Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-352

CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,347 vulnerabilities with CWE-352

CVE-2024-48047 MEDIUM

Razon Komar Pal Linked Variation for WooCommerce - CSRF

CVE-2024-48038 MEDIUM

wp-Monalisa <= 6.4 - Cross-Site Request Forgery

CVE-2024-9352 MEDIUM

Forminator Forms < 1.35.1 - Cross-Site Request Forgery via Custom Form Create Module

CVE-2024-9351 MEDIUM

Forminator Forms < 1.35.1 - Cross-Site Request Forgery via Quiz Create Module

CVE-2024-48758 MEDIUM

dingfanzu_cms V1.0 - Cross-Site Request Forgery via doAdminAction.php addPro Parameter

CVE-2024-20421 HIGH

Cisco ATA 190 Series Firmware < 12.0.2 (ATA 191) and < 11.2.5 (ATA 192) - Cross-Site Request Forgery

CVE-2024-45693 HIGH

Apache CloudStack 4.15.1.0-4.18.2.3 and 4.19.0.0-4.19.1.1 - Cross-Site Request Forgery

CVE-2024-8507 HIGH

WordPress File Manager Pro <8.3.9 - CSRF

CVE-2024-9649 MEDIUM

WP ULike < 4.7.4 - Cross-Site Request Forgery via wp_ulike_delete_history_api

CVE-2024-49340 MEDIUM

IBM Watson Studio Local 1.2.3 - Cross-Site Request Forgery

CVE-2024-21202 MEDIUM

Oracle PeopleSoft Enterprise PeopleTools 8.59, 8.60, 8.61 - Cross-Site Request Forgery

CVE-2024-41344 HIGH

CodeIgniter 3.1.13 - Cross-Site Request Forgery

CVE-2024-48913 MEDIUM

Hono < 4.6.5 - CSRF Protection Bypass via Missing Content-Type Header

CVE-2024-48278 MEDIUM

Phpgurukul User Registration & Login and User Management System 3.2 - Cross-Site Request Forgery via Edit Profile

CVE-2024-45737 MEDIUM

Splunk < 9.1.6 - CSRF

CVE-2024-46911 MEDIUM

Apache Roller < 6.1.4 - Cross-Site Request Forgery and Privilege Escalation via Weblog Content Publishing

CVE-2024-6959 HIGH

lollms_web_ui 9.8 - Denial of Service via Malformed Multipart Boundary

CVE-2024-9778 MEDIUM

ImagePress - Image Gallery <= 1.2.2 - Cross-Site Request Forgery via Missing Nonce Validation

CVE-2024-9592 MEDIUM

Easy PayPal Gift Certificate <1.2.3 - CSRF

CVE-2024-8477 MEDIUM

Brevo WordPress plugin <3.1.87 - CSRF

CVE-2024-47828 MEDIUM

ampache < 6.6.0 - Cross-Site Request Forgery via Playlist Deletion

CVE-2024-44028 HIGH

NiceJob < 3.6.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting

CVE-2024-47635 MEDIUM

TinyPNG <= 3.4.3 - Cross-Site Request Forgery

CVE-2024-47846 HIGH

Mediawiki Cargo 3.6.X < 3.6.1 - Cross-Site Request Forgery

CVE-2024-43684 HIGH

Microchip TimeProvider 4100 Firmware 1.0-2.4.6 - Cross-Site Request Forgery and Cross-Site Scripting

Previous Page 110 of 374 Next

Details

Vulnerabilities 9,347

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy