CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,321 vulnerabilities with CWE-352
CVE-2025-12128 MEDIUM
Hide Categories Or Products On Shop Page <1.0.7 - CSRF
CVSS 4.3
CVE-2025-10055 MEDIUM
Time Sheets <= 2.1.3 - Cross-Site Request Forgery via Missing Nonce Validation
CVSS 4.3
CVE-2025-13362 MEDIUM
Norby AI <= 1.0.3 - Cross-Site Request Forgery via Settings Update
CVSS 4.3
CVE-2025-11759 MEDIUM
XCloner plugin <4.8.2 - CSRF
CVSS 4.3
CVE-2025-65027 HIGH
romm < 4.4.1 - Authenticated Unrestricted File Upload and Stored Cross-Site Scripting via SVG/HTML Files
CVSS 7.6
CVE-2025-12358 MEDIUM
ShopEngine Elementor WooCommerce Builder Addon <4.8.5 - CSRF
CVSS 4.3
CVE-2025-13871 HIGH
ObjectPlanet Opinio 7.26 rev12562 - Cross-Site Request Forgery in Resource Management
CVSS 8.8
CVE-2025-13685 MEDIUM
The Photo Gallery by Ays <6.4.8 - CSRF
CVSS 4.3
CVE-2025-13140 MEDIUM
SurveyJS: Drag & Drop WordPress Form Builder <1.12.20 - CSRF
CVSS 4.3
CVE-2025-13606 MEDIUM
Export All Posts, Products, Orders, Refunds & Users <= 2.19 - Cross-Site Request Forgery via parseData Function
CVSS 6.5
CVE-2025-65840 HIGH
PublicCMS V5.202506.b - Cross-Site Request Forgery in CkEditorAdminController
CVSS 8.8
CVE-2025-13296 MEDIUM
Tekrom Technology Inc. T-Soft E-Commerce <28112025 - CSRF
CVSS 5.4
CVE-2025-13790 MEDIUM
Scada-LTS < 2.7.8.1 - Cross-Site Request Forgery
CVSS 4.3
CVE-2025-53897 MEDIUM
Kiteworks MFT <9.1.0 - Info Disclosure
CVSS 6.8
CVE-2025-51733 MEDIUM
HCL Unica 12.0.0 - Cross-Site Request Forgery
CVSS 5.5
CVE-2025-13737 MEDIUM
Nextend Social Login & Register <3.1.21 - CSRF
CVSS 4.3
CVE-2025-13143 MEDIUM
Poll, Survey & Quiz Maker Plugin <19.12.0 - CSRF
CVSS 4.3
CVE-2025-12578 MEDIUM
Reuters Direct <= 3.0.0 - Cross-Site Request Forgery via Settings Page
CVSS 4.3
CVE-2025-62593 CRITICAL
Ray < 2.52.0 - Remote Code Execution via DNS Rebinding and User-Agent Spoofing
CVE-2025-12061 HIGH
TAX SERVICE Electronic HDM <1.2.1 - SQL Injection
CVSS 8.6
CVE-2025-60739 CRITICAL
Ilevia EVE X1 Server <4.7.18.0.eden-2025_07_21 - CSRF
CVSS 9.6
CVE-2025-12587 MEDIUM
Peer Publish <= 1.0 - Cross-Site Request Forgery via Website Management Pages
CVSS 4.3
CVE-2025-12586 MEDIUM
Conditionnal Maintenance Mode for WordPress <= 1.0.0 - Cross-Site Request Forgery via Maintenance Mode Toggle
CVSS 4.3
CVE-2025-62497 MEDIUM
SNC-CX600W Firmware < 2.8.0 - Cross-Site Request Forgery
CVSS 6.5
CVE-2025-56400 HIGH
Tuya Smart and Smartlife - Cross-Site Request Forgery in OAuth Account Linking Flow
CVSS 8.8
Details
Vulnerabilities 9,321
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits