Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-352

CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,321 vulnerabilities with CWE-352

CVE-2025-48362 MEDIUM

Hesabfa Accounting <= 2.2.5 - Cross-Site Request Forgery

CVE-2025-48359 HIGH

ATT YouTube Widget <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

CVE-2025-48357 MEDIUM

Century ToolKit <= 1.2.1 - Cross-Site Request Forgery to Arbitrary Plugin Activation

CVE-2025-48353 HIGH

dactum Clickbank WordPress Plugin - CSRF

CVE-2025-48351 HIGH

PluginsPoint Kento Splash Screen -<1.4 - XSS

CVE-2025-48343 HIGH

WPMU Ldap Authentication <= 5.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

CVE-2025-48325 HIGH

WP Admin Theme <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

CVE-2025-48321 HIGH

dyiosah Ultimate Twitter Profile Widget - CSRF

CVE-2025-48320 HIGH

CuckooHello <1.0.6 - CSRF

CVE-2025-48318 MEDIUM

Duoshuo 1.2 - CSRF

CVE-2025-48311 HIGH

OffClicks Invisible Optin -<1.0 - CSRF

CVE-2025-48310 MEDIUM

Table Editor <= 1.6.4 - Cross-Site Request Forgery

CVE-2025-48309 HIGH

BetPress <= 1.0.1 Lite - Cross-Site Request Forgery to Stored Cross-Site Scripting

CVE-2025-48308 HIGH

Newsletter subscription optin <1.2.9 - XSS

CVE-2025-48307 HIGH

kasonzhao SEO For Images <1.0.0 - CSRF

CVE-2025-48306 HIGH

Savyour Affiliate Partner <2.1.4 - CSRF

CVE-2025-48304 HIGH

Gary Illyes Google XML News Sitemap <0.02 - CSRF

CVE-2025-48109 HIGH

Xavier Media XM-Backup <0.9.1 - CSRF

CVE-2025-54541 MEDIUM

QuickCMS 6.8 - Cross-Site Request Forgery in Page Deletion

CVE-2025-7812 HIGH

Video Share VOD - WordPress <2.7.6 - CSRF

CVE-2025-58217 HIGH

GeroNikolov Instant Breaking News - XSS

CVE-2025-58202 MEDIUM

Simple Page Access Restriction <1.0.32 - CSRF

CVE-2025-54598 MEDIUM

Bevy Event Service < 2025-06-24 - Cross-Site Request Forgery via Notifications Delete Endpoint

CVE-2025-49040 MEDIUM

Backup Bolt <= 1.5.0 - Cross-Site Request Forgery

CVE-2025-48303 MEDIUM

Post Type Converter <= 0.6 - Cross-Site Request Forgery

Previous Page 41 of 373 Next

Details

Vulnerabilities 9,321

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy