CWE-352
Cross-Site Request Forgery (CSRF)
Description
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-111 · CAPEC-462 · CAPEC-467 · CAPEC-62
CVEs mapped to this weakness (5,713)
page 9 of 286| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-58013 | Hig | 0.57 | 8.8 | 0.00 | Sep 22, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in pebas CouponXxL couponxxl allows Privilege Escalation.This issue affects CouponXxL: from n/a through <= 4.5.0. | ||
| CVE-2025-58833 | Hig | 0.57 | 8.8 | 0.00 | Sep 5, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in INVELITY Invelity MyGLS connect invelity-mygls-connect allows Object Injection.This issue affects Invelity MyGLS connect: from n/a through <= 1.1.1. | ||
| CVE-2025-49399 | Hig | 0.57 | 8.8 | 0.00 | Aug 20, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows Cross Site Request Forgery.This issue affects NEX-Forms: from n/a through <= 9.1.3. | ||
| CVE-2025-49382 | Hig | 0.57 | 8.8 | 0.00 | Aug 20, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in DexignZone JobZilla - Job Board WordPress Theme jobzilla allows Privilege Escalation.This issue affects JobZilla - Job Board WordPress Theme: from n/a through <= 2.0. | ||
| CVE-2025-53587 | Hig | 0.57 | 8.8 | 0.00 | Aug 14, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in ApusTheme Findgo findgo allows Cross Site Request Forgery.This issue affects Findgo: from n/a through <= 1.3.57. | ||
| CVE-2024-53946 | Hig | 0.57 | 8.8 | 0.01 | Aug 14, 2025 | The KuWFi 4G LTE AC900 router 1.0.13 is vulnerable to Cross-Site Request Forgery (CSRF) on its web management interface. This vulnerability allows an attacker to trick an authenticated admin user into performing unauthorized actions, such as exploiting a command injection… | ||
| CVE-2020-9322 | Hig | 0.57 | 8.8 | 0.00 | Aug 8, 2025 | The /users endpoint in Statamic Core before 2.11.8 allows XSS to add an administrator user. This can be exploited via CSRF. Stored XSS can occur via a JavaScript payload in a username during account registration. Reflected XSS can occur via the /users PATH_INFO. | ||
| CVE-2025-53483 | Hig | 0.57 | 8.8 | 0.00 | Jul 4, 2025 | ArchivePage.php, UnarchivePage.php, and VoterEligibilityPage#executeClear() do not validate request methods or CSRF tokens, allowing attackers to trigger sensitive actions if an admin visits a malicious site. This issue affects Mediawiki - SecurePoll extension: from 1.39.X… | ||
| CVE-2025-53277 | Hig | 0.57 | 8.8 | 0.00 | Jun 27, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in Infigo Software IS-theme-companion weblizar-companion allows Object Injection.This issue affects IS-theme-companion: from n/a through <= 1.59. | ||
| CVE-2025-52825 | Hig | 0.57 | 8.8 | 0.00 | Jun 20, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in Rameez Iqbal Real Estate Manager real-estate-manager allows Privilege Escalation.This issue affects Real Estate Manager: from n/a through <= 7.3. | ||
| CVE-2025-41661 | — | Hig | 0.57 | 8.8 | 0.00 | Jun 11, 2025 | An unauthenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of Cross-Site Request Forgery (CSRF) protection. | |
| CVE-2025-32310 | Hig | 0.57 | 8.8 | 0.00 | May 16, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in ThemeMove QuickCal - Appointment Booking Calendar for WordPress quickcal allows Privilege Escalation.This issue affects QuickCal - Appointment Booking Calendar for WordPress: from n/a through <= 1.0.15. | ||
| CVE-2025-47462 | Hig | 0.57 | 8.8 | 0.00 | May 7, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in WebAppick Challan webappick-pdf-invoice-for-woocommerce allows Privilege Escalation.This issue affects Challan: from n/a through <= 3.7.58. | ||
| CVE-2024-11142 | Hig | 0.57 | 8.8 | 0.00 | May 2, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in Gosoft Software Proticaret E-Commerce allows Cross Site Request Forgery. This issue affects Proticaret E-Commerce: before v6.0 NOTE: According to the vendor, fixing process is still ongoing for v4.05. | ||
| CVE-2025-31038 | Hig | 0.57 | 8.8 | 0.00 | Apr 9, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in Essential Marketer Essential Breadcrumbs essential-breadcrumbs allows Privilege Escalation.This issue affects Essential Breadcrumbs: from n/a through <= 1.1.1. | ||
| CVE-2025-31036 | Hig | 0.57 | 8.8 | 0.00 | Apr 9, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in WPSOLR WPSolr wpsolr-free allows Privilege Escalation.This issue affects WPSolr: from n/a through <= 24.0. | ||
| CVE-2025-31023 | Hig | 0.57 | 8.8 | 0.00 | Apr 9, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in Purab Seo Meta Tags seo-meta-tags allows Cross Site Request Forgery.This issue affects Seo Meta Tags: from n/a through <= 1.4. | ||
| CVE-2024-11071 | Hig | 0.57 | 8.8 | 0.00 | Apr 7, 2025 | Permissive Cross-domain Policy with Untrusted Domains vulnerability in local API server of DestinyECM solution(versions described below) which is developed and maintained by Cyberdigm may allow Cross-Site Request Forgery (CSRF) attack, which probabilistically enables JSON… | ||
| CVE-2025-2319 | Hig | 0.57 | 8.8 | 0.00 | Mar 25, 2025 | The EZ SQL Reports Shortcode Widget and DB Backup plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 4.11.13 to 5.25.08. This is due to missing or incorrect nonce validation on the 'ELISQLREPORTS_menu' function. This makes it possible for… | ||
| CVE-2024-8489 | Hig | 0.57 | 8.8 | 0.00 | Mar 20, 2025 | A vulnerability in modelscope/agentscope, specifically in the AgentScope Studio backend server, allows for Cross-Site Request Forgery (CSRF) due to overly permissive CORS headers. This issue affects the latest commit on the main branch (21161fe). The vulnerability permits an… |
- risk 0.57cvss 8.8epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in pebas CouponXxL couponxxl allows Privilege Escalation.This issue affects CouponXxL: from n/a through <= 4.5.0.
- risk 0.57cvss 8.8epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in INVELITY Invelity MyGLS connect invelity-mygls-connect allows Object Injection.This issue affects Invelity MyGLS connect: from n/a through <= 1.1.1.
- risk 0.57cvss 8.8epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows Cross Site Request Forgery.This issue affects NEX-Forms: from n/a through <= 9.1.3.
- risk 0.57cvss 8.8epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in DexignZone JobZilla - Job Board WordPress Theme jobzilla allows Privilege Escalation.This issue affects JobZilla - Job Board WordPress Theme: from n/a through <= 2.0.
- risk 0.57cvss 8.8epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in ApusTheme Findgo findgo allows Cross Site Request Forgery.This issue affects Findgo: from n/a through <= 1.3.57.
- risk 0.57cvss 8.8epss 0.01
The KuWFi 4G LTE AC900 router 1.0.13 is vulnerable to Cross-Site Request Forgery (CSRF) on its web management interface. This vulnerability allows an attacker to trick an authenticated admin user into performing unauthorized actions, such as exploiting a command injection…
- risk 0.57cvss 8.8epss 0.00
The /users endpoint in Statamic Core before 2.11.8 allows XSS to add an administrator user. This can be exploited via CSRF. Stored XSS can occur via a JavaScript payload in a username during account registration. Reflected XSS can occur via the /users PATH_INFO.
- risk 0.57cvss 8.8epss 0.00
ArchivePage.php, UnarchivePage.php, and VoterEligibilityPage#executeClear() do not validate request methods or CSRF tokens, allowing attackers to trigger sensitive actions if an admin visits a malicious site. This issue affects Mediawiki - SecurePoll extension: from 1.39.X…
- risk 0.57cvss 8.8epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Infigo Software IS-theme-companion weblizar-companion allows Object Injection.This issue affects IS-theme-companion: from n/a through <= 1.59.
- risk 0.57cvss 8.8epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Rameez Iqbal Real Estate Manager real-estate-manager allows Privilege Escalation.This issue affects Real Estate Manager: from n/a through <= 7.3.
- risk 0.57cvss 8.8epss 0.00
An unauthenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of Cross-Site Request Forgery (CSRF) protection.
- risk 0.57cvss 8.8epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in ThemeMove QuickCal - Appointment Booking Calendar for WordPress quickcal allows Privilege Escalation.This issue affects QuickCal - Appointment Booking Calendar for WordPress: from n/a through <= 1.0.15.
- risk 0.57cvss 8.8epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in WebAppick Challan webappick-pdf-invoice-for-woocommerce allows Privilege Escalation.This issue affects Challan: from n/a through <= 3.7.58.
- risk 0.57cvss 8.8epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Gosoft Software Proticaret E-Commerce allows Cross Site Request Forgery. This issue affects Proticaret E-Commerce: before v6.0 NOTE: According to the vendor, fixing process is still ongoing for v4.05.
- risk 0.57cvss 8.8epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Essential Marketer Essential Breadcrumbs essential-breadcrumbs allows Privilege Escalation.This issue affects Essential Breadcrumbs: from n/a through <= 1.1.1.
- risk 0.57cvss 8.8epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in WPSOLR WPSolr wpsolr-free allows Privilege Escalation.This issue affects WPSolr: from n/a through <= 24.0.
- risk 0.57cvss 8.8epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Purab Seo Meta Tags seo-meta-tags allows Cross Site Request Forgery.This issue affects Seo Meta Tags: from n/a through <= 1.4.
- risk 0.57cvss 8.8epss 0.00
Permissive Cross-domain Policy with Untrusted Domains vulnerability in local API server of DestinyECM solution(versions described below) which is developed and maintained by Cyberdigm may allow Cross-Site Request Forgery (CSRF) attack, which probabilistically enables JSON…
- risk 0.57cvss 8.8epss 0.00
The EZ SQL Reports Shortcode Widget and DB Backup plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 4.11.13 to 5.25.08. This is due to missing or incorrect nonce validation on the 'ELISQLREPORTS_menu' function. This makes it possible for…
- risk 0.57cvss 8.8epss 0.00
A vulnerability in modelscope/agentscope, specifically in the AgentScope Studio backend server, allows for Cross-Site Request Forgery (CSRF) due to overly permissive CORS headers. This issue affects the latest commit on the main branch (21161fe). The vulnerability permits an…