Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-352

CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,347 vulnerabilities with CWE-352

CVE-2024-5003 MEDIUM

WP Stacker < 1.8.5 - Cross-Site Request Forgery and Stored Cross-Site Scripting

CVE-2024-2288 HIGH

lollms_web_ui < 9.3 - Cross-Site Request Forgery and Stored Cross-Site Scripting via Profile Picture Upload

CVE-2024-1879 HIGH

autogpt_classic v0.5.0 - Cross-Site Request Forgery via Unprotected API Endpoint

CVE-2024-36670 HIGH

idccms v1.35 - Cross-Site Request Forgery via admin/vpsClass_deal.php?mudi=del

CVE-2024-36669 HIGH

idccms v1.35 - Cross-Site Request Forgery via admin/type_deal.php?mudi=add

CVE-2024-36668 HIGH

idccms v1.35 - Cross-Site Request Forgery via admin/type_deal.php?mudi=del

CVE-2024-36667 HIGH

idccms v1.35 - Cross-Site Request Forgery via /admin/idcProType_deal.php

CVE-2024-35673 MEDIUM

Pure Chat by Ruby Pure Chat <= 2.22 - Cross-Site Request Forgery

CVE-2024-2368 MEDIUM

Mollie Forms <= 2.6.13 - Cross-Site Request Forgery via duplicateForm() Function

CVE-2024-36550 HIGH

idccms V1.35 - Cross-Site Request Forgery via /admin/vpsCompany_deal.php

CVE-2024-36549 HIGH

idccms v1.35 - Cross-Site Request Forgery via /admin/vpsCompany_deal.php

CVE-2024-36548 HIGH

idccms V1.35 - Cross-Site Request Forgery via admin/vpsCompany_deal.php?mudi=del

CVE-2024-36547 HIGH

idccms V1.35 - Cross-Site Request Forgery via admin/vpsClass_deal.php

CVE-2024-35632 MEDIUM

Integration for Contact Form 7 and Constant Contact < 1.1.5 - Cross-Site Request Forgery

CVE-2024-35638 MEDIUM

JumpDEMAND Inc. ActiveDEMAND - CSRF

CVE-2024-4344 MEDIUM

Shield Security < 19.1.13 - Cross-Site Request Forgery via Missing Nonce Validation

CVE-2024-35636 MEDIUM

Uploadcare File Uploader and Adaptive Delivery (beta) < 3.0.11 - Cross-Site Request Forgery

CVE-2024-34008 HIGH

Moodle 4.0-4.3.3 - Cross-Site Request Forgery in Analytics Model Management

CVE-2024-34007 HIGH

Moodle 4.3.0-4.3.3 - Cross-Site Request Forgery in MFA Logout

CVE-2024-34001 HIGH

moodle <4.1.10 and 4.3.0-4.3.4 - Cross-Site Request Forgery in Admin Preset Tool

CVE-2024-4426 MEDIUM

Comparison Slider <= 1.0.5 - Cross-Site Request Forgery via AJAX Action Nonce Bypass

CVE-2024-4218 MEDIUM

AffiEasy <= 1.1.6 - Cross-Site Request Forgery

CVE-2024-3947 MEDIUM

Delower WP TO DO < 1.3.0 - CSRF

CVE-2024-3945 MEDIUM

Delower WP TO DO < 1.3.0 - CSRF

CVE-2024-3943 MEDIUM

Delower WP TO DO < 1.3.0 - CSRF

Previous Page 124 of 374 Next

Details

Vulnerabilities 9,347

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy