Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-352

CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,302 vulnerabilities with CWE-352

CVE-2026-25337 MEDIUM

Coachify <= 1.1.5 - Cross-Site Request Forgery

CVE-2026-25322 MEDIUM

PublishPress Revisions <=3.7.22 - CSRF

CVE-2026-25319 MEDIUM

Zita Elementor Site Library <=1.6.6 - CSRF

CVE-2026-1455 MEDIUM

Whatsiplus Scheduled Notification for Woocommerce - CSRF

CVE-2026-2658 MEDIUM

newbee-mall < a069069b07027613bf0e7f571736be86f431faee - Cross-Site Request Forgery

CVE-2026-2112 MEDIUM

Dam Spam Plugin for WordPress <=1.0.8 - CSRF

CVE-2026-2023 MEDIUM

WP Plugin Info Card <= 6.2.0 - Cross-Site Request Forgery via ajax_save_custom_plugin()

CVE-2026-1072 MEDIUM

Keybase.io Verification Plugin <1.4.5 - CSRF

CVE-2026-1394 MEDIUM

WP Quick Contact Us <= 1.0 - Cross-Site Request Forgery via Settings Update

CVE-2026-1983 MEDIUM

SEATT: Simple Event Attendance <1.5.0 - CSRF

CVE-2026-26075 MEDIUM

fastgpt < 4.14.7 - Cross-Site Request Forgery

CVE-2026-2317 MEDIUM

Google Chrome <145.0.7632.45 - Info Disclosure

CVE-2026-1215 MEDIUM

MMA Call Tracking <= 2.3.15 - Cross-Site Request Forgery via Missing Nonce Validation

CVE-2026-24885 MEDIUM

kanboard < 1.2.50 - Cross-Site Request Forgery via ProjectPermissionController

CVE-2026-25812 HIGH

PlaciPy 1.0.0 - Cross-Site Request Forgery

CVE-2026-1082 MEDIUM

TITLE ANIMATOR <= 1.0 - Cross-Site Request Forgery via Settings Page Form Handler

CVE-2026-1785 MEDIUM

WordPress Code Snippets <3.9.4 - CSRF

CVE-2026-1835 MEDIUM

lcg0124 BootDo <e93dd428ef6f5c881aa74d49a2099ab0cf1e0fcb - CSRF

CVE-2026-25155 MEDIUM

qwik < 1.12.0 - Cross-Site Request Forgery via Incorrect Content-Type Header Parsing

CVE-2026-25151 MEDIUM

Qwik and Qwik City < 1.19.0 - Cross-Site Request Forgery via Crafted Content-Type Header

CVE-2026-24434 MEDIUM

Shenzhen Tenda AC7 <V03.03.03.01_cn - CSRF

CVE-2026-24666 MEDIUM

Open eClass Platform < 4.2 - Cross-Site Request Forgery in Teacher-Restricted Endpoints

CVE-2026-25024 MEDIUM

ThirstyAffiliates <= 3.11.9 - Cross-Site Request Forgery

CVE-2026-25015 MEDIUM

Stiofan UsersWP <= 1.2.53 - Cross-Site Request Forgery

CVE-2026-25014 MEDIUM

themelooks Enter Addons <= 2.3.2 - Cross-Site Request Forgery

Previous Page 14 of 373 Next

Details

Vulnerabilities 9,302

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy