CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,322 vulnerabilities with CWE-352
CVE-2025-46514 HIGH
Milat jQuery Automatic Popup <1.3.1 - CSRF
CVSS 7.1
CVE-2025-46513 MEDIUM
Codebangers All in One Time Clock Lite - CSRF
CVSS 4.3
CVE-2025-46512 HIGH
Shamim Hasan Custom Functions Plugin - CSRF
CVSS 7.1
CVE-2025-46510 HIGH
Contact Form 7 Calendar <3.0.1 - CSRF
CVSS 7.1
CVE-2025-46508 HIGH
kasonzhao Advanced lazy load <1.6.0 - CSRF/XSS
CVSS 7.1
CVE-2025-46507 HIGH
ldrumm Unsafe Mimetypes <0.1.4 - CSRF
CVSS 7.1
CVE-2025-46506 HIGH
WpZon - Amazon Affiliate Plugin <= 1.3 - Cross-Site Request Forgery to Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-46504 HIGH
Vasaio QR Code <= 1.2.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting
CVSS 7.1
CVE-2025-46498 MEDIUM
Zalo Official Live Chat <1.0.0 - CSRF
CVSS 5.4
CVE-2025-46497 HIGH
Navegg Navegg Analytics <3.3.3 - CSRF
CVSS 7.1
CVE-2025-46495 MEDIUM
Drop Caps <= 2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-46492 HIGH
Pham Thanh Call Now PHT Blog <2.4.1 - CSRF
CVSS 7.1
CVE-2025-46466 HIGH
FelixTZ Modern Polls -<1.0.10 - XSS
CVSS 7.1
CVE-2025-46465 HIGH
Print Science Designer - Stored XSS
CVSS 7.1
CVE-2025-46462 MEDIUM
WPVN <= 0.7.8 - Cross-Site Request Forgery
CVSS 4.3
CVE-2025-46457 HIGH
Wp Custom CMS Block <= 2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
CVSS 7.1
CVE-2025-46452 HIGH
Olav Kolbu Google News <2.5.1 - CSRF
CVSS 7.1
CVE-2025-46450 HIGH
occupancyplan <= 1.0.3.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
CVSS 7.1
CVE-2025-46442 HIGH
Casey Johnson Loan Calculator <1.3 - CSRF
CVSS 7.1
CVE-2025-46439 HIGH
Vladimir Prelovac Plugin Central <2.5.1 - CSRF/Path Traversal
CVSS 7.4
CVE-2025-46436 MEDIUM
SCSS-Library <= 0.4.1 - Cross-Site Request Forgery
CVSS 4.3
CVE-2025-46435 HIGH
Yash Binani Time Based Greeting <2.2.2 - CSRF
CVSS 7.1
CVE-2025-39381 HIGH
KiotViet Sync <= 1.8.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting
CVSS 7.1
CVE-2025-3907 MEDIUM
Drupal Search API Solr <4.3.9 - CSRF
CVSS 4.3
CVE-2025-31328 MEDIUM
SAP S/4 HANA Learning Solution - Cross-Site Request Forgery via GET-based OData Function
CVSS 4.6
Details
Vulnerabilities 9,322
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits