CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,337 vulnerabilities with CWE-352
CVE-2025-26549 HIGH
WP Html Page Sitemap <= 2.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting
CVSS 7.1
CVE-2025-26547 HIGH
My Login Logout Plugin <= 2.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting
CVSS 7.1
CVE-2025-26545 HIGH
shisuh Related Posts Line-up-Exactly - CSRF
CVSS 7.1
CVE-2025-26543 HIGH
Pukhraj Suthar Simple Responsive Menu <2.1 - CSRF
CVSS 7.1
CVE-2025-0808 MEDIUM
Houzez Property Feed <= 2.4.21 - Cross-Site Request Forgery via Delete Export Action
CVSS 4.3
CVE-2025-24900 HIGH
Concorde < 12.25Q1.1 - Cross-Site Request Forgery via MediaProxy Authentication Bypass
CVSS 8.6
CVE-2025-24897 HIGH
Misskey 12.109.0-2025.2.0 - Cross-Site Request Forgery via Bull Dashboard Authentication Cookies
CVSS 8.2
CVE-2025-24875 MEDIUM
SAP Commerce HY_COM 2205 and COM_CLOUD 2211 - Cross-Site Request Forgery via SameSite=None Cookie Configuration
CVSS 6.8
CVE-2025-25168 HIGH
BookPress - For Book Authors <1.2.7 - XSS
CVSS 7.1
CVE-2025-25166 HIGH
gabrieldarezzo InLocation <1.8 - CSRF
CVSS 7.1
CVE-2025-25160 HIGH
Mark Barnes Style Tweaker <0.11 - CSRF
CVSS 7.1
CVE-2025-25156 HIGH
Stanko Metodiev Quote Comments <2.2.1 - XSS
CVSS 7.1
CVE-2025-25154 HIGH
scweber Custom Comment Notifications <1.0.8 - CSRF/XSS
CVSS 7.1
CVE-2025-25153 HIGH
Simple Auto Tag <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
CVSS 7.1
CVE-2025-25152 HIGH
LukaszWiecek Smart DoFollow <1.0.2 - CSRF
CVSS 7.1
CVE-2025-25149 HIGH
Danillo Nunes Login-box <2.0.4 - CSRF
CVSS 7.1
CVE-2025-25148 HIGH
Read More Copy Link <= 1.0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting
CVSS 7.1
CVE-2025-25147 HIGH
Phillip.Gooch Auto SEO <2.5.6 - CSRF
CVSS 7.1
CVE-2025-25146 MEDIUM
Songkick Concerts & Festivals <0.9.7 - CSRF
CVSS 4.3
CVE-2025-25145 MEDIUM
Infusionsoft Analytics <= 2.0 - Cross-Site Request Forgery
CVSS 5.4
CVE-2025-25143 MEDIUM
GlobalQuran <= 1.0 - Cross-Site Request Forgery
CVSS 4.3
CVE-2025-25140 HIGH
Scriptonite Simple User Profile <1.9 - CSRF
CVSS 7.1
CVE-2025-25139 HIGH
WP Custom Post RSS Feed <1.0.0 - CSRF/XSS
CVSS 7.1
CVE-2025-25138 HIGH
Rishi On Page SEO + Whatsapp Chat Button - Stored XSS
CVSS 7.1
CVE-2025-25135 HIGH
Victor Barkalov Custom Links On Admin Dashboard Toolbar <3.3 - CSRF
CVSS 7.1
Details
Vulnerabilities 9,337
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits