Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-352

CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,302 vulnerabilities with CWE-352

CVE-2026-32443 MEDIUM

Product Feed PRO for WooCommerce <=13.5.2 - CSRF

CVE-2026-32420 MEDIUM

GamiPress <= 7.6.6 - Cross-Site Request Forgery

CVE-2026-32344 MEDIUM

Corpiva <= 1.0.96 - Cross-Site Request Forgery

CVE-2026-32343 MEDIUM

Magazine3 Easy Table of Contents <=2.0.80 - CSRF

CVE-2026-32342 MEDIUM

Ays Pro Quiz Maker <=6.7.1.2 - CSRF

CVE-2026-32330 MEDIUM

10Web Photo Gallery <=1.8.37 - CSRF

CVE-2026-32328 MEDIUM

Lemmony < 1.7.1 - Cross-Site Request Forgery

CVE-2026-22215 MEDIUM

wpDiscuz < 7.6.47 - Cross-Site Request Forgery in getFollowsPage Function

CVE-2026-22202 HIGH

wpDiscuz < 7.6.47 - Cross-Site Request Forgery via Destructive GET Action

CVE-2026-31954 NONE

emlog < 2.6.6 - Cross-Site Request Forgery via Asynchronous Delete Action

CVE-2026-30868 MEDIUM

OPNsense < 26.1.4 - Authenticated Cross-Site Request Forgery via MVC API GET Endpoints

CVE-2026-3903 MEDIUM

Modular DS WordPress Plugin <2.5.1 - CSRF

CVE-2026-2626 HIGH

Divi-Booster <5.0.2 - CSRF & Object Injection

CVE-2026-2324 MEDIUM

LatePoint Calendar Booking Plugin <5.2.7 - CSRF

CVE-2026-29113 MEDIUM

Craft CMS 4.0.0-4.17.3 - Cross-Site Request Forgery via Preview Token Endpoint

CVE-2026-28495 CRITICAL

GetSimple CMS < 3.3.22 - Unauthenticated Remote Code Execution via CSRF in gsconfig Editor

CVE-2026-28281 HIGH

InstantCMS < 2.18.1 - Cross-Site Request Forgery

CVE-2026-1508 MEDIUM

Court Reservation WordPress Plugin < 1.10.9 - Cross-Site Request Forgery via Event Deletion

CVE-2026-3770 MEDIUM

SourceCodester Computer Laboratory Management System 1.0 - Cross-Site Request Forgery

CVE-2026-29784 HIGH

Ghost 5.101.6-6.19.2 - Cross-Site Request Forgery via Session Verification

CVE-2026-1087 MEDIUM

Guardian News Feed Plugin <1.2 - CSRF

CVE-2026-1086 MEDIUM

WordPress Font Pairing Preview - CSRF

CVE-2026-1085 MEDIUM

True Ranker WordPress Plugin <2.2.9 - CSRF

CVE-2026-1073 MEDIUM

Purchase Button For Affiliate Link <1.0.2 - CSRF

CVE-2026-2494 MEDIUM

ProfileGrid WordPress Plugin <=5.9.8.2 - CSRF

Previous Page 12 of 373 Next

Details

Vulnerabilities 9,302

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy