CWE-352— Cross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.— MITRE CWE catalog
8,852 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-352page 119 of 178
- CVE-2024-35772MEDIUMCVSS 4.3EG 4.32024-06-21
Cross-Site Request Forgery (CSRF) vulnerability in presscustomizr Hueman.This issue affects Hueman: from n/a through 3.7.24.
- CVE-2024-35773HIGHCVSS 7.1EG 7.12024-07-12
Cross-Site Request Forgery (CSRF) vulnerability in WPJohnny, zerOneIT Comment Reply Email allows Cross-Site Scripting (XSS).This issue affects Comment Reply Email: from n/a through 1.3.
- CVE-2024-3582MEDIUMCVSS 4.8EG 4.82024-05-14
The UnGallery WordPress plugin through 2.2.4 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack
- CVE-2024-3590MEDIUMCVSS 6.1EG 6.12024-05-14
The LetterPress WordPress plugin through 1.2.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks, such as delete arbitrary subscribers
- CVE-2024-3593HIGHCVSS 7.2EG 7.22024-06-22
The UberMenu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.3. This is due to missing or incorrect nonce validation on the ubermenu_delete_all_item_settings and ubermenu_reset_set…
- CVE-2024-36076HIGHCVSS 8.8EG 8.82024-05-19
Cross-Site WebSocket Hijacking in SysReptor from version 2024.28 to version 2024.30 causes attackers to escalate privileges and obtain sensitive information when a logged-in SysReptor user visits a malicious same-site subdomain in the same…
- CVE-2024-36255MEDIUMCVSS 5.7EG 5.72024-05-26
Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1 and 8.1.x <= 8.1.12 fail to perform proper input validation on post actions which allows an attacker to run a playbook checklist task command as another user via creating and sharing a dec…
- CVE-2024-3629LOWCVSS 2.4EG 2.42024-05-15
The HL Twitter WordPress plugin through 2014.1.18 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
- CVE-2024-3631MEDIUMCVSS 4.3EG 4.32024-05-15
The HL Twitter WordPress plugin through 2014.1.18 does not have CSRF check when unlinking twitter accounts, which could allow attackers to make logged in admins perform such actions via a CSRF attack
- CVE-2024-3632MEDIUMCVSS 6.8EG 6.82024-07-13
The Smart Image Gallery WordPress plugin before 1.0.19 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
- CVE-2024-3642MEDIUMCVSS 6.9EG 6.92024-05-16
The Newsletter Popup WordPress plugin through 1.2 does not have CSRF check when deleting subscriber, which could allow attackers to make logged in admins perform such action via a CSRF attack
- CVE-2024-3643HIGHCVSS 8.8EG 8.82024-05-16
The Newsletter Popup WordPress plugin through 1.2 does not have CSRF check when deleting list, which could allow attackers to make logged in admins perform such action via a CSRF attack
- CVE-2024-36452LOWCVSS 3.1EG 3.12024-07-10
Cross-site request forgery vulnerability exists in ajaxterm module of Webmin versions prior to 2.003. If this vulnerability is exploited, unintended operations may be performed when a user views a malicious page while logged in. As a resul…
- CVE-2024-36547HIGHCVSS 8.8EG 8.82024-06-04
idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/vpsClass_deal.php?mudi=add
- CVE-2024-36548HIGHCVSS 8.8EG 8.82024-06-04
idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/vpsCompany_deal.php?mudi=del
- CVE-2024-36549HIGHCVSS 8.8EG 8.82024-06-04
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/vpsCompany_deal.php?mudi=rev&nohrefStr=close
- CVE-2024-36550HIGHCVSS 8.8EG 8.82024-06-04
idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/vpsCompany_deal.php?mudi=add&nohrefStr=close
- CVE-2024-36667HIGHCVSS 8.8EG 8.82024-06-05
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/idcProType_deal.php?mudi=add&nohrefStr=close
- CVE-2024-36668HIGHCVSS 8.8EG 8.82024-06-05
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/type_deal.php?mudi=del
- CVE-2024-36669HIGHCVSS 8.8EG 8.82024-06-05
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/type_deal.php?mudi=add.
- CVE-2024-36670HIGHCVSS 8.8EG 8.82024-06-05
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/vpsClass_deal.php?mudi=del
- CVE-2024-37093MEDIUMCVSS 4.3EG 4.32025-01-02
Cross-Site Request Forgery (CSRF) vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Cross Site Request Forgery.This issue affects MasterStudy LMS: from n/a through <= 3.2.1.
- CVE-2024-37102MEDIUMCVSS 4.3EG 4.32025-01-02
Cross-Site Request Forgery (CSRF) vulnerability in blossomthemes Vilva vilva allows Cross Site Request Forgery.This issue affects Vilva: from n/a through <= 1.2.2.
- CVE-2024-37103MEDIUMCVSS 4.3EG 4.32025-01-02
Cross-Site Request Forgery (CSRF) vulnerability in raratheme Education Zone education-zone allows Cross Site Request Forgery.This issue affects Education Zone: from n/a through <= 1.3.4.
- CVE-2024-37104MEDIUMCVSS 4.3EG 4.32025-01-02
Cross-Site Request Forgery (CSRF) vulnerability in raratheme Chic Lite chic-lite allows Cross Site Request Forgery.This issue affects Chic Lite: from n/a through <= 1.1.3.
- CVE-2024-37118MEDIUMCVSS 5.4EG 5.42024-06-21
Cross Site Request Forgery (CSRF) vulnerability in Uncanny Owl Uncanny Automator Pro.This issue affects Uncanny Automator Pro: from n/a through 5.3.
- CVE-2024-37198MEDIUMCVSS 4.3EG 4.32024-06-21
Cross-Site Request Forgery (CSRF) vulnerability in blazethemes Digital Newspaper.This issue affects Digital Newspaper: from n/a through 1.1.5.
- CVE-2024-37212HIGHCVSS 8.3EG 8.32024-06-21
Cross-Site Request Forgery (CSRF) vulnerability in Ali2Woo Ali2Woo Lite.This issue affects Ali2Woo Lite: from n/a through 3.3.5.
- CVE-2024-37213HIGHCVSS 7.1EG 7.12024-07-12
Cross-Site Request Forgery (CSRF) vulnerability in guru-aliexpress AliNext ali2woo-lite allows Cross Site Request Forgery.This issue affects AliNext: from n/a through <= 3.4.6.
- CVE-2024-37227MEDIUMCVSS 4.3EG 4.32024-06-21
Cross Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a through 4.9.7.
- CVE-2024-37230MEDIUMCVSS 4.3EG 4.32024-06-21
Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Book Landing Page.This issue affects Book Landing Page: from n/a through 1.2.3.
- CVE-2024-37235MEDIUMCVSS 4.3EG 4.32025-01-02
Cross-Site Request Forgery (CSRF) vulnerability in Adrian Tobey Groundhogg groundhogg allows Cross Site Request Forgery.This issue affects Groundhogg: from n/a through <= 3.4.2.3.
- CVE-2024-37236MEDIUMCVSS 4.3EG 4.32025-01-02
Cross-Site Request Forgery (CSRF) vulnerability in Tim W Loco Translate loco-translate allows Cross Site Request Forgery.This issue affects Loco Translate: from n/a through <= 2.6.9.
- CVE-2024-37237MEDIUMCVSS 4.3EG 4.32025-01-02
Cross-Site Request Forgery (CSRF) vulnerability in fs-code FS Poster fs-poster allows Cross Site Request Forgery.This issue affects FS Poster: from n/a through <= 6.5.8.
- CVE-2024-37238MEDIUMCVSS 4.3EG 4.32025-01-02
Cross-Site Request Forgery (CSRF) vulnerability in Greg Winiarski WPAdverts wpadverts allows Cross Site Request Forgery.This issue affects WPAdverts: from n/a through <= 2.1.2.
- CVE-2024-37240MEDIUMCVSS 4.3EG 4.32025-01-02
Cross-Site Request Forgery (CSRF) vulnerability in sbouey Falang multilanguage falang allows Cross Site Request Forgery.This issue affects Falang multilanguage: from n/a through <= 1.3.51.
- CVE-2024-37241MEDIUMCVSS 4.3EG 4.32025-01-02
Cross-Site Request Forgery (CSRF) vulnerability in Automattic WP Job Manager - Resume Manager allows Cross Site Request Forgery.This issue affects WP Job Manager - Resume Manager: from n/a through 2.1.0.
- CVE-2024-37242MEDIUMCVSS 4.3EG 4.32025-01-02
Cross-Site Request Forgery (CSRF) vulnerability in Automattic Newspack Newsletters newspack-newsletters allows Cross Site Request Forgery.This issue affects Newspack Newsletters: from n/a through <= 2.13.2.
- CVE-2024-37243MEDIUMCVSS 4.3EG 4.32025-01-02
Cross-Site Request Forgery (CSRF) vulnerability in blossomthemes Vandana Lite vandana-lite allows Cross Site Request Forgery.This issue affects Vandana Lite: from n/a through <= 1.1.9.
- CVE-2024-37251MEDIUMCVSS 4.3EG 4.32024-12-16
Cross-Site Request Forgery (CSRF) vulnerability in WPENGINE, INC. Advanced Custom Fields PRO.This issue affects Advanced Custom Fields PRO: from n/a before 6.3.2.
- CVE-2024-37272MEDIUMCVSS 4.3EG 4.32025-01-02
Cross-Site Request Forgery (CSRF) vulnerability in wptravelengine Travel Monster travel-monster allows Cross Site Request Forgery.This issue affects Travel Monster: from n/a through <= 1.1.2.
- CVE-2024-37274MEDIUMCVSS 4.3EG 4.32025-01-02
Cross-Site Request Forgery (CSRF) vulnerability in Rui Guerreiro WP Mobile Menu mobile-menu allows Cross Site Request Forgery.This issue affects WP Mobile Menu: from n/a through <= 2.8.4.3.
- CVE-2024-37306HIGHCVSS 7.1EG 7.12024-06-13
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Starting in version 2.2.0 and prior to version 2.14.3, if an attacker can trick a logged-in CVAT user into visiting a malicious U…
- CVE-2024-37412MEDIUMCVSS 4.3EG 4.32025-01-02
Cross-Site Request Forgery (CSRF) vulnerability in blossomthemes Blossom Shop blossom-shop allows Cross Site Request Forgery.This issue affects Blossom Shop: from n/a through <= 1.1.7.
- CVE-2024-37413MEDIUMCVSS 4.3EG 4.32025-01-02
Cross-Site Request Forgery (CSRF) vulnerability in raratheme Preschool and Kindergarten preschool-and-kindergarten allows Cross Site Request Forgery.This issue affects Preschool and Kindergarten: from n/a through <= 1.2.1.
- CVE-2024-37417MEDIUMCVSS 4.3EG 4.32025-01-02
Cross-Site Request Forgery (CSRF) vulnerability in wpcoachify Coachify coachify allows Cross Site Request Forgery.This issue affects Coachify: from n/a through <= 1.0.7.
- CVE-2024-37421MEDIUMCVSS 4.3EG 4.32025-01-02
Cross-Site Request Forgery (CSRF) vulnerability in raratheme JobScout jobscout allows Cross Site Request Forgery.This issue affects JobScout: from n/a through <= 1.1.4.
- CVE-2024-37426MEDIUMCVSS 4.3EG 4.32025-01-02
Cross-Site Request Forgery (CSRF) vulnerability in raratheme Elegant Pink elegant-pink allows Cross Site Request Forgery.This issue affects Elegant Pink: from n/a through <= 1.3.0.
- CVE-2024-37431MEDIUMCVSS 4.3EG 4.32025-01-02
Cross-Site Request Forgery (CSRF) vulnerability in extendthemes Mesmerize mesmerize allows Cross Site Request Forgery.This issue affects Mesmerize: from n/a through <= 1.6.120.
- CVE-2024-37435MEDIUMCVSS 4.3EG 4.32025-01-02
Cross-Site Request Forgery (CSRF) vulnerability in raratheme Perfect Portfolio perfect-portfolio allows Cross Site Request Forgery.This issue affects Perfect Portfolio: from n/a through <= 1.2.0.
Map vulnerabilities like CWE-352 to your infrastructure
EchelonGraph correlates every CVE — across CWE-352 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →