Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-352

CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,302 vulnerabilities with CWE-352

CVE-2025-11954 HIGH

CSRF in Sitemio's WISECP

CVE-2025-27851 CRITICAL

Garmin WDU v1 1.4.6 & v2 5.0 - WebSocket Hijacking

CVE-2025-68604 MEDIUM

WordPress WPGraphQL plugin <= 2.5.3 - Cross Site Request Forgery (CSRF) vulnerability

CVE-2025-31957 LOW

HCL BigFix Service Management (SM) is affected by a Cross‑Site Request Forgery (CSRF) vulnerability.

CVE-2025-58922 MEDIUM

WordPress Avada theme < 7.13.2 - Cross Site Request Forgery (CSRF) vulnerability

CVE-2025-15635 MEDIUM

WordPress Smart Online Order for Clover plugin <= 1.6.0 - Cross Site Request Forgery (CSRF) vulnerability

CVE-2025-53444 MEDIUM

WordPress Userpro plugin < 5.1.11 - Cross Site Request Forgery (CSRF) vulnerability

CVE-2025-70811 MEDIUM

phpbb 3.3.15 - Cross-Site Request Forgery via Admin Control Panel Icon Management

CVE-2025-70810 HIGH

phpBB 3.3.15 - Cross-Site Request Forgery via Login Function

CVE-2025-36375 MEDIUM

IBM DataPower Gateway vulnerable to CSRF

CVE-2025-36422 MEDIUM

IBM InfoSphere Information Server is vulnerable to cross-site request forgery

CVE-2025-40841 MEDIUM

Ericsson Indoor Connect 8855 - Cross-Site Request Forgery Vulnerability

CVE-2025-14037 HIGH

Invelity Products Feeds <= 1.2.6 - Cross-Site Request Forgery to Arbitrary File Deletion

CVE-2025-55046 HIGH

MuraCMS <= 10.1.10 - Cross-Site Request Forgery via cTrash.empty Function

CVE-2025-55045 HIGH

MuraCMS <= 10.1.10 - Cross-Site Request Forgery via cUsers.updateAddress Function

CVE-2025-55044 HIGH

MuraCMS <= 10.1.10 - Cross-Site Request Forgery via Trash Restore Function

CVE-2025-55043 MEDIUM

MuraCMS <= 10.1.10 - Unauthenticated Cross-Site Request Forgery in Bundle Creation

CVE-2025-55041 HIGH

MuraCMS <= 10.1.10 - Cross-Site Request Forgery in Add To Group Functionality

CVE-2025-55040 HIGH

MuraCMS through 10.1.10 - Cross-Site Request Forgery via cForm.importform Function

CVE-2025-69238 MEDIUM

Cross-Site Request Forgery in Raytha CMS

CVE-2025-70031 HIGH

Sunbird-Ed SunbirdEd-portal 1.13.4 - CSRF

CVE-2025-59541 HIGH

Chamilo LMS < 1.11.34 - Authenticated Cross-Site Request Forgery via Project Deletion

CVE-2025-64166 MEDIUM

mercurius < 16.4.0 - Cross-Site Request Forgery via Content-Type Header Misinterpretation

CVE-2025-13671 MEDIUM

OpenText Web Site Management Server 16.7.0-16.7.1 - CSRF

CVE-2025-14167 MEDIUM

Remove Post Type Slug Plugin <1.0.2 - CSRF

Previous Page 17 of 373 Next

Details

Vulnerabilities 9,302

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy