Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-352

CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,347 vulnerabilities with CWE-352

CVE-2024-43299 MEDIUM

Softaculous Team SpeedyCache - CSRF

CVE-2024-43295 MEDIUM

Passionate Programmers B.V. WP Data Access <5.5.7 - CSRF

CVE-2024-43287 MEDIUM

Brevo Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue <= 3.1.82 - Cross-Site Request Forgery

CVE-2024-43269 MEDIUM

WPBackItUp Backup and Restore WordPress < 1.50 - Cross-Site Request Forgery

CVE-2024-43265 MEDIUM

Analytify < 5.3.1 - Cross-Site Request Forgery

CVE-2024-43255 HIGH

Stormhill Media MyBookTable <3.3.9 - CSRF/XSS

CVE-2024-43117 MEDIUM

Hummingbird <= 3.9.1 - Cross-Site Request Forgery

CVE-2024-43116 MEDIUM

Simple Local Avatars <2.7.10 - CSRF

CVE-2024-39657 MEDIUM

Sender - Newsletter, SMS and Email Marketing Automation for WooCommerce <= 2.6.18 - Cross-Site Request Forgery

CVE-2024-39645 MEDIUM

Themeum Tutor LMS <= 2.7.2 - Cross-Site Request Forgery

CVE-2024-39641 MEDIUM

LearnPress <= 4.2.6.8.2 - Cross-Site Request Forgery

CVE-2024-39628 MEDIUM

Ninja Forms < 3.8.6 - Cross-Site Request Forgery

CVE-2024-42792 LOW

Kashipara Music Management System <1.0 - CSRF

CVE-2024-8120 MEDIUM

ImageRecycle pdf & image compression plugin <3.1.14 - CSRF

CVE-2024-7568 CRITICAL

Favicon Generator <= 1.5 - Cross-Site Request Forgery via output_sub_admin_page_0 Function

CVE-2024-42764 CRITICAL

Kashipara Bus Ticket Reservation System v1.0 - CSRF

CVE-2024-42768 MEDIUM

Kashipara Hotel Management System v1.0 - CSRF

CVE-2024-43787 MEDIUM

Hono < 4.5.8 - Cross-Site Request Forgery Bypass via Crafted Content-Type Header

CVE-2024-39744 MEDIUM

IBM Sterling Connect:Direct Web Services 6.0-6.3 - Cross-Site Request Forgery

CVE-2024-40886 MEDIUM

Mattermost <9.9.1, <9.5.7, <9.10.0, <9.8.2 - Path Traversal

CVE-2024-42056 MEDIUM

Retool 3.18.1-3.40.0 - Authenticated Credential Exposure via Resources Endpoint

CVE-2024-20486 MEDIUM

Cisco Identity Services Engine - Cross-Site Request Forgery

CVE-2024-7647 MEDIUM

OTA Sync Booking Engine Widget <= 1.2.7 - Cross-Site Request Forgery via Missing Nonce Validation

CVE-2024-42619 HIGH

Pligg CMS 2.0.2 - Cross-Site Request Forgery via Domain Management Endpoint

CVE-2024-42612 HIGH

Pligg CMS 2.0.2 - Cross-Site Request Forgery via Domain Whitelist Addition

Previous Page 114 of 374 Next

Details

Vulnerabilities 9,347

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy