CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,302 vulnerabilities with CWE-352
CVE-2026-1924 MEDIUM
Aruba HiSpeed Cache <= 3.0.4 - Cross-Site Request Forgery to Plugin Settings Reset
CVSS 4.3
CVE-2026-5918 MEDIUM
Google Chrome <147.0.7727.55 - Info Disclosure
CVSS 4.3
CVE-2026-34721 MEDIUM
Zammad has Cross-site request forgery (CSRF) in OAuth callback endpoints
CVSS 6.5
CVE-2026-0811 MEDIUM
Advanced CF7 DB <= 2.0.9 - Cross-Site Request Forgery to Form Entry Deletion
CVSS 5.4
CVE-2026-1673 MEDIUM
BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net <= 1.1.5 - Cross-Site Request Forgery to Taxonomy Term Deletion
CVSS 4.3
CVE-2026-1672 MEDIUM
BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net <= 1.1.5 - Cross-Site Request Forgery to Product Data Modification
CVSS 6.5
CVE-2026-39710 MEDIUM
WordPress RT-Theme 18 | Extensions plugin <= 2.5 - Cross Site Request Forgery (CSRF) vulnerability
CVSS 5.4
CVE-2026-39671 HIGH
WordPress Extra Fees Plugin for WooCommerce plugin <= 4.3.3 - Cross Site Request Forgery (CSRF) vulnerability
CVSS 7.1
CVE-2026-39641 MEDIUM
WordPress Blackfyre theme <= 2.5.4 - Cross Site Request Forgery (CSRF) vulnerability
CVSS 6.5
CVE-2026-39640 CRITICAL
WordPress Theme Editor plugin <= 3.2 - Cross Site Request Forgery (CSRF) to Remote Code Execution vulnerability
CVSS 9.6
CVE-2026-39635 MEDIUM
WordPress Grand Magazine theme <= 3.5.5 - Cross Site Request Forgery (CSRF) vulnerability
CVSS 5.4
CVE-2026-39634 MEDIUM
WordPress Grand Portfolio theme <= 3.3 - Cross Site Request Forgery (CSRF) vulnerability
CVSS 5.4
CVE-2026-39633 MEDIUM
WordPress Grand Car Rental theme <= 3.6.9 - Cross Site Request Forgery (CSRF) vulnerability
CVSS 6.5
CVE-2026-39632 MEDIUM
WordPress Grand Blog theme <= 3.1 - Cross Site Request Forgery (CSRF) vulnerability
CVSS 6.5
CVE-2026-39621 HIGH
WordPress SpicePress theme <= 2.3.2.5 - CSRF to Arbitrary Plugin Installation vulnerability
CVSS 8.8
CVE-2026-39620 CRITICAL
WordPress Appointment theme <= 3.5.5 - Cross Site Request Forgery (CSRF) to Arbitrary File Upload vulnerability
CVSS 9.6
CVE-2026-39619 CRITICAL
WordPress Busiprof theme <= 2.5.2 - Cross Site Request Forgery (CSRF) to Arbitrary File Upload vulnerability
CVSS 9.6
CVE-2026-39618 MEDIUM
WordPress NewsExo theme <= 7.1 - Cross Site Request Forgery (CSRF) vulnerability
CVSS 4.3
CVE-2026-39617 CRITICAL
WordPress Bluestreet theme <= 1.7.3 - Cross Site Request Forgery (CSRF) to Arbitrary Plugin Installation vulnerability
CVSS 9.6
CVE-2026-39603 MEDIUM
WordPress Grand Photography theme <= 5.7.8 - Cross Site Request Forgery (CSRF) vulnerability
CVSS 5.4
CVE-2026-4141 MEDIUM
Quran Translations <= 1.7 - Cross-Site Request Forgery to Playlist Settings Form
CVSS 4.3
CVE-2026-3499 HIGH
Product Feed PRO for WooCommerce by AdTribes – Product Feeds for WooCommerce 13.4.6 - 13.5.2.1 - Cross-Site Request Forgery to Multiple Administrative Actions
CVSS 8.8
CVE-2026-4401 MEDIUM
Download Monitor <= 5.1.10 - Cross-Site Request Forgery to Download Path Deletion and Disabling
CVSS 5.4
CVE-2026-39371 HIGH
RedwoodSDK <1.0.6 Server Function Dispatch - Cross-Site Request Forgery
CVSS 8.1
CVE-2026-34904 HIGH
WordPress Simple Social Media Share Buttons plugin <= 6.2.0 - Cross Site Request Forgery (CSRF) vulnerability
CVSS 7.5
Details
Vulnerabilities 9,302
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits