Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-352

CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,320 vulnerabilities with CWE-352

CVE-2025-10684 MEDIUM

Construction Light WordPress <1.6.8 - CSRF

CVE-2025-58576 MEDIUM

GroupSession Free < 5.3.0, byCloud < 5.3.3, ZION < 5.3.2 - Cross-Site Request Forgery

CVE-2025-14391 MEDIUM

Simple Theme Changer <= 1.0 - Cross-Site Request Forgery via Missing Nonce Validation

CVE-2025-14354 MEDIUM

Resource Library for Logged In Users <= 1.5 - Cross-Site Request Forgery via Missing Nonce Validation

CVE-2025-14165 MEDIUM

Kirim.Email WooCommerce Integration <1.2.9 - CSRF

CVE-2025-14162 MEDIUM

BMLT WordPress Plugin <3.11.4 - CSRF

CVE-2025-14161 MEDIUM

Truefy Embed <= 1.1.0 - Cross-Site Request Forgery via Settings Update Action

CVE-2025-14160 MEDIUM

Upcoming for Calendly <1.2.4 - CSRF

CVE-2025-14158 MEDIUM

WordPress Coding Blocks <1.1.0 - CSRF

CVE-2025-14062 MEDIUM

Animated Pixel Marquee Creator <1.0.0 - CSRF

CVE-2025-13987 MEDIUM

WordPress Purchase & Expense Manager <1.1.2 - CSRF

CVE-2025-13408 MEDIUM

WordPress Media Optimize Images 2.5.2 - CSRF

CVE-2025-13366 MEDIUM

Rabbit Hole < 1.1 - Cross-Site Request Forgery via Reset Functionality

CVE-2025-13363 MEDIUM

IMAQ CORE <= 1.2.1 - Cross-Site Request Forgery via URL Structure Settings Update

CVE-2025-65472 HIGH

easyimages2.0 < 2.8.6 - Cross-Site Request Forgery in Admin Panel

CVE-2025-67646 LOW

MediaWiki TableProgressTracking <1.2.0 - CSRF

CVE-2025-34430 MEDIUM

1Panel 1.10.33-2.0.15 - Cross-Site Request Forgery in Panel Name Management

CVE-2025-34429 HIGH

1Panel 1.10.33-2.0.15 - Cross-Site Request Forgery in Web Port Configuration

CVE-2025-67639 LOW

Jenkins < 2.528.3, 2.529-2.540 - Cross-Site Request Forgery

CVE-2025-34410 HIGH

1Panel 1.10.33-2.0.15 - Cross-Site Request Forgery in Change Username Functionality

CVE-2025-65573 HIGH

AllskyTeam AllSky 2024.12.06_06 - Cross-Site Request Forgery via handle_interface_POST_and_status

CVE-2025-13924 MEDIUM

Advanced Product Fields for WooCommerce <= 1.6.17 - Cross-Site Request Forgery

CVE-2025-67598 MEDIUM

PSM Plugins SupportCandy <= 3.4.1 - CSRF

CVE-2025-67596 MEDIUM

Strategy11 Team Business Directory <6.4.19 - CSRF

CVE-2025-67595 MEDIUM

Ays Pro Quiz Maker <= 6.7.0.82 - Cross-Site Request Forgery

Previous Page 24 of 373 Next

Details

Vulnerabilities 9,320

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy