Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-352

CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,336 vulnerabilities with CWE-352

CVE-2025-28876 MEDIUM

Skrill Official <= 1.0.66 - Cross-Site Request Forgery

CVE-2025-28868 MEDIUM

ZipList Recipe <= 3.1 - Cross-Site Request Forgery

CVE-2025-28867 MEDIUM

stesvis Frontpage category filter <= 1.0.2 - Cross-Site Request Forgery

CVE-2025-28866 MEDIUM

smerriman Login Logger <= 1.2.1 - Cross-Site Request Forgery

CVE-2025-28864 MEDIUM

Builder for Contact Form 7 by Webconstruct <= 1.2.2 - Cross-Site Request Forgery

CVE-2025-28863 MEDIUM

Delete Original Image < 0.4 - Cross-Site Request Forgery

CVE-2025-28862 MEDIUM

Venugopal Comment Date and Gravatar remover <= 1.0 - Cross-Site Request Forgery

CVE-2025-28861 HIGH

bhzad WP jQuery Persian Datepicker <= 0.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

CVE-2025-28860 HIGH

Google News Editors Picks Feed Generator <= 2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

CVE-2025-28859 MEDIUM

CodeVibrant Maintenance Notice <= 1.0.6 - Cross-Site Request Forgery

CVE-2025-28857 HIGH

rankchecker Rankchecker.io Integration <= 1.0.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting

CVE-2025-28856 MEDIUM

w3counter < 4.1 - Cross-Site Request Forgery

CVE-2025-25928 HIGH

OpenMRS 2.4.3 - Cross-Site Request Forgery in User Form Endpoint

CVE-2025-25927 MEDIUM

OpenMRS 2.4.3 Build 0ff0ed - Cross-Site Request Forgery via GET Request

CVE-2025-25748 HIGH

HotelDruid 3.0.7 - Cross-Site Request Forgery in gestione_utenti.php

CVE-2025-27912 HIGH

Datalust Seq < 2024.3.13545 - Cross-Site Request Forgery via Missing Content-Type Validation

CVE-2025-27910 HIGH

tianti v2.3 - Cross-Site Request Forgery via /user/ajax/upd/status

CVE-2025-25907 HIGH

tianti v2.3 - Cross-Site Request Forgery via /user/ajax/save

CVE-2025-26910 HIGH

Iqonic Design WPBookit <= 1.0.1 - Cross-Site Request Forgery

CVE-2025-24387 MEDIUM

OTRS 7.0.0-2025.1.1 - Session Hijacking via Sensitive Cookie with Missing SameSite Attribute

CVE-2025-1926 MEDIUM

Page Builder: Pagelayer < 1.9.8 - Cross-Site Request Forgery via pagelayer_save_post Function

CVE-2025-1382 MEDIUM

Contact Us By Lord Linus < 2.6 - Cross-Site Request Forgery and Stored Cross-Site Scripting

CVE-2025-1362 MEDIUM

URL Shortener | Conversion Tracking | AB Testing | WooCommerce < 9.0.2 - Cross-Site Request Forgery in Bulk Actions

CVE-2025-0748 MEDIUM

Homey < 2.4.3 - Cross-Site Request Forgery via homey_verify_user_manually Function

CVE-2025-2042 MEDIUM

huang-yk student-manage 1.0 - Cross-Site Request Forgery

Previous Page 74 of 374 Next

Details

Vulnerabilities 9,336

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy