Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-352

CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,337 vulnerabilities with CWE-352

CVE-2025-2042 MEDIUM

huang-yk student-manage 1.0 - Cross-Site Request Forgery

CVE-2025-1383 MEDIUM

Podlove Podcast Publisher <= 4.2.2 - Cross-Site Request Forgery via ajax_transcript_delete()

CVE-2025-27624 MEDIUM

Jenkins < 2.492.2, 2.493-2.499 - Cross-Site Request Forgery

CVE-2025-1463 MEDIUM

WordPress Spreadsheet Integration <3.8.2 - CSRF

CVE-2025-1435 MEDIUM

bbPress <= 2.6.11 - Cross-Site Request Forgery via bbp_user_add_role_on_register()

CVE-2025-0990 MEDIUM

I Am Gloria WordPress <1.1.4 - CSRF

CVE-2025-27664 HIGH

Vasion Print < 20.0.1923 and Virtual Appliance < 22.0.843 - Cross-Site Request Forgery

CVE-2025-27402 MEDIUM

Tuleap < 16.3-11 and < 16.4.99.1740414959 - Cross-Site Request Forgery in Tracker Fields Administrative Operations

CVE-2025-1306 HIGH

Newscrunch <= 1.8.4 - Cross-Site Request Forgery via newscrunch_install_and_activate_plugin()

CVE-2025-1891 MEDIUM

shishuocms 1.1 - Cross-Site Request Forgery

CVE-2025-26206 CRITICAL

selldone storefront 1.0 - Cross-Site Request Forgery via index.html

CVE-2025-25967 HIGH

Acora CMS 10.1.1 - Cross-Site Request Forgery

CVE-2025-25137 MEDIUM

NotFound Social Links <1.0.11 - XSS

CVE-2025-25121 HIGH

Theme Options Z <= 1.4 - Cross-Site Request Forgery

CVE-2025-23502 HIGH

NotFound Curated Search <1.2 - CSRF

CVE-2025-23446 HIGH

NotFound WP SpaceContent <0.4.5 - CSRF

CVE-2025-27579 MEDIUM

Bitaxe ESP-Miner < 2.5.0 - Cross-Site Request Forgery via /api/system

CVE-2025-1813 MEDIUM

zframeworks zz < 2024-8 - Cross-Site Request Forgery

CVE-2025-25379 CRITICAL

07flycms 1.3.9 - Cross-Site Request Forgery via del.html id Parameter

CVE-2025-1506 MEDIUM

Wp Social Login and Register Social Counter <= 3.1.0 - Cross-Site Request Forgery via counter_access_key_setup()

CVE-2025-0801 MEDIUM

RateMyAgent Official <= 1.4.0 - Cross-Site Request Forgery via Settings Wizard

CVE-2025-1687 HIGH

Car Dealer Automotive WordPress Theme <= 1.6.4 - Cross-Site Request Forgery

CVE-2025-1745 MEDIUM

pb-cms 2.0 - Cross-Site Request Forgery in Logout

CVE-2025-26925 MEDIUM

Required Admin Menu Manager <1.0.4 - CSRF

CVE-2025-26963 MEDIUM

ClickWhale < 2.4.3 - Cross-Site Request Forgery to Settings Change

Previous Page 75 of 374 Next

Details

Vulnerabilities 9,337

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy