Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-352

CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,302 vulnerabilities with CWE-352

CVE-2025-13438 MEDIUM

WordPress Page Title Plugin <=1.02 - CSRF

CVE-2025-13413 MEDIUM

Country Blocker for AdSense <= 1.0 - Cross-Site Request Forgery via CBFA_guardar_cbfa() Function

CVE-2025-12821 HIGH

NewsBlogger Theme 0.2.5.6-0.2.6.1 - CSRF

CVE-2025-12172 MEDIUM

Mailchimp List Subscribe Form <2.0.0 - CSRF

CVE-2025-70062 MEDIUM

PHPGurukul Hospital Management System v4.0 - Cross-Site Request Forgery in Add Doctor Module

CVE-2025-27904 MEDIUM

IBM DB2 Recovery Expert 5.5 IF002 - CSRF

CVE-2025-36018 MEDIUM

IBM Concert 1.0.0-2.1.0 - Cross-Site Request Forgery in Z Hub Component

CVE-2025-14873 MEDIUM

LatePoint - Calendar Booking Plugin <5.2.5 - CSRF

CVE-2025-14852 MEDIUM

MDirector Newsletter < 4.5.8 - Cross-Site Request Forgery via Missing Nonce Verification

CVE-2025-69634 CRITICAL

Dolibarr ERP & CRM 22.0.9 - Cross-Site Request Forgery via Notes Field in perms.php

CVE-2025-66595 MEDIUM

Yokogawa FAST/TOOLS R9.01-R10.04 - Cross-Site Request Forgery

CVE-2025-68722 HIGH

Axigen Mail Server <10.5.57, 10.6.x <10.6.26 - CSRF

CVE-2025-15550 MEDIUM

birkir prime <= 0.4.0. beta.0 - CSRF

CVE-2025-14472 HIGH

Drupal Acquia Content Hub <3.6.4-3.7.3 - CSRF

CVE-2025-13982 HIGH

Drupal Login Time Restriction <1.0.3 - CSRF

CVE-2025-14795 MEDIUM

Stop Spammers Classic <2026.1 - CSRF

CVE-2025-59901 HIGH

Disk Pulse Enterprise v10.4.18 - Authenticated XSS

CVE-2025-59894 HIGH

Flexense Disk Pulse & Sync Breeze Enterprise 10.4.18 - CSRF via /delete_all_commands

CVE-2025-59893 HIGH

Flexense Sync Breeze and Disk Pulse Enterprise 10.4.18 - Cross-Site Request Forgery via Command Rename

CVE-2025-59892 HIGH

Flexense Sync Breeze and Disk Pulse Enterprise 10.4.18 - Cross-Site Request Forgery via /delete_command Endpoint

CVE-2025-59891 HIGH

Flexense Disk Pulse and Sync Breeze Enterprise 10.4.18 - Cross-Site Request Forgery via Setup Login Endpoint

CVE-2025-14616 MEDIUM

Recooty - Job Widget (Old Dashboard) <1.0.6 - CSRF

CVE-2025-14907 MEDIUM

Moderate Selected Posts <1.4 - CSRF

CVE-2025-14630 MEDIUM

AdminQuickbar <= 1.9.3 - Cross-Site Request Forgery via saveSettings and renamePost AJAX Actions

CVE-2025-13205 MEDIUM

SurveyJS: Drag & Drop Form Builder <= 2.5.2 - Cross-Site Request Forgery via SurveyJS_CloneSurvey AJAX Action

Previous Page 18 of 373 Next

Details

Vulnerabilities 9,302

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy