CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,321 vulnerabilities with CWE-352
CVE-2025-9882 MEDIUM
osTicket WP Bridge <= 1.9.2 - Cross-Site Request Forgery via Missing Nonce Validation
CVSS 6.1
CVE-2025-9949 MEDIUM
WordPress Internal Links Manager <3.0.1 - CSRF
CVSS 4.3
CVE-2025-43809 MEDIUM
Liferay Portal 7.4.0-7.4.3.111 and Liferay DXP < 2023.Q4.8 - Cross-Site Request Forgery via License Registration
CVSS 4.3
CVE-2025-50255 HIGH
Smartvista BackOffice SmartVista Suite 2.2.22 - CSRF
CVSS 7.8
CVE-2025-54390 MEDIUM
Zimbra Collaboration - Cross-Site Request Forgery in ResetPasswordRequest Operation
CVSS 6.3
CVE-2025-10188 MEDIUM
The Hack Repair Guy's Plugin Archiver <2.0.4 - CSRF
CVSS 5.4
CVE-2025-9891 MEDIUM
User Sync < 1.0.2 - Cross-Site Request Forgery via mo_user_sync_form_handler()
CVSS 4.3
CVE-2025-9629 MEDIUM
USS Upyun < 1.5.0 - Cross-Site Request Forgery via uss_setting_page Function
CVSS 4.3
CVE-2025-56710 HIGH
PHPGurukul Student-Result-Management-System-Using-PHP-V2.0 - Cross-Site Request Forgery via Profile Page
CVSS 7.3
CVE-2025-9881 MEDIUM
WordPress Ultimate Blogroll <2.5.2 - CSRF
CVSS 6.1
CVE-2025-9880 MEDIUM
Side Slide Responsive Menu <1.0 - CSRF
CVSS 6.1
CVE-2025-9635 MEDIUM
WordPress Analytics Reduce Bounce Rate <2.3 - CSRF
CVSS 4.3
CVE-2025-9634 MEDIUM
WordPress Plugin updates blocker <0.2 - CSRF
CVSS 4.3
CVE-2025-9633 MEDIUM
LH Signing <= 2.83 - Cross-Site Request Forgery via Plugin Options Function
CVSS 4.3
CVE-2025-9632 MEDIUM
PhpList Subber <= 1.1 - Cross-Site Request Forgery via Bulk Action Handler
CVSS 4.3
CVE-2025-9631 MEDIUM
AutoCatSet <= 2.1.4 - Cross-Site Request Forgery via Missing Nonce Validation
CVSS 4.3
CVE-2025-9628 MEDIUM
The integration of the AMO.CRM < 1.0.1 - Unauthenticated Cross-Site Request Forgery via Settings Page
CVSS 4.3
CVE-2025-9627 MEDIUM
Run Log <= 1.7.10 - Cross-Site Request Forgery via oirl_plugin_options Function
CVSS 4.3
CVE-2025-9623 MEDIUM
Admin in English with Switch plugin for WordPress - XSS
CVSS 4.3
CVE-2025-9620 MEDIUM
Seo Monster <= 3.3.3 - Cross-Site Request Forgery via check_integration() Function
CVSS 6.1
CVE-2025-9617 MEDIUM
Publish approval < 1.1 - Cross-Site Request Forgery via Missing Nonce Validation
CVSS 5.3
CVE-2025-8481 MEDIUM
Blog Designer For Elementor - Post Slider, Post Carousel, Post Grid...
CVSS 4.3
CVE-2025-8479 MEDIUM
Zoho Flow < 2.14.1 - Cross-Site Request Forgery via Missing Nonce Validation
CVSS 4.3
CVE-2025-9888 MEDIUM
Maspik - Ultimate Spam Protection <2.5.6 - CSRF
CVSS 4.3
CVE-2025-9622 MEDIUM
WP Blast | SEO & Performance Booster <1.8.6 - CSRF
CVSS 4.3
Details
Vulnerabilities 9,321
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits