CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,321 vulnerabilities with CWE-352
CVE-2025-62103 MEDIUM
Media Library File Download <2 - CSRF
CVSS 4.3
CVE-2025-62102 MEDIUM
apasionados DoFollow Case by Case <= 3.5.1 - CSRF
CVSS 4.3
CVE-2025-59132 MEDIUM
Badi Jones Duplicate Content Cure - CSRF
CVSS 4.3
CVE-2025-49351 HIGH
Valentin Agachi Create Posts & Terms <= 1.3.1 - XSS
CVSS 7.1
CVE-2025-49347 HIGH
Jupitercow WP sIFR <= 0.6.8.1 - Cross-Site Request Forgery
CVSS 7.1
CVE-2025-49341 HIGH
PDF Creator Lite <= 1.2 - Cross-Site Request Forgery
CVSS 7.1
CVE-2025-11022 CRITICAL
Panilux < v.0.10.0 - Cross-Site Request Forgery
CVSS 9.6
CVE-2025-65962 MEDIUM
Tuleap <17.0.99.1763803709, <17.0-4, <16.13-9 - CSRF
CVSS 4.6
CVE-2025-64760 MEDIUM
Tuleap < 16.13-8 and < 17.0.99.1763126988 - Cross-Site Request Forgery
CVSS 4.6
CVE-2025-64499 MEDIUM
Tuleap < 16.12-10, < 17.0.99.1762456922 - Cross-Site Request Forgery via Planning Management API
CVSS 4.6
CVE-2025-64498 MEDIUM
Tuleap < 16.12-10, < 17.0.99.1762444754 - Cross-Site Request Forgery
CVSS 4.6
CVE-2025-60912 LOW
phpipam < 1.7.3 - Cross-Site Request Forgery in Database Export Functionality
CVSS 3.3
CVE-2025-42616 HIGH
CIRCL Vulnerability-Lookup < 2.18.0 - Cross-Site Request Forgery via State-Changing GET Endpoints
CVE-2025-14117 MEDIUM
fit2cloud Halo 2.21.10 - Cross-Site Request Forgery
CVSS 4.3
CVE-2025-13629 MEDIUM
WP Landing Page <= 0.9.3 - Cross-Site Request Forgery via wplp_api_update_text Function
CVSS 4.3
CVE-2025-66629 LOW
HedgeDoc < 1.10.4 - Cross-Site Request Forgery in OAuth2 Social Login Endpoints
CVSS 3.7
CVE-2025-12879 HIGH
WordPress User Generator & Importer <1.2.2 - CSRF
CVSS 8.8
CVE-2025-13684 MEDIUM
ARK Related Posts < 2.19 - Cross-Site Request Forgery via ark_rp_options_page Function
CVSS 4.3
CVE-2025-12130 MEDIUM
WC Vendors - WooCommerce Multivendor, WooCommerce Marketplace, Prod...
CVSS 4.3
CVE-2025-12373 MEDIUM
Torod < 1.9 - Cross-Site Request Forgery via Missing Nonce Validation
CVSS 4.3
CVE-2025-13621 MEDIUM
Dream Gallery < 1.0 - Cross-Site Request Forgery via 'dreampluginsmain' AJAX Action
CVSS 6.1
CVE-2025-13360 MEDIUM
Quantic Social Image Hover <1.0.8 - CSRF
CVSS 4.3
CVE-2025-13144 MEDIUM
ContentStudio <= 1.3.7 - Cross-Site Request Forgery via add_cstu_settings Function
CVSS 4.3
CVE-2025-12190 MEDIUM
Image Optimizer by wps.sk <1.2.0 - CSRF
CVSS 4.3
CVE-2025-12189 MEDIUM
Bread & Butter: AI-Powered Lead Intelligence <= 7.11.1374 - Cross-Site Request Forgery via uploadImage() Function
CVSS 4.3
Details
Vulnerabilities 9,321
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits