Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-352

CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,322 vulnerabilities with CWE-352

CVE-2025-44186 MEDIUM

SourceCodester Best Employee Management System 1.0 - Cross-Site Request Forgery in User Update

CVE-2025-47204 MEDIUM

bootstrap-multiselect 1.1.2 - Reflective Cross-Site Scripting via POST Data Echo

CVE-2025-46721 MEDIUM

nosurf < 1.2.0 - Cross-Site Request Forgery Bypass via Referer Header Misuse

CVE-2025-31205 MEDIUM

Safari < 18.5 - Cross-Site Request Forgery

CVE-2025-24223 HIGH

Safari < 18.5 - Memory Corruption via Malicious Web Content

CVE-2025-46743 MEDIUM

SEL Blueframe OS < 1.12.0 - Authenticated Token Reuse After Logout

CVE-2025-46610 HIGH

ARTEC EMA Mail 6.92 - Cross-Site Request Forgery

CVE-2025-4375 MEDIUM

Sparx Systems Pro Cloud Server <6.0.165 - CSRF

CVE-2025-20195 MEDIUM

Cisco IOS XE - Unauthenticated Cross-Site Request Forgery via Web-Based Management Interface

CVE-2025-47685 HIGH

Moloni Contribuinte Checkout <2.0.02 - CSRF

CVE-2025-47684 MEDIUM

Smaily for WP <= 3.1.7 - Cross-Site Request Forgery

CVE-2025-47681 MEDIUM

Ability, Inc Web Accessibility <2.0.9 - CSRF

CVE-2025-47674 MEDIUM

Credova Financial Credova_Financial <= 2.5.0 - Cross-Site Request Forgery

CVE-2025-47667 MEDIUM

LiveAgent <= 4.4.7 - Cross-Site Request Forgery

CVE-2025-47661 MEDIUM

codemstory WordPress SimplePay <5.2.11 - CSRF

CVE-2025-47655 HIGH

theMarketer <= 1.4.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting

CVE-2025-47648 HIGH

axima Pays - WooCommerce Payment Gateway <2.6 - XSS

CVE-2025-47647 MEDIUM

OTWthemes Sidebar Manager Light - CSRF

CVE-2025-47639 HIGH

Supertext Translation and Proofreading <= 4.26 - Cross-Site Request Forgery to Stored Cross-Site Scripting

CVE-2025-47633 MEDIUM

Awin - Advertiser Tracking for WooCommerce <= 2.0.0 - Cross-Site Request Forgery

CVE-2025-47624 MEDIUM

DoFollow Case by Case <= 3.5.1 - Cross-Site Request Forgery

CVE-2025-47620 HIGH

Martins Free Monetized Ad Exchange Network <1.0.5 - CSRF

CVE-2025-47614 MEDIUM

LessButtons Social Sharing & Stats <1.6.1 - CSRF

CVE-2025-47609 MEDIUM

EasyMe Connect <= 3.0.3 - Cross-Site Request Forgery

CVE-2025-47606 MEDIUM

Simple Giveaways <= 2.49.0 - Cross-Site Request Forgery

Previous Page 55 of 373 Next

Details

Vulnerabilities 9,322

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy