Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-352

CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,302 vulnerabilities with CWE-352

CVE-2025-62880 MEDIUM

Kunal Nagar Custom 404 Pro <3.12.0 - CSRF

CVE-2025-62107 MEDIUM

PluginOps Feather Login Page <= 1.1.7 - Cross-Site Request Forgery

CVE-2025-13361 MEDIUM

Web to SugarCRM Lead plugin <1.0.0 - CSRF

CVE-2025-14734 MEDIUM

Amazon affiliate lite Plugin <1.0.0 - CSRF

CVE-2025-14168 MEDIUM

WP DB Booster <= 1.0.1 - Cross-Site Request Forgery via cleanup_all AJAX Action

CVE-2025-14164 MEDIUM

Quran Gateway <= 1.5 - Cross-Site Request Forgery via Missing Nonce Validation

CVE-2025-13365 MEDIUM

WP Hallo Welt <= 1.4 - Cross-Site Request Forgery and Stored Cross-Site Scripting via 'hallo_welt_seite' Function

CVE-2025-68481 MEDIUM

fastapi-users < 15.0.2 - Login Cross-Site Request Forgery via OAuth State Token

CVE-2025-66906 MEDIUM

Turms Admin API thru v0.10.0-SNAPSHOT - Cross-Site Request Forgery

CVE-2025-1927 HIGH

Restajet Online Food Delivery System <19122025 - CSRF

CVE-2025-59949 MEDIUM

FreshRSS < 1.27.1 - Cross-Site Request Forgery via Logout Endpoint

CVE-2025-68434 HIGH

Open Source Point of Sale 3.4.0-3.4.2 - Cross-Site Request Forgery via Disabled CSRF Filter

CVE-2025-67173 MEDIUM

RiteCMS 3.1.0 - Cross-Site Request Forgery in Page Creation/Editing Function

CVE-2025-66953 HIGH

nardamiteq UPC2 Firmware 1.17 - Cross-Site Request Forgery via Web Management Interface

CVE-2025-65203 HIGH

KeePassXC-Browser <1.9.9.2 - Info Disclosure

CVE-2025-14266 LOW

Ercom Cryptobox 4.0.0-4.37.228 and 4.38.0-4.39.199 - Cross-Site Request Forgery in Administration Console

CVE-2025-62190 MEDIUM

Mattermost 10.11.0-10.11.6, 10.12.0-10.12.2, 11.0.0-11.0.4 & Calls <1.10.0 - CSRF via Calls Widget

CVE-2025-14399 MEDIUM

Download Plugins and Themes in ZIP <= 1.9.6 - Cross-Site Request Forgery

CVE-2025-64700 MEDIUM

GROWI <= v7.3.3 - Cross-Site Request Forgery

CVE-2025-65593 HIGH

nopCommerce 4.90.0 - Cross-Site Request Forgery via Schedule Tasks Functionality

CVE-2025-68083 MEDIUM

Meks Meks Quick Plugin Disabler - CSRF

CVE-2025-68082 MEDIUM

Semrush Content Toolkit <1.1.32 - CSRF

CVE-2025-64240 MEDIUM

Freshchat <= 2.3.4 - Cross-Site Request Forgery

CVE-2025-64239 MEDIUM

RTL Tester <= 1.2 - Cross-Site Request Forgery

CVE-2025-64237 MEDIUM

Graham Quick Interest Slider <= 3.1.5 - CSRF

Previous Page 22 of 373 Next

Details

Vulnerabilities 9,302

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy