Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-352

CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,302 vulnerabilities with CWE-352

CVE-2026-4121 MEDIUM

Kcaptcha <= 1.0.1 - Cross-Site Request Forgery to Settings Update

CVE-2026-4118 MEDIUM

Call To Action Plugin <= 3.1.3 - Cross-Site Request Forgery via Settings Update

CVE-2026-4090 MEDIUM

Inquiry cart <= 3.4.2 - Cross-Site Request Forgery via Settings Form

CVE-2026-40929 MEDIUM

WWBN AVideo's missing CSRF protection in objects/commentDelete.json.php enables mass comment deletion against moderators and content creators

CVE-2026-40928 MEDIUM

AVideo: Missing CSRF Protection on State-Changing JSON Endpoints Enables Forced Comment Creation, Vote Manipulation, and Category Asset Deletion

CVE-2026-40926 HIGH

WWBN AVideo Vulnerable to CSRF in Admin JSON Endpoints (Category CRUD, Plugin Update Script)

CVE-2026-40925 HIGH

WWBN AVideo has CSRF in configurationUpdate.json.php Enables Full Site Configuration Takeover Including Encoder URL and SMTP Credentials

CVE-2026-40883 HIGH

goshs: CSRF in state-changing GET routes enables authenticated file deletion and directory creation

CVE-2026-41194 MEDIUM

FreeScout's Mailbox OAuth disconnect uses a state-changing GET and is CSRFable

CVE-2026-31014 MEDIUM

Dovestones Softwares AD Self Update <4.0.0.5 - CSRF

CVE-2026-6777 MEDIUM

Mozilla Firefox and Thunderbird 150 - DNS Component Input Validation Issue

CVE-2026-6755 MEDIUM

Mitigation bypass in the DOM: postMessage component

CVE-2026-6589 MEDIUM

ComfyUI server.py create_origin_only_middleware cross-site request forgery

CVE-2026-40948 MEDIUM

Apache Airflow: OAuth Login CSRF — Missing State Parameter in Keycloak Auth Manager

CVE-2026-40581 HIGH

ChurchCRM: Cross-Site Request Forgery (CSRF) in SelectDelete.php Leading to Permanent Data Deletion

CVE-2026-40458 MEDIUM

Cross-Site Request Forgery in PAC4J

CVE-2026-6451 MEDIUM

CMS für Motorrad Werkstätten <= 1.0.0 - Cross-Site Request Forgery

CVE-2026-1852 MEDIUM

Product Pricing Table by WooBeWoo <= 1.1.0 - Cross-Site Request Forgery to Stored XSS and Pricing Table Deletion

CVE-2026-40764 HIGH

WordPress Contact Form by WPForms plugin <= 1.10.0.2 - Cross Site Request Forgery (CSRF) vulnerability

CVE-2026-28741 MEDIUM

CSRF Protection Bypass Allows Updating a User's Authentication Method

CVE-2026-4091 MEDIUM

OPEN-BRAIN <= 0.5.0 - Cross-Site Request Forgery

CVE-2026-4002 MEDIUM

Petje.af <= 2.1.8 - Cross-Site Request Forgery to Account Deletion via 'petjeaf_disconnect' AJAX Action

CVE-2026-6293 MEDIUM

Inquiry form to posts or pages <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'inq_header' Parameter

CVE-2026-40041 MEDIUM

Pachno 1.0.6 Cross-Site Request Forgery via State-Changing Endpoints

CVE-2026-6109 MEDIUM

FoundationAgents MetaGPT Mineflayer HTTP API index.js evaluateCode cross-site request forgery

Previous Page 8 of 373 Next

Details

Vulnerabilities 9,302

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy