Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-352

CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,321 vulnerabilities with CWE-352

CVE-2025-7842 MEDIUM

Silencesoft RSS Reader <= 0.6 - Cross-Site Request Forgery via Missing Nonce Validation

CVE-2025-7841 MEDIUM

Sertifier Certificate & Badge Maker - WordPress - CSRF

CVE-2025-7839 MEDIUM

Restore Permanently delete Post or Page Data <= 1.0 - Cross-Site Request Forgery via rp_dpo_dpa_ajax_dp_delete_data()

CVE-2025-57895 MEDIUM

JobWP <= 2.4.3 - Cross-Site Request Forgery

CVE-2025-57893 MEDIUM

Epsiloncool WP Fast Total Search - CSRF

CVE-2025-57892 MEDIUM

Jeff Starr Simple Statistics for Feeds <20250322 - CSRF

CVE-2025-57885 MEDIUM

Shahjahan Jewel Fluent Support <1.9.1 - CSRF

CVE-2025-55744 MEDIUM

UnoPim < 0.2.1 - Cross-Site Request Forgery

CVE-2025-8592 HIGH

Inspiro < 2.1.2 - Cross-Site Request Forgery via inspiro_install_plugin() Function

CVE-2025-50902 HIGH

old-peanut Open-Shop < 1.0.0 - Cross-Site Request Forgery via Crafted HTTP Post Message

CVE-2025-43748 MEDIUM

Liferay Portal 7.0.0-7.4.3.119 and Liferay DXP 2024.Q1.1-2024.Q1.6 - Cross-Site Request Forgery

CVE-2025-54174 MEDIUM

QuickCMS 6.8 - Cross-Site Request Forgery in Article Creation

CVE-2025-8102 MEDIUM

Easy Digital Downloads <3.5.0 - CSRF

CVE-2025-54052 HIGH

Realtyna Organic IDX plugin <= 5.0.0 - Cross-Site Request Forgery and PHP Local File Inclusion

CVE-2025-49896 MEDIUM

WP Discord Post Plus - Supports Unlimited Channels <= 1.0.2 - Cross-Site Request Forgery

CVE-2025-49399 HIGH

Basix NEX-Forms <= 9.1.3 - Cross-Site Request Forgery

CVE-2025-49391 MEDIUM

Fetch Designs Sign-up Sheets <2.3.3 - CSRF

CVE-2025-49382 HIGH

DexignZone JobZilla - Job Board WP Theme <2.0 - CSRF/PrivEsc

CVE-2025-49381 CRITICAL

ads.txt Guru Connect <= 1.1.1 - Cross-Site Request Forgery

CVE-2025-43745 MEDIUM

Liferay Digital Experience Platform 2024.Q1.1-2024.Q1.19 - Cross-Site Request Forgery via Endpoint Parameter

CVE-2025-7686 MEDIUM

weichuncai(WP) <= 1.5 - Cross-Site Request Forgery via sm-options.php

CVE-2025-7684 MEDIUM

Last.fm Recent Album Artwork 1.0.2 - CSRF

CVE-2025-7683 MEDIUM

LatestCheckins <= 1 - Cross-Site Request Forgery via Missing Nonce Validation

CVE-2025-7668 MEDIUM

Linux Promotional Plugin <1.4 - CSRF

CVE-2025-49895 MEDIUM

ServerBuddy by PluginBuddy.com < 1.0.5 - Cross-Site Request Forgery to PHP Object Injection

Previous Page 42 of 373 Next

Details

Vulnerabilities 9,321

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy