Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-352

CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,321 vulnerabilities with CWE-352

CVE-2025-10499 MEDIUM

Ninja Forms < 3.12.1 - Cross-Site Request Forgery via maybe_opt_in() Function

CVE-2025-10498 MEDIUM

Ninja Forms < 3.12.0 - Cross-Site Request Forgery via CSV Export

CVE-2025-59845 HIGH

Apollo Sandbox < 2.7.2 & Apollo Explorer < 3.7.3 - CSRF via window.postMessage Origin Validation Error

CVE-2025-11029 MEDIUM

Vvveb < 1.0.7.2 - Cross-Site Request Forgery

CVE-2025-60173 HIGH

Ashwani kumar GST for WooCommerce <2.0 - CSRF

CVE-2025-60172 HIGH

Flytedesk Digital <= 20181101 - Cross-Site Request Forgery

CVE-2025-60171 HIGH

YourPlugins.com - WooCommerce <1.2.10 - CSRF/XSS

CVE-2025-60170 HIGH

Taraprasad Swain HTACCESS IP Blocker <1.0 - CSRF

CVE-2025-60169 HIGH

W3SCloud Contact Form 7 to Zoho CRM - XSS

CVE-2025-60164 HIGH

NewsmanApp <= 2.7.7 - Cross-Site Request Forgery

CVE-2025-60156 CRITICAL

Webandprint AR For WordPress - CSRF

CVE-2025-60145 MEDIUM

yonifre Lenix scss compiler <= 1.2 - Cross-Site Request Forgery

CVE-2025-60139 MEDIUM

Joovii Sendle Shipping <6.02 - CSRF

CVE-2025-60137 MEDIUM

Galaxy Weblinks Post Featured Video <1.7 - CSRF

CVE-2025-60117 MEDIUM

Vehica Core <= 1.0.100 - Cross-Site Request Forgery

CVE-2025-60115 MEDIUM

Instapage Plugin <= 3.7.0 - Cross-Site Request Forgery

CVE-2025-60113 MEDIUM

Groovy Menu <= 1.4.3 - Cross-Site Request Forgery

CVE-2025-60111 HIGH

Javo Core <= 3.0.0.266 - Cross-Site Request Forgery

CVE-2025-60093 MEDIUM

Shahjada Download Manager <= 3.3.24 - Cross-Site Request Forgery

CVE-2025-58914 MEDIUM

Di Themes Demo Site Importer - CSRF

CVE-2025-10377 MEDIUM

WordPress System Dashboard <2.8.20 - CSRF

CVE-2025-10752 MEDIUM

OAuth Single Sign On - SSO (OAuth Client) <= 6.26.12 - Cross-Site Request Forgery via Predictable OAuth State Parameter

CVE-2025-56311 MEDIUM

Shenzhen C-Data Technology Co. FD602GW-DX-R410 v2.2.14 - CSRF

CVE-2025-59572 HIGH

WorkScout-Core < 1.7.06 - Cross-Site Request Forgery

CVE-2025-59568 MEDIUM

Zoho Flow <= 2.14.1 - Cross-Site Request Forgery

Previous Page 35 of 373 Next

Details

Vulnerabilities 9,321

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy