Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-352

CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,322 vulnerabilities with CWE-352

CVE-2025-4327 MEDIUM

MRCMS 3.1.2 - Cross-Site Request Forgery

CVE-2025-4337 MEDIUM

AHAthat Plugin <= 1.6 - Cross-Site Request Forgery via aha_plugin_page() Function

CVE-2025-4282 MEDIUM

SourceCodester/oretnom23 Stock Management System 1.0 - CSRF

CVE-2025-28062 HIGH

ERPNEXT 14.82.1 and 14.74.3 - Cross-Site Request Forgery

CVE-2025-4199 MEDIUM

Abundatrade Plugin <= 1.8.02 - Cross-Site Request Forgery via Missing Nonce Validation

CVE-2025-4198 MEDIUM

Alink Tap <= 1.3.1 - Cross-Site Request Forgery via Missing Nonce Validation

CVE-2025-4188 MEDIUM

WordPress Advanced Reorder Image Text Slider <1.0 - CSRF

CVE-2025-2168 MEDIUM

Ultimate Store Kit < 2.4.1 - Cross-Site Request Forgery via Missing Nonce Validation

CVE-2025-1305 HIGH

NewsBlogger < 0.2.5.4 - Cross-Site Request Forgery via newsblogger_install_and_activate_plugin()

CVE-2025-32354 HIGH

Zimbra Collaboration Suite 9.0-10.1 - Cross-Site Request Forgery via GraphQL Endpoint

CVE-2025-4088 MEDIUM

Firefox and Thunderbird < 138.0 - Cross-Site Request Forgery via Storage Access API Redirect

CVE-2025-3997 MEDIUM

dazhouda lecms 3.0.3 - Cross-Site Request Forgery via Personal Information Page

CVE-2025-3979 MEDIUM

lecms 3.0.3 - Cross-Site Request Forgery in Password Change Handler

CVE-2025-3964 MEDIUM

withstars Books-Management-System 1.0 - CSRF

CVE-2025-3959 MEDIUM

withstars Books-Management-System 1.0 - CSRF

CVE-2025-2907 CRITICAL

Order Delivery Date Pro for WooCommerce < 12.3.1 - Arbitrary Option Update

CVE-2025-3638 HIGH

Moodle < 4.1.18 - Cross-Site Request Forgery in Brickfield Tool Analysis Request

CVE-2025-3635 LOW

Moodle < 4.1.18 - Unauthenticated Cross-Site Request Forgery

CVE-2025-46547 MEDIUM

Sherpa Orchestrator 141851 - Cross-Site Request Forgery

CVE-2025-46530 HIGH

HuangYe WuDeng Hacklog Remote Attachment <1.3.2 - CSRF

CVE-2025-46528 HIGH

Steve Availability Calendar <0.2.4 - CSRF

CVE-2025-46524 HIGH

stesvis WP Filter Post Category <2.1.4 - CSRF

CVE-2025-46522 HIGH

Billy Bryant Tabs <= 4.0.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting

CVE-2025-46520 HIGH

alphasis Related Posts <1.0.1 - CSRF/XSS

CVE-2025-46516 HIGH

silencecm Twitter Card Generator <1.0.5 - CSRF

Previous Page 57 of 373 Next

Details

Vulnerabilities 9,322

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy