Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-352

CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,321 vulnerabilities with CWE-352

CVE-2025-63953 MEDIUM

Magewell Pro Convert <1.2.213 - CSRF

CVE-2025-63952 MEDIUM

Magewell Pro Convert <1.2.213 - CSRF

CVE-2025-65107 MEDIUM

langfuse 2.95.0-2.95.11 and 3.17.0-3.130.0 - Authenticated Account Takeover via CSRF or Phishing Attack

CVE-2025-11087 HIGH

Zegen Core <= 2.0.1 - Unauthenticated Arbitrary File Upload via CSRF

CVE-2025-66097 MEDIUM

I Order Terms <= 1.5.0 - Cross-Site Request Forgery

CVE-2025-66064 MEDIUM

Giveaways and Contests by RafflePress <= 1.12.20 - Cross-Site Request Forgery

CVE-2025-66061 MEDIUM

Seriously Simple Podcasting <3.13.0 - CSRF

CVE-2025-13142 MEDIUM

Custom Post Type <= 1.0 - Unauthenticated Cross-Site Request Forgery via Custom Post Type Deletion

CVE-2025-13134 MEDIUM

AuthorSure < 2.3 - Cross-Site Request Forgery via Missing Nonce Validation

CVE-2025-62687 MEDIUM

LogStare Collector < 2.4.2 - Cross-Site Request Forgery

CVE-2025-62346 MEDIUM

HCL Glovius Cloud <= S05.25 - Cross-Site Request Forgery

CVE-2025-12535 MEDIUM

SureForms < 1.13.1 - Cross-Site Request Forgery Bypass via Generic REST API Nonce

CVE-2025-63955 HIGH

PHPGurukul Student Record System <3.2 - CSRF

CVE-2025-59114 MEDIUM

Windu CMS 4.1 - Cross-Site Request Forgery in File Upload Functionality

CVE-2025-59112 MEDIUM

Windu CMS 4.1 - Cross-Site Request Forgery in User Editing Functionality

CVE-2025-59110 MEDIUM

Windu CMS 4.1 - Cross-Site Request Forgery via Token Bypass

CVE-2025-6670 HIGH

WSO2 API Control Plane and API Manager - Cross-Site Request Forgery via Carbon Console Event Processor

CVE-2025-9625 MEDIUM

Coil Web Monetization <2.0.2 - CSRF

CVE-2025-12827 MEDIUM

Top Friends <= 0.3 - Cross-Site Request Forgery via Missing Nonce Validation

CVE-2025-12406 MEDIUM

Project Honey Pot Spam Trap <= 1.0.1 - Cross-Site Request Forgery via Missing Nonce Validation

CVE-2025-12404 MEDIUM

Like-it < 2.2 - Cross-Site Request Forgery via likeit_conf() Function

CVE-2025-12173 MEDIUM

WP Admin Microblog <= 3.1.1 - Cross-Site Request Forgery via Missing Nonce Validation

CVE-2025-55057 MEDIUM

Maxum Rumpus - Cross-Site Request Forgery

CVE-2025-13283 HIGH

TenderDocTransfer < 0.41.159 - Unauthenticated Arbitrary File Copy and Paste via API

CVE-2025-13282 HIGH

TenderDocTransfer < 0.41.159 - Unauthenticated Arbitrary File Deletion via API

Previous Page 28 of 373 Next

Details

Vulnerabilities 9,321

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy