec 2, 2024
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in rickota Silverlight Video Player smooth-streaming-player allows Stored XSS.This issue affects Silverlight Video Player: from n/a through <= 1.0.
CVE-2024-53712HigDec 2, 2024
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in kevmimcc Kevin's kevins-plugin allows Stored XSS.This issue affects Kevin's: from n/a through <= 2.0.0.
CVE-2024-53711HigDec 2, 2024
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in tranchesdunet Hotlink2Watermark hotlink2watermark allows Stored XSS.This issue affects Hotlink2Watermark: from n/a through <= 0.3.2.
CVE-2024-53710HigDec 2, 2024
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in ITERAS ITERAS iteras allows Stored XSS.This issue affects ITERAS: from n/a through <= 1.8.0.
CVE-2024-52477HigDec 2, 2024
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in docxpresso Document & Data Automation document-data-automation allows Stored XSS.This issue affects Document & Data Automation: from n/a through <= 1.6.1.
CVE-2024-53750HigDec 1, 2024
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Maeve Lander PayPal Responder allows Stored XSS.This issue affects PayPal Responder: from n/a through 1.2.
CVE-2024-53778HigNov 30, 2024
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Essential Marketer Essential Breadcrumbs essential-breadcrumbs allows Stored XSS.This issue affects Essential Breadcrumbs: from n/a through <= 1.1.1.
CVE-2024-53736HigNov 28, 2024
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Jason Grim Custom Shortcode Sidebars custom-shortcode-sidebars allows Stored XSS.This issue affects Custom Shortcode Sidebars: from n/a through <= 1.2.
CVE-2024-53734HigNov 28, 2024
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Jamie O Idealien Category Enhancements idealien-category-enhancements allows Stored XSS.This issue affects Idealien Category Enhancements: from n/a through <= 1.2.
CVE-2024-53732HigNov 28, 2024
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in wpwox Footer Flyout Widget footer-flyout-widget allows Stored XSS.This issue affects Footer Flyout Widget: from n/a through <= 1.1.
CVE-2024-52421HigNov 19, 2024
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in wp-buy WP Popup Window Maker easy-popup-lightbox-maker allows Stored XSS.This issue affects WP Popup Window Maker: from n/a through <= 2.0.
CVE-2024-52388HigNov 19, 2024
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in mikeage Hebrew Date hebrewdates allows Stored XSS.This issue affects Hebrew Date: from n/a through <= 2.1.0.
CVE-2024-51657HigNov 19, 2024
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Woopy Plugins SmartLink Dynamic URLs smartlink-dinamic-urls allows Stored XSS.This issue affects SmartLink Dynamic URLs: from n/a through <= 1.1.0.
CVE-2024-51656HigNov 19, 2024
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in litefeel Flash Show And Hide Box flash-show-and-hide-box allows Stored XSS.This issue affects Flash Show And Hide Box: from n/a through <= 1.6.
CVE-2024-51655HigNov 19, 2024
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in microkid Custom Author URL author-slug allows Stored XSS.This issue affects Custom Author URL: from n/a through <= 2.0.1.
CVE-2024-51654HigNov 19, 2024
risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Eric Allen APK Downloader apk-downloader allows Stored XSS.This issue affects APK Downloader: from n/a through <= 1.0.0.