VYPR

CWE-352

Cross-Site Request Forgery (CSRF)

CompoundStableLikelihood: Medium

Description

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-111 · CAPEC-462 · CAPEC-467 · CAPEC-62

CVEs mapped to this weakness (5,713)

page 96 of 286
  • CVE-2024-24843HigFeb 21, 2024
    risk 0.46cvss 7.1epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in PowerPack Addons for Elementor PowerPack Pro for Elementor.This issue affects PowerPack Pro for Elementor: from n/a before 2.10.8.

  • CVE-2024-22290HigJan 31, 2024
    risk 0.46cvss 7.1epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in AboZain,O7abeeb,UnitOne Custom Dashboard Widgets allows Cross-Site Scripting (XSS).This issue affects Custom Dashboard Widgets: from n/a through 1.3.1.

  • CVE-2024-22287HigJan 31, 2024
    risk 0.46cvss 7.1epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Luděk Melichar Better Anchor Links allows Cross-Site Scripting (XSS).This issue affects Better Anchor Links: from n/a through 1.7.5.

  • CVE-2022-41990HigJan 17, 2024
    risk 0.46cvss 7.1epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Vinoj Cardoza 3D Tag Cloud allows Stored XSS.This issue affects 3D Tag Cloud: from n/a through 3.8.

  • CVE-2023-48278HigNov 30, 2023
    risk 0.46cvss 7.1epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Nitin Rathod WP Forms Puzzle Captcha allows Stored XSS.This issue affects WP Forms Puzzle Captcha: from n/a through 4.1.

  • CVE-2023-36682HigNov 30, 2023
    risk 0.46cvss 7.1epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force US LLC Schema Pro allows Cross Site Request Forgery.This issue affects Schema Pro: from n/a through 2.7.7.

  • CVE-2023-33333HigNov 30, 2023
    risk 0.46cvss 7.1epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Really Simple Plugins Complianz, Really Simple Plugins Complianz Premium allows Cross-Site Scripting (XSS).This issue affects Complianz: from n/a through 6.4.4; Complianz Premium: from n/a through 6.4.6.1.

  • CVE-2023-47550HigNov 14, 2023
    risk 0.46cvss 7.1epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in RedNao Donations Made Easy – Smart Donations allows Stored XSS.This issue affects Donations Made Easy – Smart Donations: from n/a through 4.0.12.

  • CVE-2023-31230HigNov 13, 2023
    risk 0.46cvss 7.1epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Haoqisir Baidu Tongji generator allows Stored XSS.This issue affects Baidu Tongji generator: from n/a through 1.0.2.

  • CVE-2023-39166HigNov 13, 2023
    risk 0.46cvss 7.1epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in tagDiv tagDiv Composer allows Cross-Site Scripting (XSS).This issue affects tagDiv Composer: from n/a before 4.4.

  • CVE-2023-40335HigNov 13, 2023
    risk 0.46cvss 7.1epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Jeremy O'Connell Cleverwise Daily Quotes allows Stored XSS.This issue affects Cleverwise Daily Quotes: from n/a through 3.2.

  • CVE-2023-47652HigNov 13, 2023
    risk 0.46cvss 7.1epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto Affiliate Links allows Stored XSS.This issue affects Auto Affiliate Links: from n/a through 6.4.2.4.

  • CVE-2023-47516HigNov 13, 2023
    risk 0.46cvss 7.1epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Stark Digital Category Post List Widget allows Stored XSS.This issue affects Category Post List Widget: from n/a through 2.0.

  • CVE-2023-46634HigNov 13, 2023
    risk 0.46cvss 7.1epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in phoeniixx Custom My Account for Woocommerce allows Cross-Site Scripting (XSS).This issue affects Custom My Account for Woocommerce: from n/a through 2.1.

  • CVE-2023-47182HigNov 6, 2023
    risk 0.46cvss 7.1epss 0.00

    Cross-Site Request Forgery (CSRF) leading to a Stored Cross-Site Scripting (XSS) vulnerability in Nazmul Hossain Nihal Login Screen Manager plugin <= 3.5.2 versions.

  • CVE-2023-2079HigJul 11, 2023
    risk 0.46cvss 7.1epss 0.00

    The "Buy Me a Coffee – Button and Widget Plugin" plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the recieve_post, bmc_disconnect, name_post, and widget_post functions in versions up to, and including, 3.7. This makes it…

  • CVE-2023-0870HigMar 22, 2023
    risk 0.46cvss 8.1epss 0.00

    A form can be manipulated with cross-site request forgery in multiple versions of OpenNMS Meridian and Horizon. This can potentially allow an attacker to gain access to confidential information and compromise integrity. The solution is to upgrade to Meridian 2023.1.1 or Horizon…

  • CVE-2023-0554HigJan 27, 2023
    risk 0.46cvss 8.1epss 0.00

    The Quick Restaurant Menu plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on its AJAX actions. This makes it possible for unauthenticated attackers to update menu…

  • CVE-2022-23601HigFeb 1, 2022
    risk 0.46cvss 8.1epss 0.01

    Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony form component provides a CSRF protection mechanism by using a random token injected in the form and using the session to store and control the token submitted by the…

  • CVE-2021-25976HigNov 16, 2021
    risk 0.46cvss 8.1epss 0.00

    In PiranhaCMS, versions 4.0.0-alpha1 to 9.2.0 are vulnerable to cross-site request forgery (CSRF) when performing various actions supported by the management system, such as deleting a user, deleting a role, editing a post, deleting a media folder etc., when an ID is known.