CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,322 vulnerabilities with CWE-352
CVE-2025-7669 MEDIUM
Avishi WP PayPal Payment Button <2.0 - CSRF
CVSS 6.1
CVE-2025-50586 MEDIUM
daycloud studentmanage v1.0 - Cross-Site Request Forgery
CVSS 6.5
CVE-2025-6781 MEDIUM
Copymatic - AI Content Writer & Generator <2.1 - CSRF
CVSS 4.3
CVE-2025-6053 MEDIUM
Zuppler Online Ordering <2.1.0 - CSRF
CVSS 6.1
CVE-2025-7756 MEDIUM
code-projects E-Commerce Site 1.0 - CSRF
CVSS 4.3
CVE-2025-54042 MEDIUM
xfinitysoft WP Post Hide <1.0.9 - CSRF
CVSS 4.3
CVE-2025-54041 MEDIUM
WP Swings Wallet System for WooCommerce <2.6.7 - CSRF
CVSS 4.3
CVE-2025-54039 MEDIUM
Toast Plugins Animator <3.0.16 - CSRF
CVSS 4.3
CVE-2025-54038 MEDIUM
MotoPress Restaurant Menu <2.4.6 - CSRF
CVSS 5.4
CVE-2025-54036 MEDIUM
Webba Booking < 5.1.20 - Cross-Site Request Forgery
CVSS 4.3
CVE-2025-54035 MEDIUM
Tribulant Software Newsletters <4.10 - CSRF
CVSS 4.3
CVE-2025-54033 MEDIUM
BlocksWP Theme Builder For Elementor <1.2.3 - CSRF
CVSS 6.5
CVE-2025-54030 MEDIUM
WooCommerce Google Sheet Connector <1.3.20 - CSRF
CVSS 4.3
CVE-2025-54022 MEDIUM
RelyWP Coupon Affiliates <6.4.0 - CSRF
CVSS 6.5
CVE-2025-54020 MEDIUM
Erik AntiSpam for Contact Form 7 - CSRF
CVSS 5.4
CVE-2025-54010 CRITICAL
Shahjahan Jewel FluentSnippets <10.50 - CSRF
CVSS 9.6
CVE-2025-48153 HIGH
Atakan Au Import CDN-Remote Images <2.1.2 - CSRF/XSS
CVSS 7.1
CVE-2025-50090 MEDIUM
Oracle E-Business Suite - Personalization - Info Disclosure
CVSS 5.4
CVE-2025-30756 MEDIUM
Oracle REST Data Services 24.2.0 - Unauthenticated Cross-Site Request Forgery
CVSS 6.1
CVE-2025-30746 MEDIUM
Oracle iStore 12.2.3-12.2.14 - Unauthenticated Cross-Site Request Forgery in Shopping Cart
CVSS 6.1
CVE-2025-30745 MEDIUM
Oracle MES for Process Manufacturing 12.2.12-12.2.13 - Unauthenticated Cross-Site Request Forgery in Device Integration
CVSS 6.1
CVE-2025-7667 HIGH
WordPress Restrict File Access <1.1.2 - CSRF
CVSS 8.1
CVE-2025-49462 LOW
Zoom < 6.4.5 - Authenticated Cross-Site Scripting
CVSS 3.5
CVE-2025-7379 MEDIUM
DataSync Center <1.1.0.r207-1.2.0.r206 - Auth Bypass
CVE-2025-53540 HIGH
espressif arduino-esp32 < 3.2.1 - Cross-Site Request Forgery via OTA Update Endpoint
Details
Vulnerabilities 9,322
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits