Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-352

CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,344 vulnerabilities with CWE-352

CVE-2024-13560 MEDIUM

PayPal WordPress Plugin <1.1.6 - CSRF

CVE-2024-13494 MEDIUM

WordPress File Upload <4.25.2 - CSRF

CVE-2024-13883 MEDIUM

WPUpper Share Buttons <= 3.51 - Cross-Site Request Forgery via save_custom_css_request

CVE-2024-7141 MEDIUM

Gliffy Online < 4.14.0-7 - Cross-Site Request Forgery

CVE-2024-49779 MEDIUM

IBM OpenPages with Watson 8.3-9.0 - Auth Bypass

CVE-2024-13753 HIGH

Ultimate Classified Listings <= 1.5 - Cross-Site Request Forgery via Update Profile Function

CVE-2024-13339 MEDIUM

DeBounce Email Validator <5.6.6 - CSRF

CVE-2024-13336 MEDIUM

Disable Auto Updates < 1.4 - Cross-Site Request Forgery via Missing Nonce Validation

CVE-2024-13405 MEDIUM

Apptivo Business Site CRM <5.3 - CSRF

CVE-2024-13718 MEDIUM

Flexible Wishlist for WooCommerce < 1.2.27 - Cross-Site Request Forgery via Missing Nonce Validation

CVE-2024-13795 MEDIUM

Ecwid by Lightspeed Ecommerce Shopping Cart <= 6.12.27 - Cross-Site Request Forgery via ecwid_deactivate_feedback()

CVE-2024-13523 MEDIUM

MemorialDay WordPress <1.0.4 - CSRF

CVE-2024-13438 MEDIUM

SpeedSize Image & Video AI-Optimizer <1.5.2 - CSRF

CVE-2024-13315 HIGH

Shopwarden <= 1.0.11 - Cross-Site Request Forgery via Missing Nonce Validation

CVE-2024-13852 HIGH

Option Editor < 1.0 - Cross-Site Request Forgery via plugin_page() Function

CVE-2024-13684 HIGH

Reset < 1.6 - Cross-Site Request Forgery via reset_db_page() Function

CVE-2024-13555 MEDIUM

1 Click WordPress Migration Plugin < 2.2 - Cross-Site Request Forgery via cancel_actions() Function

CVE-2024-13522 MEDIUM

WordPress magayo Lottery Results <2.0.12 - CSRF

CVE-2024-10581 MEDIUM

DirectoryPress Frontend <= 2.7.9 - Cross-Site Request Forgery via dpfl_listingStatusChange()

CVE-2024-12386 HIGH

WP Abstracts <= 2.7.3 - Cross-Site Request Forgery via Missing Nonce Validation

CVE-2024-13437 MEDIUM

Book a Room < 2.9 - Cross-Site Request Forgery via Missing Nonce Validation

CVE-2024-9661 MEDIUM

WP All Import Pro <= 4.9.7 - Cross-Site Request Forgery via Missing Nonce Validation

CVE-2024-57523 MEDIUM

SourceCodester Packers and Movers Management System 1.0 - Cross-Site Request Forgery in Users.php

CVE-2024-57429 MEDIUM

PHPJabbers Cinema Booking System 2.0 - Cross-Site Request Forgery in pjActionUpdate

CVE-2024-49795 MEDIUM

IBM ApplinX 11.1 - Cross-Site Request Forgery

Previous Page 91 of 374 Next

Details

Vulnerabilities 9,344

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy