Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-352

CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,347 vulnerabilities with CWE-352

CVE-2024-36076 HIGH

SysReptor 2024.28-2024.30 - Cross-Site WebSocket Hijacking

CVE-2024-5097 MEDIUM

Simple Inventory System 1.0 - Cross-Site Request Forgery via itemnumber Parameter

CVE-2024-23554 MEDIUM

HCL BigFix Platform 9.5-9.5.24 - Cross-Site Request Forgery

CVE-2024-34809 MEDIUM

EmpowerWP <= 1.0.21 - Cross-Site Request Forgery

CVE-2024-34807 MEDIUM

Fast Custom Social Share by CodeBard <= 1.1.2 - Cross-Site Request Forgery

CVE-2024-34806 MEDIUM

Clearfy Cache < 2.2.1 - Cross-Site Request Forgery

CVE-2024-34756 MEDIUM

Integration for Contact Form 7 HubSpot < 1.3.1 - Cross-Site Request Forgery

CVE-2024-34755 MEDIUM

Integration for Contact Form 7 and Salesforce < 1.3.9 - Cross-Site Request Forgery

CVE-2024-27955 HIGH

WP Automatic < 3.92.0 - Cross-Site Request Forgery

CVE-2024-4204 MEDIUM

Bulk Posts Editing For WordPress <4.2.3 - CSRF

CVE-2024-35039 LOW

idccms V1.35 - Cross-Site Request Forgery via admin/tplSys_deal.php

CVE-2024-34958 MEDIUM

idccms v1.35 - Cross-Site Request Forgery via admin/banner_deal.php?mudi=add

CVE-2024-34957 MEDIUM

idccms v1.35 - Cross-Site Request Forgery via admin/sysImages_deal.php?mudi=infoSet

CVE-2024-3643 HIGH

Newsletter Popup < 1.2 - Cross-Site Request Forgery via List Deletion

CVE-2024-3642 MEDIUM

Newsletter Popup < 1.2 - Cross-Site Request Forgery via Subscriber Deletion

CVE-2024-4929 MEDIUM

SourceCodester Simple Online Bidding System 1.0 - CSRF

CVE-2024-3824 MEDIUM

Base64 Encoder/Decoder WordPress plugin < 0.9.2 - Cross-Site Request Forgery in Settings Reset

CVE-2024-3823 LOW

Base64 Encoder/Decoder WordPress plugin < 0.9.2 - Cross-Site Request Forgery and Stored Cross-Site Scripting

CVE-2024-3631 MEDIUM

HL Twitter WordPress Plugin <= 2014.1.18 - Cross-Site Request Forgery via Twitter Account Unlinking

CVE-2024-3629 LOW

HL Twitter WordPress Plugin <= 2014.1.18 - Cross-Site Request Forgery in Settings Update

CVE-2024-3407 MEDIUM

WP Prayer < 2.0.9 - Cross-Site Request Forgery

CVE-2024-3406 HIGH

WP Prayer WordPress Plugin < 2.0.9 - Cross-Site Request Forgery in Email Settings Update

CVE-2024-3405 HIGH

WP Prayer < 2.0.9 - Cross-Site Request Forgery in Settings Update

CVE-2024-35109 MEDIUM

idccms v1.35 - Cross-Site Request Forgery via /homePro_deal.php

CVE-2024-35108 HIGH

idccms v1.35 - Cross-Site Request Forgery via /admin/homePro_deal.php

Previous Page 126 of 374 Next

Details

Vulnerabilities 9,347

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy