CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,322 vulnerabilities with CWE-352
CVE-2025-32661 HIGH
WP Map Plugins Interactive US Map <2.7 - CSRF
CVSS 7.1
CVE-2025-32659 HIGH
FraudLabs Pro for WooCommerce <2.22.7 - CSRF
CVSS 7.1
CVE-2025-32645 HIGH
Hiren Patel Custom Posts Order <4.4 - CSRF
CVSS 7.1
CVE-2025-32644 HIGH
IP2Location World Clock <1.1.9 - CSRF
CVSS 7.1
CVE-2025-32642 CRITICAL
Vite Coupon <= 1.0.9 - Cross-Site Request Forgery to Remote Code Execution
CVSS 10.0
CVE-2025-32641 CRITICAL
Anant Addons for Elementor <1.1.5 - CSRF
CVSS 9.6
CVE-2025-32623 HIGH
Plainware PlainInventory <3.1.9 - CSRF
CVSS 7.1
CVE-2025-32621 HIGH
Vsourz Digital WP Map Route Planner - CSRF
CVSS 7.1
CVE-2025-32619 HIGH
KeyCAPTCHA <= 2.5.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
CVSS 7.1
CVE-2025-32617 HIGH
Ydesignservices Multiple Location Google Map - XSS
CVSS 7.1
CVE-2025-32616 HIGH
Nimbata Call Tracking <= 1.7.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting
CVSS 7.1
CVE-2025-32612 HIGH
Rafasashi User Session Synchronizer <1.4.0 - CSRF
CVSS 7.1
CVE-2025-32610 HIGH
Foliopress WYSIWYG <= 2.6.18 - Cross-Site Request Forgery
CVSS 7.1
CVE-2025-32597 HIGH
George Sexton WordPress Events Calendar Plugin - connectDaily <1.4....
CVSS 7.1
CVE-2025-32591 HIGH
Kevon Adonis WP Abstracts <2.7.4 - CSRF
CVSS 7.1
CVE-2025-32584 HIGH
Chat2 <= 4.0 - Cross-Site Request Forgery
CVSS 7.1
CVE-2025-32576 CRITICAL
Agence web Eoxia - Montpellier WP shop <2.6.0 - CSRF
CVSS 9.6
CVE-2025-32575 HIGH
WP w3all phpBB <= 2.9.9 - Cross-Site Request Forgery to Reflected Cross-Site Scripting
CVSS 7.1
CVE-2025-32563 HIGH
WP Calais Auto Tagger <= 2.0 - Cross-Site Request Forgery
CVSS 7.1
CVE-2025-32559 HIGH
REVE Chat <= 6.4.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting
CVSS 7.1
CVE-2025-32556 HIGH
Simple Post Meta Manager <1.0.9 - CSRF/XSS
CVSS 7.1
CVE-2025-32555 HIGH
SEO, Nutrition and Print for Recipes by Edamam <= 3.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting
CVSS 7.1
CVE-2025-32547 HIGH
gtlwpdev All push notification for WP <1.5.3 - CSRF
CVSS 8.2
CVE-2025-32518 HIGH
ALD Login Page <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
CVSS 7.1
CVE-2025-32505 HIGH
SCAND MultiMailer -n/a-1.0.3 - CSRF
CVSS 7.1
Details
Vulnerabilities 9,322
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits