Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-352

CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,347 vulnerabilities with CWE-352

CVE-2024-35012 MEDIUM

idccms v1.35 - Cross-Site Request Forgery via /admin/infoType_deal.php

CVE-2024-35011 MEDIUM

idccms v1.35 - Cross-Site Request Forgery via /admin/infoType_deal.php

CVE-2024-35010 HIGH

idccms v1.35 - Cross-Site Request Forgery via /admin/banner_deal.php

CVE-2024-35009 HIGH

idccms v1.35 - Cross-Site Request Forgery via /admin/share_switch.php

CVE-2024-4689 MEDIUM

ShortPixel Adaptive Images <3.8.3 - CSRF

CVE-2024-4597 MEDIUM

GitLab 16.7-16.9.6, 16.10-16.10.4, 16.11-16.11.1 - Cross-Site Request Forgery via SAML Session

CVE-2024-4463 MEDIUM

Squelch Tabs and Accordions Shortcodes <0.4.7 - CSRF

CVE-2024-4314 MEDIUM

Hostel <= 1.1.5.3 - Cross-Site Request Forgery via Room Management

CVE-2024-4312 MEDIUM

Soccer Engine - Soccer Plugin for WordPress <1.12 - CSRF

CVE-2024-4103 MEDIUM

ADFO Custom data in admin dashboard <1.9.0 - CSRF

CVE-2024-4082 MEDIUM

Joli FAQ SEO - WordPress FAQ Plugin <1.3.2 - CSRF

CVE-2024-3941 MEDIUM

reCAPTCHA Jetpack < 0.2.2 - Cross-Site Request Forgery and Stored Cross-Site Scripting

CVE-2024-3940 HIGH

reCAPTCHA Jetpack WordPress Plugin < 0.2.2 - Cross-Site Request Forgery in Settings Update

CVE-2024-3903 HIGH

Add Custom CSS and JS < 1.20 - Cross-Site Request Forgery and Stored Cross-Site Scripting

CVE-2024-3590 MEDIUM

LetterPress < 1.2.2 - Cross-Site Request Forgery

CVE-2024-3582 MEDIUM

UnGallery < 2.2.4 - Cross-Site Request Forgery and Stored Cross-Site Scripting

CVE-2024-34828 MEDIUM

Church Admin <= 4.1.32 - Cross-Site Request Forgery

CVE-2024-34827 MEDIUM

TranslatePress < 2.7.5 - Cross-Site Request Forgery

CVE-2024-34825 MEDIUM

Warfare Plugins Social Warfare <4.4.5.1 - CSRF

CVE-2024-34823 MEDIUM

Arigato Autoresponder and Newsletter <= 2.7.2.3 - Cross-Site Request Forgery

CVE-2024-34818 HIGH

WebinarPress < 1.33.17 - Cross-Site Request Forgery

CVE-2024-34817 MEDIUM

Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms < 1.2.0 - Cross-Site Request Forgery

CVE-2024-34816 MEDIUM

WPCal.io - Easy Meeting Scheduler <= 0.9.5.8 - Cross-Site Request Forgery

CVE-2024-34814 MEDIUM

Unyson <= 2.7.29 - Cross-Site Request Forgery

CVE-2024-34557 MEDIUM

UkrSolution Barcode Scanner <1.5.4 - CSRF

Previous Page 127 of 374 Next

Details

Vulnerabilities 9,347

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy