Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-352

CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,321 vulnerabilities with CWE-352

CVE-2025-47410 HIGH

Apache Geode 1.10.0-1.15.1 - Cross-Site Request Forgery via Management and Monitoring REST API

CVE-2025-9890 HIGH

Theme Editor <= 3.0 - Cross-Site Request Forgery via Missing Nonce Validation

CVE-2025-41254 MEDIUM

Spring Framework 5.3.0-5.3.45, 6.0.x-6.0.29, 6.1.0-6.1.23, 6.2.0-6.2.11 - Security Bypass via STOMP over WebSocket

CVE-2025-10700 MEDIUM

Ally - Web Accessibility & Usability <3.8.0 - CSRF

CVE-2025-10312 MEDIUM

WordPress Theme Importer <1.0 - CSRF

CVE-2025-10301 MEDIUM

FunKItools <= 1.0.2 - Cross-Site Request Forgery via saveFields() Function

CVE-2025-10300 MEDIUM

TopBar < 1.0.0 - Cross-Site Request Forgery via Missing Nonce Validation

CVE-2025-60535 HIGH

Wallos 4.1.1 - Cross-Site Request Forgery via Currency Endpoint

CVE-2025-59428 MEDIUM

EspoCRM < 9.1.9 - Authenticated Arbitrary User Creation via Stored SVG and CSRF

CVE-2025-7330 MEDIUM

Rockwell Automation 1783-NATR Firmware < 1.007 - Cross-Site Request Forgery

CVE-2025-42908 MEDIUM

SAP NetWeaver Application Server for ABAP - CSRF

CVE-2025-9626 MEDIUM

Page Blocks <= 1.1.0 - Cross-Site Request Forgery via admin_process_widget_page_change

CVE-2025-9621 MEDIUM

WidgetPack Comment System <1.6.1 - CSRF

CVE-2025-8606 LOW

GSheetConnector For Gravity Forms <1.3.23 - CSRF

CVE-2025-10376 MEDIUM

Course Redirects for Learndash Plugin <= 0.4 - Cross-Site Request Forgery via Settings Page

CVE-2025-10375 MEDIUM

Web Accessibility By accessiBe <2.10 - CSRF

CVE-2025-62245 MEDIUM

Liferay Portal 7.4.1-7.4.3.112 and DXP 2023.Q3.1-2023.Q3.10 - Cross-Site Request Forgery

CVE-2025-61930 HIGH

Emlog Pro <= 2.5.19 - Cross-Site Request Forgery on Password Change Endpoint

CVE-2025-43296 MEDIUM

macOS < 26.0 - Gatekeeper Bypass via Logic Issue

CVE-2025-11166 MEDIUM

WP Go Maps < 9.0.46 - Cross-Site Request Forgery via REST API AJAX Bridge

CVE-2025-11442 MEDIUM

JhumanJ OpnForm < 1.9.3 - Cross-Site Request Forgery via API Endpoint

CVE-2025-60956 HIGH

EndRun Technologies Sonoma D12 - CSRF

CVE-2025-9886 MEDIUM

Trinity Audio - Text to Speech AI <5.20.2 - CSRF

CVE-2025-9945 MEDIUM

Optimize More! - CSS <= 1.0.3 - Cross-Site Request Forgery via Missing Nonce Validation

CVE-2025-9897 MEDIUM

AP Background <= 3.8.2 - Cross-Site Request Forgery via advParallaxBackAdminSaveSlider

Previous Page 33 of 373 Next

Details

Vulnerabilities 9,321

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy