CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,302 vulnerabilities with CWE-352
CVE-2026-1644 MEDIUM
WP Frontend Profile <= 1.3.8 - Cross-Site Request Forgery via Missing Nonce Validation
CVSS 4.3
CVE-2026-1468 MEDIUM
QuickCMS 6.8 - Cross-Site Request Forgery
CVE-2026-3589 HIGH
WooCommerce 5.4.0-10.5.2 - Unauthenticated Cross-Site Request Forgery via Batch Request Handling
CVSS 7.5
CVE-2026-1128 MEDIUM
WP eCommerce WordPress Plugin <3.15.1 - CSRF
CVSS 4.3
CVE-2026-29084 MEDIUM
Gokapi < 2.2.3 - Cross-Site Request Forgery in Login Flow
CVSS 4.6
CVE-2026-28477 HIGH
OpenClaw < 2026.2.14 - Cross-Site Request Forgery via OAuth State Validation Bypass
CVSS 7.1
CVE-2026-30793 CRITICAL
RustDesk Client <=1.4.5 - CSRF to Privilege Escalation
CVSS 9.8
CVE-2026-2994 MEDIUM
Concrete CMS < 9.4.8 - Cross-Site Request Forgery via Anti-Spam Allowlist Group Configuration
CVSS 6.8
CVE-2026-27758 MEDIUM
SODOLA SL902-SWTGW124AS <200.1.20 - CSRF
CVSS 4.3
CVE-2026-3193 LOW
Chia Blockchain 2.1.0 - Cross-Site Request Forgery via /send_transaction
CVSS 3.1
CVE-2026-2410 MEDIUM
Disable Admin Notices - Hide Dashboard Notifications <= 1.4.2 - Cross-Site Request Forgery via showPageContent()
CVSS 4.3
CVE-2026-27632 LOW
Talishar < 2026-02-22 - Cross-Site Request Forgery in Game Interaction Endpoints
CVSS 2.6
CVE-2026-27609 MEDIUM
Parse Dashboard 7.3.0-alpha.42-9.0.0-alpha.7 - CSRF
CVSS 6.5
CVE-2026-27589 MEDIUM
Caddy < 2.11.1 - Cross-Site Request Forgery via Admin API /load Endpoint
CVSS 6.5
CVE-2026-27518 MEDIUM
Binardat 10G08-0800GSM <V300SP10260209 - CSRF
CVSS 4.3
CVE-2026-27741 MEDIUM
Bludit 3.16.1 - Cross-Site Request Forgery in Plugin and Theme Management Endpoints
CVSS 4.3
CVE-2026-25649 HIGH
Traccar <= 6.11.1 - Authenticated Open Redirect via OIDC Endpoint redirect_uri Parameter
CVSS 7.3
CVE-2026-23694 MEDIUM
Aruba HiSpeed Cache < 3.0.5 - Cross-Site Request Forgery via admin-ajax.php
CVE-2026-27513 MEDIUM
Shenzhen Tenda F3 V12.01.01.55 - CSRF
CVSS 4.3
CVE-2026-27146 MEDIUM
GetSimple CMS < 3.3.22 - Authenticated Arbitrary File Upload via CSRF
CVSS 4.5
CVE-2026-26317 HIGH
OpenClaw < 2026.2.14 - Cross-Site Request Forgery via Unvalidated Origin/Referer
CVSS 7.1
CVE-2026-27090 MEDIUM
Kenta Companion <= 1.3.3 - Cross-Site Request Forgery
CVSS 4.3
CVE-2026-27050 MEDIUM
RealPress <= 1.1.0 - Cross-Site Request Forgery
CVSS 5.4
CVE-2026-25422 MEDIUM
Popularis Extra <= 1.2.10 - Cross-Site Request Forgery
CVSS 5.4
CVE-2026-25411 MEDIUM
Revision Manager TMC <=2.8.22 - CSRF
CVSS 4.3
Details
Vulnerabilities 9,302
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits