CWE-352— Cross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.— MITRE CWE catalog
8,854 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-352page 123 of 178
- CVE-2024-42579HIGHCVSS 8.8EG 8.82024-08-20
A Cross-Site Request Forgery (CSRF) in the component add_group.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.
- CVE-2024-42580HIGHCVSS 8.8EG 5.72024-08-20
A Cross-Site Request Forgery (CSRF) in the component edit_group.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.
- CVE-2024-42581HIGHCVSS 8.8EG 9.62024-08-20
A Cross-Site Request Forgery (CSRF) in the component delete_group.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.
- CVE-2024-42582HIGHCVSS 8.8EG 8.82024-08-20
A Cross-Site Request Forgery (CSRF) in the component delete_categorie.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.
- CVE-2024-42583HIGHCVSS 8.8EG 8.82024-08-20
A Cross-Site Request Forgery (CSRF) in the component delete_user.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.
- CVE-2024-42584HIGHCVSS 8.8EG 8.82024-08-20
A Cross-Site Request Forgery (CSRF) in the component delete_product.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.
- CVE-2024-42585HIGHCVSS 8.8EG 8.82024-08-20
A Cross-Site Request Forgery (CSRF) in the component delete_media.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.
- CVE-2024-42586HIGHCVSS 8.8EG 8.82024-08-20
A Cross-Site Request Forgery (CSRF) in the component categorie.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.
- CVE-2024-42603HIGHCVSS 8.8EG 5.72024-08-20
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=clearall
- CVE-2024-42604HIGHCVSS 8.8EG 8.82024-08-20
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_group.php?mode=delete&group_id=3
- CVE-2024-42605HIGHCVSS 8.8EG 7.12024-08-20
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/edit_page.php?link_id=1
- CVE-2024-42606HIGHCVSS 8.8EG 5.72024-08-20
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_log.php?clear=1
- CVE-2024-42607HIGHCVSS 8.8EG 8.82024-08-20
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=database
- CVE-2024-42608HIGHCVSS 8.8EG 8.82024-08-20
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/submit_page.php.
- CVE-2024-42609HIGHCVSS 8.8EG 7.12024-08-20
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=avatars
- CVE-2024-42610HIGHCVSS 8.8EG 8.82024-08-20
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=files
- CVE-2024-42611HIGHCVSS 8.8EG 8.82024-08-20
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/admin_page.php?link_id=1&mode=delete
- CVE-2024-42612HIGHCVSS 8.8EG 8.82024-08-20
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/domain_management.php?whitelist_add
- CVE-2024-42613HIGHCVSS 8.8EG 8.82024-08-20
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_widgets.php?action=install&widget=akismet
- CVE-2024-42616HIGHCVSS 8.8EG 8.82024-08-20
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_widgets.php?action=remove&widget=Statistics
- CVE-2024-42617HIGHCVSS 8.8EG 8.82024-08-20
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_config.php?action=save&var_id=32
- CVE-2024-42618HIGHCVSS 8.8EG 8.82024-08-20
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /module.php?module=karma
- CVE-2024-42619HIGHCVSS 8.8EG 8.82024-08-20
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/domain_management.php?id=0&list=whitelist&remove=pligg.com
- CVE-2024-42621HIGHCVSS 8.8EG 8.82024-08-20
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_editor.php
- CVE-2024-42623HIGHCVSS 8.8EG 8.82024-08-12
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/layout/delete/1
- CVE-2024-42624HIGHCVSS 8.8EG 8.82024-08-12
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/page/delete/10.
- CVE-2024-42625HIGHCVSS 8.8EG 5.42024-08-12
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/layout/add
- CVE-2024-42626HIGHCVSS 8.8EG 8.82024-08-12
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/snippet/add.
- CVE-2024-42627HIGHCVSS 8.8EG 8.82024-08-12
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/snippet/delete/3.
- CVE-2024-42628HIGHCVSS 8.8EG 8.82024-08-12
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/snippet/edit/3.
- CVE-2024-42629HIGHCVSS 8.8EG 5.42024-08-12
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/page/edit/10.
- CVE-2024-42630HIGHCVSS 8.8EG 8.82024-08-12
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/create_file.
- CVE-2024-42631HIGHCVSS 8.8EG 8.82024-08-12
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/layout/edit/1.
- CVE-2024-42632HIGHCVSS 8.8EG 8.82024-08-12
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/page/add.
- CVE-2024-42764CRITICALCVSS 9.4EG 9.42024-08-23
Kashipara Bus Ticket Reservation System v1.0 is vulnerable to Cross Site Request Forgery (CSRF) via /deleteTicket.php.
- CVE-2024-42768MEDIUMCVSS 6.8EG 6.82024-08-22
A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Hotel Management System v1.0 via /admin/delete_room.php.
- CVE-2024-42792LOWCVSS 3.5EG 3.52024-08-26
A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Music Management System v1.0 via /music/ajax.php?action=delete_playlist page.
- CVE-2024-42793HIGHCVSS 8.0EG 5.42024-08-28
A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Music Management System v1.0 via a crafted request to the /music/ajax.php?action=save_user page.
- CVE-2024-43116MEDIUMCVSS 4.3EG 4.32024-08-26
Cross-Site Request Forgery (CSRF) vulnerability in 10up Simple Local Avatars.This issue affects Simple Local Avatars: from n/a through 2.7.10.
- CVE-2024-43117MEDIUMCVSS 4.3EG 4.32024-08-26
Cross-Site Request Forgery (CSRF) vulnerability in WPMU DEV - Your All-in-One WordPress Platform Hummingbird hummingbird-performance.This issue affects Hummingbird: from n/a through <= 3.9.1.
- CVE-2024-4312MEDIUMCVSS 4.3EG 4.32024-05-14
The Soccer Engine – Soccer Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12. This is due to missing or incorrect nonce validation when saving match and team …
- CVE-2024-4314MEDIUMCVSS 4.3EG 4.32024-05-14
The Hostel plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.5.3. This is due to missing or incorrect nonce validation when managing rooms. This makes it possible for unauthenticated…
- CVE-2024-43192MEDIUMCVSS 6.5EG 6.52025-09-27
IBM Storage TS4500 Library 1.11.0.0 and 2.11.0.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
- CVE-2024-43255HIGHCVSS 7.1EG 7.12024-08-26
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zookatron MyBookTable Bookstore mybooktable.This issue affects MyBookTable Bookstore: from n/a through <= 3.3.9.
- CVE-2024-43265MEDIUMCVSS 4.3EG 4.32024-08-26
Cross-Site Request Forgery (CSRF) vulnerability in Analytify.This issue affects Analytify: from n/a through 5.3.1.
- CVE-2024-43269MEDIUMCVSS 4.3EG 4.32024-08-26
Cross-Site Request Forgery (CSRF) vulnerability in WPBackItUp Backup and Restore WordPress.This issue affects Backup and Restore WordPress: from n/a through 1.50.
- CVE-2024-4328HIGHCVSS 8.1EG 4.02024-06-10
A Cross-Site Request Forgery (CSRF) vulnerability exists in the clear_personality_files_list function of the parisneo/lollms-webui v9.6. The vulnerability arises from the use of a GET request to clear personality files list, which lacks pr…
- CVE-2024-43287MEDIUMCVSS 4.3EG 4.32024-08-26
Cross-Site Request Forgery (CSRF) vulnerability in Brevo Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue.This issue affects Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue: from n/a through 3.1.82.
- CVE-2024-43295MEDIUMCVSS 4.3EG 4.32024-08-26
Cross-Site Request Forgery (CSRF) vulnerability in Passionate Programmers B.V. WP Data Access.This issue affects WP Data Access: from n/a through 5.5.7.
- CVE-2024-43299MEDIUMCVSS 5.4EG 5.42024-08-26
Cross-Site Request Forgery (CSRF) vulnerability in Softaculous SpeedyCache speedycache.This issue affects SpeedyCache: from n/a through <= 1.1.8.
Map vulnerabilities like CWE-352 to your infrastructure
EchelonGraph correlates every CVE — across CWE-352 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →