CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,302 vulnerabilities with CWE-352
CVE-2026-24549 MEDIUM
GeoDirectory <= 2.8.149 - Cross-Site Request Forgery
CVSS 4.3
CVE-2026-24542 MEDIUM
John James Jacoby WP Term Order <= 2.1.0 - CSRF
CVSS 4.3
CVE-2026-24521 MEDIUM
Kama Thumbnail <= 3.5.1 - Cross-Site Request Forgery
CVSS 4.3
CVE-2026-24384 MEDIUM
Merge + Minify + Refresh <2.15 - CSRF
CVSS 5.4
CVE-2026-24374 MEDIUM
Metagauss RegistrationMagic <= 6.0.6.9 - CSRF
CVSS 5.4
CVE-2026-24365 MEDIUM
WooCommerce Stock Manager <3.6.0 - CSRF
CVSS 5.4
CVE-2026-22483 MEDIUM
teachPress <= 9.0.12 - Cross-Site Request Forgery
CVSS 5.4
CVE-2026-22462 MEDIUM
Add Polylang support for Customizer <= 1.4.5 - Cross-Site Request Forgery
CVSS 4.3
CVE-2026-22382 MEDIUM
Mikado-Themes PawFriends <1.4 - CSRF
CVSS 5.4
CVE-2026-22360 MEDIUM
AA-Team SearchAzon <= 1.4 - Cross-Site Request Forgery
CVSS 4.3
CVE-2026-22359 MEDIUM
AA-Team Wordpress Movies Bulk Importer - CSRF
CVSS 4.3
CVE-2026-22355 HIGH
gregmolnar Simple XML Sitemap <=1.3 - XSS
CVSS 7.1
CVE-2026-1051 MEDIUM
Newsletter - WordPress <9.1.0 - CSRF
CVSS 4.3
CVE-2026-23950 HIGH
node-tar <= 7.5.3 - Arbitrary File Overwrite via Unicode Path Collision Race Condition
CVSS 8.8
CVE-2026-1169 MEDIUM
birkir prime < 0.4.0 - Cross-Site Request Forgery
CVSS 4.3
CVE-2026-1153 MEDIUM
technical-laohu mpay < 1.2.4 - Cross-Site Request Forgery
CVSS 4.3
CVE-2026-1148 MEDIUM
Patients Waiting Area Queue Management System 1.0 - Cross-Site Request Forgery
CVSS 4.3
CVE-2026-1142 MEDIUM
PHPGurukul News Portal 1.0 - Cross-Site Request Forgery
CVSS 4.3
CVE-2026-23622 HIGH
easy!appointments < 1.5.2 - Cross-Site Request Forgery via GET Requests
CVSS 8.8
CVE-2026-0493 MEDIUM
SAP Fiori App Intercompany Balance Reconciliation - CSRF
CVSS 4.3
CVE-2026-22800 LOW
PILOS < 4.10.0 - Authenticated Cross-Site Request Forgery via Administrative API Endpoint
CVSS 2.4
CVE-2026-22030 MEDIUM
React Router 7.0.0-7.11.0 and Remix Server Runtime < 2.17.3 - Cross-Site Request Forgery via Document POST Requests
CVSS 6.5
CVE-2026-22194 HIGH
GestSup <= 3.2.60 - Cross-Site Request Forgery via Administrative User Creation Endpoint
CVSS 8.8
CVE-2026-21430 CRITICAL
Emlog 2.5.23 - Cross-Site Request Forgery in Article Creation
CVSS 9.3
CVE-2025-58468 MEDIUM
Qnap Systems Inc. Notification Center < 1.10.0.3291 - CSRF
Details
Vulnerabilities 9,302
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits