VYPR

CWE-352

Cross-Site Request Forgery (CSRF)

CompoundStableLikelihood: Medium

Description

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-111 · CAPEC-462 · CAPEC-467 · CAPEC-62

CVEs mapped to this weakness (5,713)

page 89 of 286
  • CVE-2024-54394HigDec 16, 2024
    risk 0.46cvss 7.1epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in khubbaib Mandrill WP email-form-under-post allows Stored XSS.This issue affects Mandrill WP: from n/a through <= 1.0.5.

  • CVE-2024-54393HigDec 16, 2024
    risk 0.46cvss 7.1epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Sheikh Heera WP Fiddle wp-fiddle allows Stored XSS.This issue affects WP Fiddle: from n/a through <= 1.0.

  • CVE-2024-54392HigDec 16, 2024
    risk 0.46cvss 7.1epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in midoks WP微信机器人 wp-weixin-robot allows Stored XSS.This issue affects WP微信机器人: from n/a through <= 5.3.5.

  • CVE-2024-54391HigDec 16, 2024
    risk 0.46cvss 7.1epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in mattwalters WordPress Filter wordpress-filter allows Stored XSS.This issue affects WordPress Filter: from n/a through <= 1.4.1.

  • CVE-2024-54389HigDec 16, 2024
    risk 0.46cvss 7.1epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Eduardo addWeather myweather allows Cross Site Request Forgery.This issue affects addWeather: from n/a through <= 2.5.1.

  • CVE-2024-54388HigDec 16, 2024
    risk 0.46cvss 7.1epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Phuc Pham Multiple Admin Emails multiple-admin-emails allows Cross Site Request Forgery.This issue affects Multiple Admin Emails: from n/a through <= 1.0.

  • CVE-2024-54386HigDec 16, 2024
    risk 0.46cvss 7.1epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in pushmonkey Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart push-monkey-desktop-push-notifications allows Cross Site Request Forgery.This issue affects Push Monkey Pro – Web Push Notifications and…

  • CVE-2024-54353HigDec 16, 2024
    risk 0.46cvss 7.1epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in wpgear Hack-Info hack-info allows Stored XSS.This issue affects Hack-Info: from n/a through <= 3.17.

  • CVE-2024-54332HigDec 16, 2024
    risk 0.46cvss 7.1epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in WPFactory WP Currency Exchange Rates wp-currency-exchange-rates allows Stored XSS.This issue affects WP Currency Exchange Rates: from n/a through <= 1.2.0.

  • CVE-2024-54331HigDec 16, 2024
    risk 0.46cvss 7.1epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Micha I Plant A Tree i-plant-a-tree allows Stored XSS.This issue affects I Plant A Tree: from n/a through <= 1.7.3.

  • CVE-2024-12644HigDec 16, 2024
    risk 0.46cvss 7.1epss 0.00

    The tbm-client from Chunghwa Telecom has an Arbitrary File vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could use…

  • CVE-2024-54351HigDec 13, 2024
    risk 0.46cvss 7.1epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Thomas K Landis Fancy Roller Scroller fancy-roller-scroller allows Stored XSS.This issue affects Fancy Roller Scroller: from n/a through <= 1.4.0.

  • CVE-2024-54337HigDec 13, 2024
    risk 0.46cvss 7.1epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in DevriX DX Dark Site devrix-dark-site allows Stored XSS.This issue affects DX Dark Site: from n/a through <= 1.0.1.

  • CVE-2024-54226HigDec 9, 2024
    risk 0.46cvss 7.1epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in karlkiesinger Country Blocker country-blocker allows Stored XSS.This issue affects Country Blocker: from n/a through <= 3.2.

  • CVE-2024-54205HigDec 6, 2024
    risk 0.46cvss 7.1epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Paloma Paloma Widget postman-widget allows Cross Site Request Forgery.This issue affects Paloma Widget: from n/a through <= 1.14.

  • CVE-2024-53789HigDec 2, 2024
    risk 0.46cvss 7.1epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Ritesh Sanap Advanced What should we write next about advanced-what-should-we-write-about-next allows Stored XSS.This issue affects Advanced What should we write next about: from n/a through <= 1.0.3.

  • CVE-2024-53782HigDec 2, 2024
    risk 0.46cvss 7.1epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in cmsaccount Photo Video Store photo-video-store allows Cross-Site Scripting (XSS).This issue affects Photo Video Store: from n/a through <= 21.07.

  • CVE-2024-53781HigDec 2, 2024
    risk 0.46cvss 7.1epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in homejunction SpatialMatch IDX spatialmatch-free-lifestyle-search allows Stored XSS.This issue affects SpatialMatch IDX: from n/a through <= 3.0.9.

  • CVE-2024-53780HigDec 2, 2024
    risk 0.46cvss 7.1epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in rajeevglocify Load More Posts load-more-posts allows Stored XSS.This issue affects Load More Posts: from n/a through <= 1.5.0.

  • CVE-2024-53779HigDec 2, 2024
    risk 0.46cvss 7.1epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in 8bitkid Yahoo! WebPlayer yahoo-media-player allows Stored XSS.This issue affects Yahoo! WebPlayer: from n/a through <= 2.0.6.