Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-352

CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,348 vulnerabilities with CWE-352

CVE-2024-2125 HIGH

EnvíaloSimple: Email Marketing y Newsletters - CSRF

CVE-2024-1315 HIGH

Classified Listing Plugin <= 3.0.4 - Cross-Site Request Forgery via rtcl_update_user_account

CVE-2024-0588 MEDIUM

Paid Memberships Pro <2.12.10 - CSRF

CVE-2024-31369 MEDIUM

PenciDesign Soledad < 8.4.2 - Cross-Site Request Forgery

CVE-2024-27631 MEDIUM

GNU Savane < 3.13 - Cross-Site Request Forgery via siteadmin/usergroup.php

CVE-2024-31205 MEDIUM

Saleor 3.10.0-3.14.63 - Cross-Site Request Forgery Bypass via Empty Refresh Token

CVE-2024-22155 MEDIUM

WooCommerce < 8.5.2 - Cross-Site Request Forgery

CVE-2024-2115 HIGH

LearnPress - WordPress LMS Plugin <4.0.0 - CSRF

CVE-2024-27448 CRITICAL

maildev 2.0.0-beta1-2.1.0 - Remote Code Execution via Crafted Content-ID Header

CVE-2024-30252 LOW

Livemarks < 3.7 - Cross-Site Request Forgery via subscribe.html

CVE-2024-29192 HIGH

go2rtc < 1.8.5 - Cross-Site Request Forgery via /api/config Endpoint

CVE-2024-25692 MEDIUM

Esri Portal for ArcGIS < 11.1 - Cross-Site Request Forgery via Crafted Form

CVE-2024-20368 MEDIUM

Cisco Identity Services Engine 2.7.0-3.0.0 - Cross-Site Request Forgery

CVE-2024-20347 MEDIUM

Cisco Emergency Responder - Cross-Site Request Forgery

CVE-2024-20281 HIGH

Cisco Nexus Dashboard and Hosted Services - Cross-Site Request Forgery

CVE-2024-2322 MEDIUM

WooCommerce Cart Abandonment Recovery < 1.2.27 - Cross-Site Request Forgery in Bulk Actions

CVE-2024-31109 HIGH

Toastie Studio Woocommerce Social Media Share Buttons <1.3.0 - CSRF

CVE-2024-31105 HIGH

Adam Bowen Tax Rate Upload <2.4.5 - CSRF

CVE-2024-3151 MEDIUM

Bdtask Multi-Store Inventory Management System <20240325 - CSRF

CVE-2024-30965 HIGH

dedecms v5.7 - Cross-Site Request Forgery via member_scores.php

CVE-2024-30946 MEDIUM

dedecms v5.7 - Cross-Site Request Forgery via /src/dede/co_do.php

CVE-2024-1504 MEDIUM

SecuPress Free < 2.2.5.1 - Cross-Site Request Forgery via secupress_blackhole_ban_ip()

CVE-2024-3147 MEDIUM

DedeCMS 5.7 - Cross-Site Request Forgery in makehtml_map.php

CVE-2024-3146 MEDIUM

DedeCMS 5.7 - Cross-Site Request Forgery in makehtml_rss_action.php

CVE-2024-3145 MEDIUM

DedeCMS 5.7 - Cross-Site Request Forgery in makehtml_js_action.php

Previous Page 137 of 374 Next

Details

Vulnerabilities 9,348

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy