CWE-352

Cross-Site Request Forgery (CSRF)

CompoundStableLikelihood: Medium

Description

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

Hierarchy (View 1000)

Parents

CWE-345

Children

none

Related attack patterns (CAPEC)

CAPEC-111 · CAPEC-462 · CAPEC-467 · CAPEC-62

CVEs mapped to this weakness (4,573)

page 87 of 229

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2025-31779	WordPress Query Wrangler	Med	0.35	5.4	Apr 1, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Jonathan Daggerhart Query Wrangler query-wrangler allows Cross Site Request Forgery.This issue affects Query Wrangler: from n/a through <= 1.5.54.
CVE-2025-31588	WordPress Elfsight Testimonials Slider	Med	0.35	5.4	Mar 31, 2025	Cross-Site Request Forgery (CSRF) vulnerability in elfsight Elfsight Testimonials Slider elfsight-testimonials-slider allows Cross Site Request Forgery.This issue affects Elfsight Testimonials Slider: from n/a through <= 1.0.1.
CVE-2025-31457	WordPress Lws Sms	Med	0.35	5.4	Mar 28, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Aurélien LWS LWS SMS lws-sms allows Cross Site Request Forgery.This issue affects LWS SMS: from n/a through <= 2.4.1.
CVE-2025-31448	WordPress Simple Trackback Disabler	Med	0.35	5.4	Mar 28, 2025	Cross-Site Request Forgery (CSRF) vulnerability in misteraon Simple Trackback Disabler simple-trackback-disabler allows Cross Site Request Forgery.This issue affects Simple Trackback Disabler: from n/a through <= 1.4.
CVE-2025-31447	WordPress Nertworks All In One Social Share Tools	Med	0.35	5.4	Mar 28, 2025	Cross-Site Request Forgery (CSRF) vulnerability in nertworks NertWorks All in One Social Share Tools nertworks-all-in-one-social-share-tools allows Cross Site Request Forgery.This issue affects NertWorks All in One Social Share Tools: from n/a through <= 1.26.
CVE-2025-31439	WordPress Browser Caching With Htaccess	Med	0.35	5.4	Mar 28, 2025	Cross-Site Request Forgery (CSRF) vulnerability in tobias_.MerZ Browser Caching with .htaccess allows Cross Site Request Forgery. This issue affects Browser Caching with .htaccess: from 1.2.1 through n/a.
CVE-2025-22634	WordPress Easy Booked	Med	0.35	5.4	Mar 27, 2025	Cross-Site Request Forgery (CSRF) vulnerability in MD Abu Jubayer Hossain Easy Booked – Appointment Booking and Scheduling Management System for WordPress easy-booked allows Cross Site Request Forgery.This issue affects Easy Booked – Appointment Booking and Scheduling Management System for WordPress: from n/a through <= 2.4.5.
CVE-2025-30912	WordPress Float Menu	Med	0.35	5.4	Mar 27, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Float menu float-menu allows Cross Site Request Forgery.This issue affects Float menu: from n/a through <= 6.1.2.
CVE-2025-30619	WordPress Speakpipe Voicemail For Websites	Med	0.35	5.4	Mar 24, 2025	Cross-Site Request Forgery (CSRF) vulnerability in SpeakPipe SpeakPipe speakpipe-voicemail-for-websites allows Cross Site Request Forgery.This issue affects SpeakPipe: from n/a through <= 0.2.
CVE-2025-26963	Flowdee Clickwhale	Med	0.35	5.4	Feb 25, 2025	Cross-Site Request Forgery (CSRF) vulnerability in ClickWhale ClickWhale clickwhale allows Cross Site Request Forgery.This issue affects ClickWhale: from n/a through <= 2.4.3.
CVE-2025-27340	WordPress F12 Profiler	Med	0.35	5.4	Feb 24, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Forge12 Interactive GmbH F12-Profiler f12-profiler allows Cross Site Request Forgery.This issue affects F12-Profiler: from n/a through <= 1.3.9.
CVE-2025-25145	WordPress Infusionsoft Web Tracker	Med	0.35	5.4	Feb 7, 2025	Cross-Site Request Forgery (CSRF) vulnerability in jordan.hatch Infusionsoft Analytics infusionsoft-web-tracker allows Cross Site Request Forgery.This issue affects Infusionsoft Analytics: from n/a through <= 2.0.
CVE-2025-25111	WordPress Wp Spell Check	Med	0.35	5.4	Feb 7, 2025	Cross-Site Request Forgery (CSRF) vulnerability in WP Spell Check WP Spell Check wp-spell-check allows Cross Site Request Forgery.This issue affects WP Spell Check: from n/a through <= 9.21.
CVE-2025-23985	WordPress Dynamic Url Seo	Med	0.35	5.4	Jan 31, 2025	Cross-Site Request Forgery (CSRF) vulnerability in brainvireinfo Dynamic URL SEO dynamic-url-seo allows Cross Site Request Forgery.This issue affects Dynamic URL SEO: from n/a through <= 1.0.
CVE-2025-24538	WordPress Buddypress Groups Extras	Med	0.35	5.4	Jan 27, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Slava Abakumov BuddyPress Groups Extras buddypress-groups-extras allows Cross Site Request Forgery.This issue affects BuddyPress Groups Extras: from n/a through <= 3.6.10.
CVE-2025-24537	WordPress The Events Calendar	Med	0.35	5.4	Jan 27, 2025	Cross-Site Request Forgery (CSRF) vulnerability in StellarWP The Events Calendar the-events-calendar allows Cross Site Request Forgery.This issue affects The Events Calendar: from n/a through <= 6.7.0.
CVE-2025-24533	WordPress ML Slider	Med	0.35	5.4	Jan 27, 2025	Cross-Site Request Forgery (CSRF) vulnerability in MetaSlider Responsive Slider by MetaSlider ml-slider allows Cross Site Request Forgery.This issue affects Responsive Slider by MetaSlider: from n/a through <= 3.92.0.
CVE-2025-24724	WordPress Side Menu Lite	Med	0.35	5.4	Jan 24, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Side Menu Lite side-menu-lite allows Cross Site Request Forgery.This issue affects Side Menu Lite: from n/a through <= 5.3.1.
CVE-2025-24720	WordPress Sticky Buttons	Med	0.35	5.4	Jan 24, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Sticky Buttons sticky-buttons allows Cross Site Request Forgery.This issue affects Sticky Buttons: from n/a through <= 4.1.1.
CVE-2025-24717	Wow Company Modal Window	Med	0.35	5.4	Jan 24, 2025	Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Modal Window modal-window allows Cross Site Request Forgery.This issue affects Modal Window: from n/a through <= 6.1.4.

CVE-2025-31779MedApr 1, 2025
WordPress
Query Wrangler
risk 0.35cvss 5.4epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Jonathan Daggerhart Query Wrangler query-wrangler allows Cross Site Request Forgery.This issue affects Query Wrangler: from n/a through <= 1.5.54.
CVE-2025-31588MedMar 31, 2025
WordPress
Elfsight Testimonials Slider
risk 0.35cvss 5.4epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in elfsight Elfsight Testimonials Slider elfsight-testimonials-slider allows Cross Site Request Forgery.This issue affects Elfsight Testimonials Slider: from n/a through <= 1.0.1.
CVE-2025-31457MedMar 28, 2025
WordPress
Lws Sms
risk 0.35cvss 5.4epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Aurélien LWS LWS SMS lws-sms allows Cross Site Request Forgery.This issue affects LWS SMS: from n/a through <= 2.4.1.
CVE-2025-31448MedMar 28, 2025
WordPress
Simple Trackback Disabler
risk 0.35cvss 5.4epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in misteraon Simple Trackback Disabler simple-trackback-disabler allows Cross Site Request Forgery.This issue affects Simple Trackback Disabler: from n/a through <= 1.4.
CVE-2025-31447MedMar 28, 2025
WordPress
Nertworks All In One Social Share Tools
risk 0.35cvss 5.4epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in nertworks NertWorks All in One Social Share Tools nertworks-all-in-one-social-share-tools allows Cross Site Request Forgery.This issue affects NertWorks All in One Social Share Tools: from n/a through <= 1.26.
CVE-2025-31439MedMar 28, 2025
WordPress
Browser Caching With Htaccess
risk 0.35cvss 5.4epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in tobias_.MerZ Browser Caching with .htaccess allows Cross Site Request Forgery. This issue affects Browser Caching with .htaccess: from 1.2.1 through n/a.
CVE-2025-22634MedMar 27, 2025
WordPress
Easy Booked
risk 0.35cvss 5.4epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in MD Abu Jubayer Hossain Easy Booked – Appointment Booking and Scheduling Management System for WordPress easy-booked allows Cross Site Request Forgery.This issue affects Easy Booked – Appointment Booking and Scheduling Management System for WordPress: from n/a through <= 2.4.5.
CVE-2025-30912MedMar 27, 2025
WordPress
Float Menu
risk 0.35cvss 5.4epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Float menu float-menu allows Cross Site Request Forgery.This issue affects Float menu: from n/a through <= 6.1.2.
CVE-2025-30619MedMar 24, 2025
WordPress
Speakpipe Voicemail For Websites
risk 0.35cvss 5.4epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in SpeakPipe SpeakPipe speakpipe-voicemail-for-websites allows Cross Site Request Forgery.This issue affects SpeakPipe: from n/a through <= 0.2.
CVE-2025-26963MedFeb 25, 2025
Flowdee
Clickwhale
risk 0.35cvss 5.4epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in ClickWhale ClickWhale clickwhale allows Cross Site Request Forgery.This issue affects ClickWhale: from n/a through <= 2.4.3.
CVE-2025-27340MedFeb 24, 2025
WordPress
F12 Profiler
risk 0.35cvss 5.4epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Forge12 Interactive GmbH F12-Profiler f12-profiler allows Cross Site Request Forgery.This issue affects F12-Profiler: from n/a through <= 1.3.9.
CVE-2025-25145MedFeb 7, 2025
WordPress
Infusionsoft Web Tracker
risk 0.35cvss 5.4epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in jordan.hatch Infusionsoft Analytics infusionsoft-web-tracker allows Cross Site Request Forgery.This issue affects Infusionsoft Analytics: from n/a through <= 2.0.
CVE-2025-25111MedFeb 7, 2025
WordPress
Wp Spell Check
risk 0.35cvss 5.4epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in WP Spell Check WP Spell Check wp-spell-check allows Cross Site Request Forgery.This issue affects WP Spell Check: from n/a through <= 9.21.
CVE-2025-23985MedJan 31, 2025
WordPress
Dynamic Url Seo
risk 0.35cvss 5.4epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in brainvireinfo Dynamic URL SEO dynamic-url-seo allows Cross Site Request Forgery.This issue affects Dynamic URL SEO: from n/a through <= 1.0.
CVE-2025-24538MedJan 27, 2025
WordPress
Buddypress Groups Extras
risk 0.35cvss 5.4epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Slava Abakumov BuddyPress Groups Extras buddypress-groups-extras allows Cross Site Request Forgery.This issue affects BuddyPress Groups Extras: from n/a through <= 3.6.10.
CVE-2025-24537MedJan 27, 2025
WordPress
The Events Calendar
risk 0.35cvss 5.4epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in StellarWP The Events Calendar the-events-calendar allows Cross Site Request Forgery.This issue affects The Events Calendar: from n/a through <= 6.7.0.
CVE-2025-24533MedJan 27, 2025
WordPress
ML Slider
risk 0.35cvss 5.4epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in MetaSlider Responsive Slider by MetaSlider ml-slider allows Cross Site Request Forgery.This issue affects Responsive Slider by MetaSlider: from n/a through <= 3.92.0.
CVE-2025-24724MedJan 24, 2025
WordPress
Side Menu Lite
risk 0.35cvss 5.4epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Side Menu Lite side-menu-lite allows Cross Site Request Forgery.This issue affects Side Menu Lite: from n/a through <= 5.3.1.
CVE-2025-24720MedJan 24, 2025
WordPress
Sticky Buttons
risk 0.35cvss 5.4epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Sticky Buttons sticky-buttons allows Cross Site Request Forgery.This issue affects Sticky Buttons: from n/a through <= 4.1.1.
CVE-2025-24717MedJan 24, 2025
Wow Company
Modal Window
risk 0.35cvss 5.4epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Modal Window modal-window allows Cross Site Request Forgery.This issue affects Modal Window: from n/a through <= 6.1.4.