CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,322 vulnerabilities with CWE-352
CVE-2025-20322 MEDIUM
Splunk <9.4.3, 9.3.5, 9.2.7, 9.1.10 - CSRF/DoS
CVSS 4.3
CVE-2025-20321 MEDIUM
Splunk <9.4.3, 9.3.5, 9.2.7, 9.1.10 - CSRF
CVSS 6.5
CVE-2025-7133 MEDIUM
CodeAstro Online Movie Ticket Booking System 1.0 - Cross-Site Request Forgery
CVSS 4.3
CVE-2025-7078 MEDIUM
07flycms and 07FlyCRM < 1.3.9 - Cross-Site Request Forgery
CVSS 4.3
CVE-2025-53483 HIGH
Mediawiki - SecurePoll <1.39.13-1.42.7-1.43.2 - CSRF
CVSS 8.8
CVE-2025-53569 MEDIUM
Trust Payments Gateway for WooCommerce - CSRF
CVSS 4.3
CVE-2025-53568 MEDIUM
Tony Zeoli Radio Station <2.5.12 - CSRF
CVSS 4.3
CVE-2025-23972 MEDIUM
Contact Form 7 reCAPTCHA <1.2.0 - CSRF
CVSS 4.3
CVE-2025-6041 MEDIUM
WordPress yContributors <0.5 - CSRF
CVSS 6.1
CVE-2025-5933 MEDIUM
RD Contacto <= 1.4 - Cross-Site Request Forgery via rdWappUpdateData() Function
CVSS 4.3
CVE-2025-5924 MEDIUM
WP Firebase Push Notification < 1.2.0 - Cross-Site Request Forgery via wfpn_brodcast_notification_message Function
CVSS 4.3
CVE-2025-27454 MEDIUM
meac300-fnade4_firmware < 0.16.0 - Cross-Site Request Forgery
CVSS 4.3
CVE-2025-52841 HIGH
Laundry 2.3.0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2025-52463 LOW
Active! mail 6 <= BuildInfo: 6.60.06008562 - Cross-Site Request Forgery
CVSS 3.1
CVE-2025-6459 HIGH
Ads Pro Plugin <= 4.89 - Unauthenticated Cross-Site Request Forgery
CVSS 8.8
CVE-2025-34050 MEDIUM
AVTECH IP cameras, DVR, and NVR devices - Cross-Site Request Forgery
CVE-2025-53095 CRITICAL
lizardbyte/sunshine < 2025.628.4510 - Cross-Site Request Forgery via Command Preparations Feature
CVSS 9.6
CVE-2025-24289 HIGH
UCRM Client Signup Plugin <1.3.4 - CSRF/XSS
CVSS 7.5
CVE-2025-6865 MEDIUM
daicuo < 1.3.13 - Cross-Site Request Forgery via /admin.php/addon/index
CVSS 4.3
CVE-2025-6864 MEDIUM
SeaCMS < 13.2 - Cross-Site Request Forgery in /admin_type.php
CVSS 4.3
CVE-2025-5937 MEDIUM
MicroPayments - Fans Paysite < 3.2.0 - Cross-Site Request Forgery via adminOptions() Function
CVSS 4.3
CVE-2025-50370 MEDIUM
Phpgurukul Medical Card Generation System 1.0 - CSRF
CVSS 6.5
CVE-2025-50369 MEDIUM
PHPGurukul Medical Card Gen Sys 1.0 - CSRF
CVSS 6.5
CVE-2025-53338 HIGH
dor re.place <= 0.2.1 - Cross-Site Request Forgery leading to Stored Cross-Site Scripting
CVSS 7.1
CVE-2025-53332 HIGH
ethoseo Track Everything <2.0.1 - CSRF
CVSS 7.1
Details
Vulnerabilities 9,322
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits