Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-352

CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,321 vulnerabilities with CWE-352

CVE-2025-13179 MEDIUM

Bdtask Wholesale < 2025-10-16 - Cross-Site Request Forgery

CVE-2025-13177 MEDIUM

Bdtask SalesERP < 2025-10-16 - Cross-Site Request Forgery

CVE-2025-59480 MEDIUM

Mattermost Mobile Apps <= 2.32.0 - Cross-Site Request Forgery via SSO Redirect Token

CVE-2025-13119 MEDIUM

Simple E-Banking System 1.0 - Cross-Site Request Forgery

CVE-2025-64271 MEDIUM

HasThemes WP Plugin Manager <= 1.4.7 - Cross-Site Request Forgery

CVE-2025-64262 MEDIUM

Auto Prune Posts <= 3.0.0 - Cross-Site Request Forgery

CVE-2025-64482 MEDIUM

Tuleap < 16.13.99.1762267347 / < 17.0-1, 16.13-6, 16.12-9 - Cross-Site Request Forgery

CVE-2025-64117 MEDIUM

Tuleap < 16.13.99.1761813675 / Enterprise < 16.13-5/16.12-8 - Cross-Site Request Forgery

CVE-2025-57310 HIGH

simple_faucet_script v1.07 - Cross-Site Request Forgery via Admin Ads Endpoint

CVE-2025-60645 MEDIUM

xxl-api < 1.3.0 - Cross-Site Request Forgery via User Addition

CVE-2025-12901 MEDIUM

Asgaros Forum <= 3.2.1 - Cross-Site Request Forgery via set_subscription_level() Function

CVE-2025-12590 MEDIUM

YSlider <= 1.1 - Cross-Site Request Forgery to Stored XSS via Content Configuration

CVE-2025-12589 MEDIUM

WP-Walla <= 0.5.3.5 - Unauthenticated Cross-Site Request Forgery to Stored Cross-Site Scripting

CVE-2025-12588 MEDIUM

USB Qr Code Scanner For Woocommerce <1.0.0 - CSRF

CVE-2025-12132 MEDIUM

WP Custom Admin Login Page Logo <1.4.8.4 - CSRF

CVE-2025-11886 MEDIUM

CTL Arcade Lite <= 1.0 - Cross-Site Request Forgery via Missing Nonce Validation

CVE-2025-63712 HIGH

SourceCodester Product Expiry Management - CSRF

CVE-2025-63711 HIGH

SourceCodester Client DBMS 1.0 - CSRF

CVE-2025-63710 MEDIUM

SourceCodester Simple Public Chat Room 1.0 - CSRF

CVE-2025-63717 MEDIUM

SourceCodester Pet Grooming Management Software 1.0 - CSRF

CVE-2025-63716 MEDIUM

SourceCodester Leads Manager Tool v1.0 - CSRF

CVE-2025-58469 HIGH

QuLog Center 1.8.0.872-1.8.2.923 - Cross-Site Request Forgery

CVE-2025-62950 MEDIUM

Contest Gallery <= 28.0.0 - Cross-Site Request Forgery

CVE-2025-53316 HIGH

Shahjahan Jewel WP GDPR Cookie Consent - CSRF

CVE-2025-48085 HIGH

ZIPANG Simple Stripe <=0.9.17 - CSRF

Previous Page 29 of 373 Next

Details

Vulnerabilities 9,321

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy