Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-352

CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,347 vulnerabilities with CWE-352

CVE-2024-1407 MEDIUM

Paid Memberships Pro < 2.12.10 - Cross-Site Request Forgery via Missing Nonce Validation

CVE-2024-5343 HIGH

Rbs Image Gallery plugin <3.2.19 - CSRF

CVE-2024-4541 MEDIUM

Custom Product List Table <3.0.0 - CSRF

CVE-2024-38276 HIGH

Product <Version - CSRF

CVE-2024-38457 HIGH

XenForo < 2.2.16 - Cross-Site Request Forgery

CVE-2024-5551 HIGH

WP STAGING Pro WordPress Backup Plugin <= 5.6.0 - Cross-Site Request Forgery via 'sub' Parameter

CVE-2024-5155 MEDIUM

Inquiry cart WordPress plugin <= 3.4.2 - Cross-Site Request Forgery and Stored Cross-Site Scripting

CVE-2024-4751 MEDIUM

WP Prayer II < 2.4.7 - Cross-Site Request Forgery in Settings Update

CVE-2024-4480 MEDIUM

WP Prayer II < 2.4.7 - Cross-Site Request Forgery in Email Settings Update

CVE-2024-3993 MEDIUM

AZAN Plugin WordPress < 0.6 - Cross-Site Request Forgery and Stored Cross-Site Scripting

CVE-2024-3972 MEDIUM

Similarity WordPress Plugin < 3.0 - Cross-Site Request Forgery and Stored Cross-Site Scripting

CVE-2024-3971 MEDIUM

Similarity WordPress Plugin < 3.0 - Cross-Site Request Forgery via Settings Reset

CVE-2024-3965 MEDIUM

Pray For Me < 1.0.4 - Cross-Site Request Forgery in Settings Update

CVE-2024-0892 MEDIUM

Schema App Structured Data <2.2.0 - CSRF

CVE-2024-37306 HIGH

CVAT 2.2.0-2.14.3 - Cross-Site Request Forgery via Dataset Export or Backup

CVE-2024-38293 CRITICAL

alcasar < 3.6.1 - Cross-Site Request Forgery and Remote Code Execution in activity.php

CVE-2024-35207 HIGH

SINEC Traffic Analyzer < 1.2 - Cross-Site Request Forgery

CVE-2024-31612 MEDIUM

emlog pro2.3 - Cross-Site Request Forgery via twitter.php

CVE-2024-31613 MEDIUM

BOSSCMS v3.10 - Cross-Site Request Forgery via head_code or foot_code Parameters

CVE-2024-4403 HIGH

lollms-webui v9.6 - Cross-Site Request Forgery in Restart Program Function

CVE-2024-5786 MEDIUM

Comtrend router WLD71-T1_v2.0.201820 - CSRF

CVE-2024-4328 HIGH

parisneo/lollms_web_ui v9.6 - Cross-Site Request Forgery in clear_personality_files_list

CVE-2024-35657 MEDIUM

Plechev Andrey WP-Recall <16.26.6 - CSRF

CVE-2024-35689 MEDIUM

Analytify < 5.2.3 - Cross-Site Request Forgery

CVE-2024-35684 MEDIUM

10up ElasticPress <= 5.1.1 - Cross-Site Request Forgery

Previous Page 123 of 374 Next

Details

Vulnerabilities 9,347

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy