CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,302 vulnerabilities with CWE-352
CVE-2025-13194 MEDIUM
SurveyJS: Drag & Drop Form Builder < 2.5.2 - Cross-Site Request Forgery via SurveyJS_RenameSurvey AJAX Action
CVSS 4.3
CVE-2025-13139 MEDIUM
SurveyJS: Drag & Drop WordPress Form Builder <1.12.20 - CSRF
CVSS 4.3
CVE-2025-14906 MEDIUM
WP Youtube Video Gallery <1.0 - CSRF
CVSS 4.3
CVE-2025-14903 MEDIUM
Simple Crypto Shortcodes <1.0.2 - CSRF
CVSS 4.3
CVE-2025-70899 MEDIUM
PHPgurukul Online Course Registration v3.1 - Cross-Site Request Forgery in Administrative Forms
CVSS 6.5
CVE-2025-67626 MEDIUM
Angel Costa WP SEO Search <2 - CSRF
CVSS 4.3
CVE-2025-31413 MEDIUM
bdthemes Element Pack <8.3.13 - CSRF
CVSS 4.3
CVE-2025-36411 LOW
IBM ApplinX 11.1 - Cross-Site Request Forgery
CVSS 3.5
CVE-2025-14853 MEDIUM
LEAV Last Email Address Validator <=1.7.1 - CSRF
CVSS 4.3
CVE-2025-15376 MEDIUM
Stopwords for comments <= 1.1 - Cross-Site Request Forgery via Missing Nonce Validation
CVSS 4.3
CVE-2025-14846 MEDIUM
SocialChamp with WordPress <= 1.3.5 - Cross-Site Request Forgery via wpsc_settings_tab_menu
CVSS 4.3
CVE-2025-15377 MEDIUM
Sosh Share Buttons <= 1.1.0 - Cross-Site Request Forgery via admin_page_content Function
CVSS 4.3
CVE-2025-14615 HIGH
WordPress Charts and Graphs <1.5.7 - CSRF
CVSS 7.1
CVE-2025-14389 MEDIUM
WPBlogSyn <= 1.0 - Cross-Site Request Forgery via Missing Nonce Validation
CVSS 4.3
CVE-2025-14976 MEDIUM
User Registration & Membership Plugin < 4.4.8 - Cross-Site Request Forgery via 'delete' Action
CVSS 5.4
CVE-2025-13749 MEDIUM
Clearfy Cache - WordPress optimization plugin - CSRF
CVSS 4.3
CVE-2025-68158 MEDIUM
Authlib 1.0.0-1.6.5 - Cross-Site Request Forgery via Cache-Backed State Storage
CVSS 5.7
CVE-2025-61547 MEDIUM
Edu Business Solutions Print Shop Pro WebDesk <19.76 - CSRF
CVSS 6.8
CVE-2025-31963 LOW
HCL BigFix IVR 4.2 - Unauthenticated Configuration Change via Local Setup Interface
CVSS 2.9
CVE-2025-14999 MEDIUM
Latest Tabs <= 1.5 - Cross-Site Request Forgery via Settings Update Handler
CVSS 4.3
CVE-2025-14904 MEDIUM
Newsletter Email Subscribe <2.4 - CSRF
CVSS 4.3
CVE-2025-14845 MEDIUM
NS IE Compatibility Fixer <2.1.5 - CSRF
CVSS 4.3
CVE-2025-14468 MEDIUM
AMP for WP - WordPress <1.1.9 - CSRF
CVSS 4.3
CVE-2025-14465 MEDIUM
Sticky Action Buttons <= 1.1 - Cross-Site Request Forgery via sabs_options_page_form_submit()
CVSS 4.3
CVE-2025-14077 MEDIUM
Simcast < 1.0.0 - Cross-Site Request Forgery via Settings Page
CVSS 4.3
Details
Vulnerabilities 9,302
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits