Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-352

CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,347 vulnerabilities with CWE-352

CVE-2024-41305 MEDIUM

WonderCMS 3.4.3 - Server-Side Request Forgery via pluginThemeUrl

CVE-2024-7226 MEDIUM

SourceCodester Medicine Tracker System 1.0 - Cross-Site Request Forgery in Password Change Handler

CVE-2024-6230 MEDIUM

WordPress plugin <2.9.8 - CSRF

CVE-2024-5808 MEDIUM

WP Ajax Contact Form < 2.2.2 - Cross-Site Request Forgery via Email Deletion

CVE-2024-40815 HIGH

macOS Ventura <13.6.8 - Info Disclosure

CVE-2024-5285 MEDIUM

wp-affiliate-platform < 6.5.2 - Cross-Site Request Forgery in Affiliate Deletion

CVE-2024-7169 MEDIUM

School Fees Payment System 1.0 - Cross-Site Request Forgery via /ajax.php

CVE-2024-7161 MEDIUM

SeaCMS 13.0 - Cross-Site Request Forgery via Password Change Handler

CVE-2024-6490 MEDIUM

Master Slider < 3.10.0 - Cross-Site Request Forgery via Slider Deletion

CVE-2024-7106 MEDIUM

Spina CMS 2.18.0 - Cross-Site Request Forgery via /admin/media_folders

CVE-2024-7065 MEDIUM

Spina CMS < 2.18.0 - Cross-Site Request Forgery in /admin/pages/

CVE-2024-3246 MEDIUM

LiteSpeed Cache <= 6.2.0.1 - Cross-Site Request Forgery via Missing Nonce Validation

CVE-2024-6751 MEDIUM

Social Auto Poster < 5.3.14 - Cross-Site Request Forgery via Missing Nonce Validation

CVE-2024-6271 MEDIUM

Community Events < 1.5 - Cross-Site Request Forgery via Event Deletion

CVE-2024-6244 HIGH

PZ Frontend Manager < 1.0.6 - Cross-Site Request Forgery

CVE-2024-5804 MEDIUM

Conditional Fields for Contact Form 7 <= 2.4.13 - Cross-Site Request Forgery via wpcf7cf_admin_init

CVE-2024-41597 MEDIUM

ProcessWire 3.0.229 - Cross-Site Request Forgery via Comments Functionality

CVE-2024-41603 CRITICAL

Spina CMS 2.18.0 - Cross-Site Request Forgery via /admin/layout URI

CVE-2024-41602 HIGH

Spina CMS < 2.18.0 - Cross-Site Request Forgery via Crafted URL

CVE-2024-39090 MEDIUM

PHPGurukul Online Shopping Portal 2.0 - Cross-Site Request Forgery leading to Stored Cross-Site Scripting

CVE-2024-39681 MEDIUM

Cooked < 1.8.0 - Cross-Site Request Forgery via AJAX Action Handler

CVE-2024-39680 MEDIUM

Cooked < 1.8.0 - Cross-Site Request Forgery via AJAX Action Handler

CVE-2024-39679 MEDIUM

Cooked < 1.8.0 - Cross-Site Request Forgery via AJAX Action Handler

CVE-2024-39678 MEDIUM

Cooked < 1.8.0 - Cross-Site Request Forgery via AJAX Action Handler

CVE-2024-40119 HIGH

Nepstech Wifi Router xpon NTPL-Xpon1GFEVN v.1.0 Firmware V2.0.1 - Cross-Site Request Forgery in Password Change Function

Previous Page 118 of 374 Next

Details

Vulnerabilities 9,347

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy