Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-352

CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,347 vulnerabilities with CWE-352

CVE-2024-56310 HIGH

REDCap < 14.9.6 - Cross-Site Request Forgery via Project Dashboards Name

CVE-2024-12771 HIGH

WordPress eCommerce Product Catalog Plugin <3.3.43 - CSRF

CVE-2024-11607 MEDIUM

GTPayment Donations < 1.0.0 - Cross-Site Request Forgery and Stored Cross-Site Scripting

CVE-2024-37758 HIGH

Digiteam v4.21.0.0 - Privilege Escalation

CVE-2024-11812 MEDIUM

Wtyczka SeoPilot dla WP <3.3.091 - CSRF

CVE-2024-44293 MEDIUM

macOS < 15.1 - Unprotected User Data Exposure via Log Entry

CVE-2024-56116 HIGH

amiro.cms < 7.8.4 - Cross-Site Request Forgery

CVE-2024-56140 MEDIUM

Astro < 4.16.17 - Cross-Site Request Forgery Bypass via Semicolon-Delimited Content-Type

CVE-2024-55089 MEDIUM

rhymix < 2.1.24 - Server-Side Request Forgery via XML External Entity Injection

CVE-2024-55088 HIGH

GetSimple CMS CE 3.3.19 - Server-Side Request Forgery in Backend Plugin Module

CVE-2024-12554 MEDIUM

Peter's Custom Anti-Spam <3.2.3 - CSRF

CVE-2024-12454 MEDIUM

Affiliate Program Suite - SliceWP Affiliates <= 1.1.23 - Cross-Site Request Forgery

CVE-2024-10892 MEDIUM

Cost Calculator Builder < 3.2.43 - Cross-Site Request Forgery in AJAX Actions

CVE-2024-12293 HIGH

WordPress User Role Editor <4.64.3 - CSRF

CVE-2024-12220 MEDIUM

SMS for WooCommerce <= 2.8.1 - Cross-Site Request Forgery via Missing Nonce Validation

CVE-2024-12219 MEDIUM

WordPress Stop Registration Spam <1.23 - CSRF

CVE-2024-56017 HIGH

Tom Royal Stop Registration Spam <1.23 - CSRF

CVE-2024-37774 HIGH

Sunbird DCIM dcTrack 9.1.2 - Authenticated Privilege Escalation via Cross-Site Request Forgery

CVE-2024-54357 MEDIUM

ThemeFusion Avada <= 7.11.10 - Cross-Site Request Forgery

CVE-2024-56015 HIGH

Tidy Up < 1.3 - Cross-Site Request Forgery to Reflected Cross-Site Scripting

CVE-2024-56012 CRITICAL

Pearlbells Flash News/Post <4.1 - CSRF, Privilege Escalation

CVE-2024-56005 MEDIUM

Posti Posti Shipping <3.10.3 - CSRF

CVE-2024-54440 HIGH

WP-Ban-User <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

CVE-2024-54439 HIGH

Amazon Product Price <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

CVE-2024-54438 HIGH

Gaxx Keywords <= 0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Previous Page 98 of 374 Next

Details

Vulnerabilities 9,347

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy