Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-352

CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,322 vulnerabilities with CWE-352

CVE-2025-39546 MEDIUM

quomodosoft ElementsReady Addons for Elementor <6.6.2 - CSRF

CVE-2025-39544 HIGH

WP Tools <= 5.18 - Cross-Site Request Forgery to Arbitrary File Deletion

CVE-2025-39530 HIGH

Site Search 360 <= 2.1.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting

CVE-2025-39517 MEDIUM

WP Map Plugins Basic Interactive World Map <2.7 - CSRF

CVE-2025-39512 MEDIUM

Yuya Hoshino Bulk Term Editor - CSRF

CVE-2025-3687 MEDIUM

misstt123 oasys 1.0 - Cross-Site Request Forgery in Sticky Notes Handler

CVE-2025-30967 CRITICAL

WPJobBoard < 5.11.1 - Cross-Site Request Forgery to Remote Code Execution

CVE-2025-26903 MEDIUM

RealMag777 InPost Gallery <2.1.4.3 - CSRF

CVE-2025-26748 HIGH

Arkhe <= 3.12.0 - Cross-Site Request Forgery to Local File Inclusion

CVE-2025-21576 MEDIUM

Oracle Commerce Platform 11.3.0-11.3.2 - Cross-Site Request Forgery in Dynamo Personalization Server

CVE-2025-24358 MEDIUM

gorilla/csrf < 1.7.2 - Cross-Site Request Forgery via Origin Header Validation Bypass

CVE-2025-30965 MEDIUM

WPJobBoard < 5.11.1 - Cross-Site Request Forgery

CVE-2025-27009 HIGH

wphocus My auctions allegro <3.6.20 - CSRF

CVE-2025-3561 MEDIUM

ghostxbh uzy-ssm-mall 1.0.0 - Cross-Site Request Forgery

CVE-2025-3557 MEDIUM

ScriptAndTools eCommerce-website-in-PHP 3.0 - Cross-Site Request Forgery

CVE-2025-2871 MEDIUM

WordPress Mega Menu - QuadMenu <3.2.0 - CSRF

CVE-2025-32282 MEDIUM

ShareThis Dashboard for Google Analytics <= 3.2.3 - Cross-Site Request Forgery

CVE-2025-26902 MEDIUM

Brizy Pro < 2.6.1 - Cross-Site Request Forgery

CVE-2025-3131 MEDIUM

Drupal ECA < 1.1.12, 2.0.0-2.0.15, 2.1.0-2.1.6 - Cross-Site Request Forgery

CVE-2025-32679 MEDIUM

ZealousWeb User Registration Using Contact Form 7 - CSRF

CVE-2025-32678 MEDIUM

WP Show Stats <= 1.5 - Cross-Site Request Forgery

CVE-2025-32673 HIGH

Epeken All Kurir <= 2.0.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting

CVE-2025-32669 HIGH

Mergado Pack <= 4.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

CVE-2025-32667 HIGH

fromdoppler Doppler Forms <2.4.5 - CSRF

CVE-2025-32664 HIGH

Nepali Date Utilities <1.0.13 - CSRF

Previous Page 61 of 373 Next

Details

Vulnerabilities 9,322

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy