CWE-352— Cross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.— MITRE CWE catalog
8,853 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-352page 120 of 178
- CVE-2024-37438MEDIUMCVSS 5.4EG 5.42025-01-02
Cross-Site Request Forgery (CSRF) vulnerability in Uncanny Owl Uncanny Toolkit Pro for LearnDash allows Cross Site Request Forgery.This issue affects Uncanny Toolkit Pro for LearnDash: from n/a before 4.1.4.1.
- CVE-2024-37441MEDIUMCVSS 4.3EG 4.32025-01-02
Cross-Site Request Forgery (CSRF) vulnerability in desertthemes NewsMash newsmash allows Cross Site Request Forgery.This issue affects NewsMash: from n/a through <= 1.0.34.
- CVE-2024-37448MEDIUMCVSS 4.3EG 4.32025-01-02
Cross-Site Request Forgery (CSRF) vulnerability in famethemes OnePress onepress allows Cross Site Request Forgery.This issue affects OnePress: from n/a through <= 2.3.6.
- CVE-2024-37450MEDIUMCVSS 4.3EG 4.32025-01-02
Cross-Site Request Forgery (CSRF) vulnerability in raratheme Benevolent benevolent allows Cross Site Request Forgery.This issue affects Benevolent: from n/a through <= 1.3.4.
- CVE-2024-37451MEDIUMCVSS 4.3EG 4.32025-01-02
Cross-Site Request Forgery (CSRF) vulnerability in raratheme Travel Agency travel-agency allows Cross Site Request Forgery.This issue affects Travel Agency: from n/a through <= 1.4.9.
- CVE-2024-37452MEDIUMCVSS 4.3EG 4.32025-01-02
Cross-Site Request Forgery (CSRF) vulnerability in MyThemeShop Schema Lite allows Cross Site Request Forgery.This issue affects Schema Lite: from n/a through 1.2.2.
- CVE-2024-37458MEDIUMCVSS 4.3EG 4.32025-01-02
Cross-Site Request Forgery (CSRF) vulnerability in extendthemes Highlight highlight allows Cross Site Request Forgery.This issue affects Highlight: from n/a through <= 1.0.29.
- CVE-2024-37467MEDIUMCVSS 4.3EG 4.32025-01-02
Cross-Site Request Forgery (CSRF) vulnerability in themeisle Hestia hestia allows Cross Site Request Forgery.This issue affects Hestia: from n/a through <= 3.1.2.
- CVE-2024-37469MEDIUMCVSS 5.4EG 5.42025-01-02
Cross-Site Request Forgery (CSRF) vulnerability in creativethemeshq Blocksy blocksy allows Cross Site Request Forgery.This issue affects Blocksy: from n/a through <= 2.0.22.
- CVE-2024-37473MEDIUMCVSS 4.3EG 4.32025-01-02
Cross-Site Request Forgery (CSRF) vulnerability in blazethemes Trendy News trendy-news allows Cross Site Request Forgery.This issue affects Trendy News: from n/a through <= 1.0.15.
- CVE-2024-37478MEDIUMCVSS 4.3EG 4.32025-01-02
Cross-Site Request Forgery (CSRF) vulnerability in wproyal Ashe ashe allows Cross Site Request Forgery.This issue affects Ashe: from n/a through <= 2.233.
- CVE-2024-37490MEDIUMCVSS 4.3EG 4.32025-01-02
Cross-Site Request Forgery (CSRF) vulnerability in wproyal Bard bard allows Cross Site Request Forgery.This issue affects Bard: from n/a through <= 2.210.
- CVE-2024-37491MEDIUMCVSS 4.3EG 4.32025-01-02
Cross-Site Request Forgery (CSRF) vulnerability in apollo13themes Rife Free rife-free allows Cross Site Request Forgery.This issue affects Rife Free: from n/a through <= 2.4.18.
- CVE-2024-37493MEDIUMCVSS 4.3EG 4.32025-01-02
Cross-Site Request Forgery (CSRF) vulnerability in sonalsinha21 Posterity posterity allows Cross Site Request Forgery.This issue affects Posterity: from n/a through <= 3.3.
- CVE-2024-37503MEDIUMCVSS 4.3EG 4.32025-01-02
Cross-Site Request Forgery (CSRF) vulnerability in raratheme Lawyer Landing Page lawyer-landing-page allows Cross Site Request Forgery.This issue affects Lawyer Landing Page: from n/a through <= 1.2.4.
- CVE-2024-37508MEDIUMCVSS 4.3EG 4.32025-01-02
Cross-Site Request Forgery (CSRF) vulnerability in raratheme Construction Landing Page construction-landing-page allows Cross Site Request Forgery.This issue affects Construction Landing Page: from n/a through <= 1.3.5.
- CVE-2024-37511MEDIUMCVSS 4.3EG 4.32025-01-02
Cross-Site Request Forgery (CSRF) vulnerability in swte Swift Performance Lite swift-performance-lite allows Cross Site Request Forgery.This issue affects Swift Performance Lite: from n/a through <= 2.3.6.20.
- CVE-2024-37518MEDIUMCVSS 4.3EG 4.32025-01-02
Cross-Site Request Forgery (CSRF) vulnerability in StellarWP The Events Calendar the-events-calendar allows Cross Site Request Forgery.This issue affects The Events Calendar: from n/a through <= 6.5.1.4.
- CVE-2024-37540MEDIUMCVSS 4.3EG 4.32025-01-02
Cross-Site Request Forgery (CSRF) vulnerability in ZEEN101 Leaky Paywall leaky-paywall allows Cross Site Request Forgery.This issue affects Leaky Paywall: from n/a through <= 4.21.2.
- CVE-2024-37543MEDIUMCVSS 4.3EG 4.32025-01-02
Cross-Site Request Forgery (CSRF) vulnerability in Nitesh Ultimate Auction ultimate-auction allows Cross Site Request Forgery.This issue affects Ultimate Auction : from n/a through <= 4.2.5.
- CVE-2024-3756HIGHCVSS 7.5EG 7.52024-05-06
The MF Gig Calendar WordPress plugin through 1.2.1 does not have CSRF checks in some places, which could allow attackers to make logged in Contributors and above delete arbitrary events via a CSRF attack
- CVE-2024-37758HIGHCVSS 8.8EG 8.82024-12-20
Improper access control in the endpoint /RoleMenuMapping/AddRoleMenu of Digiteam v4.21.0.0 allows authenticated attackers to escalate privileges.
- CVE-2024-37774HIGHCVSS 8.0EG 8.02024-12-16
A Cross-Site Request Forgery (CSRF) in Sunbird DCIM dcTrack v9.1.2 allows authenticated attackers to escalate their privileges by forcing an Administrator user to perform sensitive requests in some admin screens.
- CVE-2024-3782HIGHCVSS 8.8EG 8.82024-04-15
Cross-Site Request Forgery vulnerability in WBSAirback 21.02.04, which could allow an attacker to create a manipulated HTML form to perform privileged actions once it is executed by a privileged user.
- CVE-2024-37923MEDIUMCVSS 5.4EG 5.42024-07-09
Cross-Site Request Forgery (CSRF) vulnerability in cliengo Cliengo – Chatbot cliengo allows Cross Site Request Forgery.This issue affects Cliengo – Chatbot: from n/a through <= 3.0.4.
- CVE-2024-37925MEDIUMCVSS 5.4EG 5.42025-01-02
Cross-Site Request Forgery (CSRF) vulnerability in BUDDYBOSS LLC BuddyBoss Theme allows Cross Site Request Forgery.This issue affects BuddyBoss Theme: from n/a through 2.4.61.
- CVE-2024-37931MEDIUMCVSS 4.3EG 4.32025-01-02
Cross-Site Request Forgery (CSRF) vulnerability in Creativthemes Point allows Cross Site Request Forgery.This issue affects Point: from n/a through 1.1.
- CVE-2024-37937MEDIUMCVSS 4.3EG 4.32025-01-02
Cross-Site Request Forgery (CSRF) vulnerability in raratheme Rara Business rara-business allows Cross Site Request Forgery.This issue affects Rara Business: from n/a through <= 1.2.5.
- CVE-2024-37938MEDIUMCVSS 4.3EG 4.32024-07-12
Cross-Site Request Forgery (CSRF) vulnerability in MyThemeShop SociallyViral.This issue affects SociallyViral: from n/a through 1.0.10.
- CVE-2024-37939MEDIUMCVSS 4.3EG 4.32024-07-12
Cross-Site Request Forgery (CSRF) vulnerability in VolThemes Patricia Lite.This issue affects Patricia Lite: from n/a through 1.2.3.
- CVE-2024-37940HIGHCVSS 7.4EG 7.42024-07-12
Cross-Site Request Forgery (CSRF) vulnerability in Seraphinite Solutions Seraphinite Accelerator (Full, premium).This issue affects Seraphinite Accelerator (Full, premium): from n/a through 2.21.13.
- CVE-2024-37941MEDIUMCVSS 4.3EG 4.32024-07-12
Cross-Site Request Forgery (CSRF) vulnerability in Internal Link Juicer Internal Link Juicer: SEO Auto Linker for WordPress.This issue affects Internal Link Juicer: SEO Auto Linker for WordPress: from n/a through 2.24.3.
- CVE-2024-3798HIGHCVSS 8.7EG 8.72024-07-10
Insecure handling of GET header parameter file included in requests being sent to an instance of the open-source project Phoniebox allows an attacker to create a website, which – when visited by a user – will send malicious request…
- CVE-2024-3823LOWCVSS 2.4EG 2.42024-05-15
The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via…
- CVE-2024-3824MEDIUMCVSS 5.5EG 5.52024-05-15
The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack
- CVE-2024-3825MEDIUMCVSS 4.3EG 4.32024-04-17
Versions of the BlazeMeter Jenkins plugin prior to 4.22 contain a flaw which results in credential enumeration
- CVE-2024-38276HIGHCVSS 8.8EG 8.82024-06-18
Incorrect CSRF token checks resulted in multiple CSRF risks.
- CVE-2024-38293CRITICALCVSS 9.6EG 8.82024-06-13
ALCASAR before 3.6.1 allows CSRF and remote code execution in activity.php.
- CVE-2024-38344MEDIUMCVSS 5.4EG 5.42024-07-04
A cross-site request forgery vulnerability exists in WP Tweet Walls versions prior to 1.0.4. If this vulnerability is exploited, an attacker allows a user who logs in to the WordPress site where the affected plugin is enabled to access a m…
- CVE-2024-38345HIGHCVSS 8.1EG 8.12024-07-04
A cross-site request forgery vulnerability exists in Sola Testimonials versions prior to 3.0.0. If this vulnerability is exploited, an attacker allows a user who logs in to the WordPress site where the affected plugin is enabled to access …
- CVE-2024-38457HIGHCVSS 8.8EG 8.82024-06-16
Xenforo before 2.2.16 allows CSRF.
- CVE-2024-38691MEDIUMCVSS 4.3EG 4.32025-01-02
Cross-Site Request Forgery (CSRF) vulnerability in Metorik Metorik – Reports & Email Automation for WooCommerce metorik-helper allows Cross Site Request Forgery.This issue affects Metorik – Reports & Email Automation for WooCommerce: f…
- CVE-2024-38724HIGHCVSS 7.1EG 7.12024-08-13
Cross-Site Request Forgery (CSRF), Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Muhammad Rehman Contact Form 7 Summary and Print allows Stored XSS.This issue affects Contact F…
- CVE-2024-38729MEDIUMCVSS 5.4EG 5.42025-01-02
Cross-Site Request Forgery (CSRF) vulnerability in mbeelink MBE eShip mail-boxes-etc allows Cross Site Request Forgery.This issue affects MBE eShip: from n/a through <= 2.1.2.
- CVE-2024-3873MEDIUMCVSS 4.3EG 4.32024-04-16
A vulnerability was found in SMI SMI-EX-5414W up to 1.0.03. It has been classified as problematic. This affects an unknown part of the component Web Interface. The manipulation leads to cross-site request forgery. It is possible to initiat…
- CVE-2024-38731MEDIUMCVSS 4.3EG 4.32025-01-02
Cross-Site Request Forgery (CSRF) vulnerability in Marsian i-amaze allows Cross Site Request Forgery.This issue affects i-amaze: from n/a through 1.3.7.
- CVE-2024-38732MEDIUMCVSS 4.3EG 4.32025-01-02
Cross-Site Request Forgery (CSRF) vulnerability in VolThemes Patricia Blog allows Cross Site Request Forgery.This issue affects Patricia Blog: from n/a through 1.2.
- CVE-2024-38751MEDIUMCVSS 4.3EG 4.32025-01-02
Cross-Site Request Forgery (CSRF) vulnerability in Magazine3 Google Adsense & Banner Ads by AdsforWP ads-for-wp allows Cross Site Request Forgery.This issue affects Google Adsense & Banner Ads by AdsforWP: from n/a through <= 1.9.28.
- CVE-2024-38753MEDIUMCVSS 4.3EG 4.32025-01-02
Cross-Site Request Forgery (CSRF) vulnerability in Labib Ahmed Animated Rotating Words css3-rotating-words allows Cross Site Request Forgery.This issue affects Animated Rotating Words: from n/a through <= 5.6.
- CVE-2024-38754MEDIUMCVSS 4.3EG 4.32025-01-02
Cross-Site Request Forgery (CSRF) vulnerability in Taggbox Taggbox taggbox-widget allows Cross Site Request Forgery.This issue affects Taggbox: from n/a through <= 3.3.
Map vulnerabilities like CWE-352 to your infrastructure
EchelonGraph correlates every CVE — across CWE-352 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →