Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-352

CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,302 vulnerabilities with CWE-352

CVE-2026-49043 MEDIUM

WordPress WP Migrate Lite plugin <= 2.7.8 - Cross Site Request Forgery (CSRF) vulnerability

CVE-2026-48518 MEDIUM

MultiJuicer: Login CSRF allows attacker to force victims into their team

CVE-2026-49396 HIGH

Nezha Monitoring: Cross-site GET request can trigger stored cron commands on a victim's agents

CVE-2026-54359 HIGH

MISP automation endpoints may be exposed to CSRF when Sec-Fetch-Site protection is disabled by default

CVE-2026-48612 HIGH

phpBB < 3.3.16 - Cross-Site Request Forgery (CSRF)

CVE-2026-53739 MEDIUM

Yoast Duplicate Post through 4.6 Cross-Site Request Forgery via duplicate_post_dismiss_notice

CVE-2026-53736 MEDIUM

Easy Twitter Feeds before 1.2.13 Cross-Site Request Forgery via duplicate_post Action

CVE-2026-39170 MEDIUM

SemCms 5.0 - Cross-Site Request Forgery via /admin/semcms_user.php

CVE-2026-8940 MEDIUM

WP Meta Sort Posts <= 0.9 - Cross-Site Request Forgery to Plugin Settings Update

CVE-2026-8910 MEDIUM

WP Emoticon Rating <= 1.0.1 - Cross-Site Request Forgery to Reflected Cross-Site Scripting via 'emo_settings' Parameter

CVE-2026-8909 MEDIUM

WpMobi <= 0.0.3 - Cross-Site Request Forgery via save_general_settings Action

CVE-2026-8907 MEDIUM

WP-Ultimate-Map <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'zoom-level' Parameter

CVE-2026-8904 MEDIUM

FastPicker, an order picker and order management system (oms) for WooCommerce on steroids <= 1.0.2 - Cross-Site Request Forgery via Settings Save

CVE-2026-8902 MEDIUM

AJAX Report Comments <= 2.0.4 - Cross-Site Request Forgery to Settings Update

CVE-2026-10553 MEDIUM

jQuery Hover Footnotes <= 1.4 - Cross-Site Request Forgery to Plugin Settings Update

CVE-2026-9719 MEDIUM

LatePoint <= 5.6.0 - Cross-Site Request Forgery via invoices__change_status Action

CVE-2026-7047 MEDIUM

Frontend User Notes <= 2.1.1 - Cross-Site Request Forgery to Note Content Modification via 'confirmEdit' Action

CVE-2026-11270 MEDIUM

Google Chrome < 149.0.7827.53 - Cross-Origin Data Leak via Crafted HTML Page

CVE-2026-11265 HIGH

Google Chrome < 149.0.7827.53 - Cross-Origin Data Leak via Autofill

CVE-2026-11214 MEDIUM

Chrome for iOS < 149.0.7827.53 - Cross-Origin Data Leak via Crafted HTML Page

CVE-2026-11200 MEDIUM

Google Chrome < 149.0.7827.53 - Cross-Origin Data Leak via WebRTC

CVE-2026-11195 MEDIUM

Google Chrome < 149.0.7827.53 - Cross-Origin Data Leak via MHTML

CVE-2026-11194 MEDIUM

Google Chrome < 149.0.7827.53 - Cross-Origin Data Leak via Network Implementation

CVE-2026-11156 MEDIUM

Google Chrome < 149.0.7827.53 - Cross-Origin Data Leak via CSS Implementation

CVE-2026-11155 MEDIUM

Google Chrome < 149.0.7827.53 - Cross-Origin Data Leak via CSS

Page 1 of 373 Next

Details

Vulnerabilities 9,302

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy