Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-352

CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,337 vulnerabilities with CWE-352

CVE-2025-24698 MEDIUM

Essential Real Estate <= 5.1.8 - Cross-Site Request Forgery

CVE-2025-24696 MEDIUM

WP Attire Attire Blocks <1.9.7 - CSRF

CVE-2025-24647 MEDIUM

datafeedr.com WooCommerce Cloak Affiliate Links - CSRF

CVE-2025-24636 HIGH

MachForm Shortcode <1.4.1 - CSRF/XSS

CVE-2025-24623 MEDIUM

Really Simple Security Really Simple SSL <9.1.4 - CSRF

CVE-2025-24622 MEDIUM

PickPlugins Job Board Manager - CSRF

CVE-2025-24572 MEDIUM

Epsiloncool WP Fast Total Search - CSRF

CVE-2025-24568 MEDIUM

Brainstorm Force Starter Templates <4.4.9 - CSRF

CVE-2025-24562 HIGH

Optimal Access Inc. KBucket <4.1.6 - CSRF

CVE-2025-24561 HIGH

ReviewsTap <= 1.1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

CVE-2025-24555 HIGH

Subscription DNA <= 2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

CVE-2025-24546 MEDIUM

RSTheme Ultimate Coming Soon & Maintenance <= 1.0.9 - Cross-Site Request Forgery

CVE-2025-24543 MEDIUM

RSTheme Ultimate Coming Soon & Maintenance <= 1.0.9 - Cross-Site Request Forgery

CVE-2025-22768 HIGH

Qwerty23 Rocket Media Library Mime Type <2.1.0 - CSRF/XSS

CVE-2025-24402 MEDIUM

Jenkins Azure Service Fabric Plugin < 1.6 - Cross-Site Request Forgery

CVE-2025-24398 HIGH

Jenkins Bitbucket Server Integration Plugin 2.1.0-4.1.3 - Cross-Site Request Forgery Protection Bypass

CVE-2025-23806 HIGH

ThemeFarmer Ultimate Subscribe - CSRF

CVE-2025-23803 HIGH

Snippy <= 1.4.1 - Cross-Site Request Forgery to Reflected Cross-Site Scripting

CVE-2025-21550 MEDIUM

Oracle Financial Services Behavior Detection Platform 8.0.8.1, 8.1.2.7, 8.1.2.8 - Cross-Site Request Forgery

CVE-2025-21538 MEDIUM

Oracle JD Edwards EnterpriseOne Tools < 9.2.9.2 - Unauthenticated Cross-Site Request Forgery

CVE-2025-21528 MEDIUM

Oracle Primavera P6 EPM 20.12.1.0-23.12.10.0 - Unauthenticated CSRF

CVE-2025-21526 MEDIUM

Oracle Primavera P6 EPM 20.12.1.0-23.12.10.0 - Cross-Site Request Forgery

CVE-2025-21513 MEDIUM

Oracle JD Edwards EnterpriseOne Tools < 9.2.9.0 - Unauthenticated Cross-Site Request Forgery

CVE-2025-21507 MEDIUM

Oracle JD Edwards EnterpriseOne Tools < 9.2.9.0 - Cross-Site Request Forgery in Web Runtime SEC

CVE-2025-21489 MEDIUM

Oracle E-Business Suite 12.2.3-12.2.10 - Unauthenticated Cross-Site Request Forgery in Region Mapping

Previous Page 81 of 374 Next

Details

Vulnerabilities 9,337

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy