CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,322 vulnerabilities with CWE-352
CVE-2025-49555 HIGH
Adobe Commerce < 2.4.4 - Cross-Site Request Forgery
CVSS 8.1
CVE-2025-7965 MEDIUM
CBX Restaurant Booking <1.2.1 - CSRF
CVSS 4.3
CVE-2025-8814 MEDIUM
pybbs < 6.0.0 - Cross-Site Request Forgery via CookieUtil setCookie Function
CVSS 4.3
CVE-2025-8739 MEDIUM
zhenfeng13 My-Blog <= 1.0.0 - Cross-Site Request Forgery via /admin/tags/save
CVSS 4.3
CVE-2025-7202 MEDIUM
Elgato Key Light <1.0.3(218) - Cross-Site Request Forgery
CVE-2025-5988 MEDIUM
Red Hat Ansible Automation Platform 2.5 for RHEL 8/9 - Cross-Site Request Forgery in aap-gateway
CVSS 5.3
CVE-2025-8505 MEDIUM
wx-shop <de1b66331368695779cfc6e4d11a64caddf8716e - CSRF
CVSS 4.3
CVE-2025-54782 HIGH
nestjs/devtools-integration < 0.2.1 - Remote Code Execution via Unsafe JavaScript Sandbox
CVSS 8.8
CVE-2025-50847 MEDIUM
CS-Cart 4.18.3 - Cross-Site Request Forgery via Product Comparison List
CVSS 6.5
CVE-2025-8335 MEDIUM
code-projects Simple Car Rental System 1.0 - Cross-Site Request Forgery
CVSS 4.3
CVE-2025-54536 MEDIUM
JetBrains TeamCity < 2025.07 - Cross-Site Request Forgery via GraphQL Endpoint
CVSS 5.4
CVE-2025-54529 LOW
JetBrains TeamCity < 2025.07 - Cross-Site Request Forgery in OAuth Login Integration
CVSS 3.7
CVE-2025-54528 MEDIUM
JetBrains TeamCity < 2025.07 - Cross-Site Request Forgery in GitHub App Connection Flow
CVSS 5.4
CVE-2025-8223 MEDIUM
jerryshensjf JPACookieShop - Cross-Site Request Forgery in AdminTypeCustController.java
CVSS 4.3
CVE-2025-8104 MEDIUM
Memory Usage <= 3.98 - Cross-Site Request Forgery via wpmemory_install_plugin()
CVSS 4.3
CVE-2025-8103 MEDIUM
WPeMatico RSS Feed Fetcher <2.8.7 - CSRF
CVSS 4.3
CVE-2025-36728 MEDIUM
Simplehelp < 5.5.11 - Cross-Site Request Forgery
CVSS 6.3
CVE-2025-7835 MEDIUM
iThoughts Advanced Code Editor <1.2.10 - CSRF
CVSS 4.3
CVE-2025-7690 MEDIUM
WordPress Affiliate Plus <1.3.2 - CSRF
CVSS 6.1
CVE-2025-6214 MEDIUM
Omnishop < 1.0.9 - Cross-Site Request Forgery via /users/delete REST Route
CVSS 6.5
CVE-2025-6054 MEDIUM
YANewsflash <= 1.0.3 - Cross-Site Request Forgery via Missing Nonce Validation
CVSS 6.1
CVE-2025-7687 MEDIUM
WordPress Latest Post Accordian Slider <1.3 - CSRF
CVSS 6.1
CVE-2025-7685 MEDIUM
Like & Share My Site <= 0.2 - Cross-Site Request Forgery via lsms_admin Page
CVSS 6.1
CVE-2025-7369 MEDIUM
WP Shortcodes Plugin - Shortcodes Ultimate <= 7.4.2 - Cross-Site Request Forgery via Preview Function
CVSS 6.1
CVE-2025-7834 MEDIUM
PHPGurukul Complaint Management System 2.0 - CSRF
CVSS 4.3
Details
Vulnerabilities 9,322
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits