CWE-352— Cross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.— MITRE CWE catalog
8,854 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-352page 125 of 178
- CVE-2024-4585MEDIUMCVSS 4.3EG 4.32024-05-07
A vulnerability, which was classified as problematic, was found in DedeCMS 5.7. This affects an unknown part of the file /src/dede/member_type.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack…
- CVE-2024-4586MEDIUMCVSS 4.3EG 4.32024-05-07
A vulnerability has been found in DedeCMS 5.7 and classified as problematic. This vulnerability affects unknown code of the file /src/dede/shops_delivery.php. The manipulation leads to cross-site request forgery. The attack can be initiate…
- CVE-2024-4587MEDIUMCVSS 4.3EG 4.32024-05-07
A vulnerability was found in DedeCMS 5.7 and classified as problematic. This issue affects some unknown processing of the file /src/dede/tpl.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. T…
- CVE-2024-4588MEDIUMCVSS 4.3EG 4.32024-05-07
A vulnerability was found in DedeCMS 5.7. It has been classified as problematic. Affected is an unknown function of the file /src/dede/mytag_add.php. The manipulation leads to cross-site request forgery. It is possible to launch the attack…
- CVE-2024-4589MEDIUMCVSS 4.3EG 4.32024-05-07
A vulnerability was found in DedeCMS 5.7. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /src/dede/mytag_edit.php. The manipulation leads to cross-site request forgery. The attac…
- CVE-2024-4590MEDIUMCVSS 4.3EG 4.32024-05-07
A vulnerability was found in DedeCMS 5.7. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /src/dede/sys_info.php. The manipulation leads to cross-site request forgery. The attack may be la…
- CVE-2024-4591MEDIUMCVSS 4.3EG 4.32024-05-07
A vulnerability classified as problematic has been found in DedeCMS 5.7. This affects an unknown part of the file /src/dede/sys_group_add.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remo…
- CVE-2024-4592MEDIUMCVSS 4.3EG 4.32024-05-07
A vulnerability classified as problematic was found in DedeCMS 5.7. This vulnerability affects unknown code of the file /src/dede/sys_group_edit.php. The manipulation leads to cross-site request forgery. The attack can be initiated remotel…
- CVE-2024-4593MEDIUMCVSS 4.3EG 4.32024-05-07
A vulnerability, which was classified as problematic, has been found in DedeCMS 5.7. This issue affects some unknown processing of the file /src/dede/sys_multiserv.php. The manipulation leads to cross-site request forgery. The attack may b…
- CVE-2024-4594MEDIUMCVSS 4.3EG 4.32024-05-07
A vulnerability, which was classified as problematic, was found in DedeCMS 5.7. Affected is an unknown function of the file /src/dede/sys_safe.php. The manipulation leads to cross-site request forgery. It is possible to launch the attack r…
- CVE-2024-4597MEDIUMCVSS 5.7EG 5.72024-05-14
An issue has been discovered in GitLab EE affecting all versions from 16.7 before 16.9.7, all versions starting from 16.10 before 16.10.5, all versions starting from 16.11 before 16.11.2. An attacker could force a user with an active SAML …
- CVE-2024-45983MEDIUMCVSS 6.3EG 6.32024-09-26
A Cross-Site Request Forgery (CSRF) vulnerability exists in kishan0725's Hospital Management System version 6.3.5. The vulnerability allows an attacker to craft a malicious HTML form that submits a request to delete a doctor record. By ent…
- CVE-2024-45987MEDIUMCVSS 6.5EG 6.52024-09-26
Projectworld Online Voting System Version 1.0 is vulnerable to Cross Site Request Forgery (CSRF) via voter.php. This vulnerability allows an attacker to craft a malicious link that, when clicked by an authenticated user, automatically subm…
- CVE-2024-4600HIGHCVSS 7.1EG 7.12024-05-07
Cross-Site Request Forgery vulnerability in Socomec Net Vision, version 7.20. This vulnerability could allow an attacker to trick registered users into performing critical actions, such as adding and updating accounts, due to lack of prope…
- CVE-2024-46085HIGHCVSS 8.8EG 8.82024-09-17
FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/rename
- CVE-2024-46086HIGHCVSS 8.8EG 8.82024-09-18
FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/delete/123
- CVE-2024-46362HIGHCVSS 8.8EG 8.82024-09-17
FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/create_directory
- CVE-2024-46394HIGHCVSS 8.8EG 8.02024-09-19
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/?/user/add
- CVE-2024-46485MEDIUMCVSS 6.3EG 6.32024-09-25
dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/doAdminAction.php?act=addCate
- CVE-2024-46600MEDIUMCVSS 4.7EG 4.72024-09-25
dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/doAdminAction.php?act=delCate&id=31
- CVE-2024-46872MEDIUMCVSS 4.6EG 4.62024-10-29
Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1, 9.5.x <= 9.5.9 fail to sanitize user inputs in the frontend that are used for redirection which allows for a one-click client-side path traversal that is leading to CSRF in Playbooks
- CVE-2024-4689MEDIUMCVSS 4.3EG 4.32024-05-14
Cross-Site Request Forgery (CSRF) vulnerability in ShortPixel ShortPixel Adaptive Images shortpixel-adaptive-images.This issue affects ShortPixel Adaptive Images: from n/a through <= 3.8.3.
- CVE-2024-46911MEDIUMCVSS 4.7EG 4.72024-10-14
Cross-site Resource Forgery (CSRF), Privilege escalation vulnerability in Apache Roller. On multi-blog/user Roller websites, by default weblog owners are trusted to publish arbitrary weblog content and this combined with a deficiency in Ro…
- CVE-2024-47082MEDIUMCVSS 4.6EG 4.62024-09-25
Strawberry GraphQL is a library for creating GraphQL APIs. Prior to version 0.243.0, multipart file upload support as defined in the GraphQL multipart request specification was enabled by default in all Strawberry HTTP view integrations. T…
- CVE-2024-47100HIGHCVSS 7.1EG 7.12025-01-14
A vulnerability has been identified in SIMATIC S7-1200 CPU 1211C AC/DC/Rly (6ES7211-1BE40-0XB0), SIMATIC S7-1200 CPU 1211C DC/DC/DC (6ES7211-1AE40-0XB0), SIMATIC S7-1200 CPU 1211C DC/DC/Rly (6ES7211-1HE40-0XB0), SIMATIC S7-1200 CPU 1212C A…
- CVE-2024-47305MEDIUMCVSS 4.3EG 4.32024-09-25
Cross-Site Request Forgery (CSRF) vulnerability in Dnesscarkey Use Any Font use-any-font allows Cross Site Request Forgery.This issue affects Use Any Font: from n/a through <= 6.3.08.
- CVE-2024-47315MEDIUMCVSS 5.4EG 5.42024-09-25
Cross-Site Request Forgery (CSRF) vulnerability in StellarWP GiveWP give.This issue affects GiveWP: from n/a through <= 3.15.1.
- CVE-2024-47359MEDIUMCVSS 5.3EG 5.32024-11-01
Cross-Site Request Forgery (CSRF) vulnerability in averta Depicter Slider depicter.This issue affects Depicter Slider: from n/a through <= 3.2.2.
- CVE-2024-4751MEDIUMCVSS 4.3EG 4.32024-06-14
The WP Prayer II WordPress plugin through 2.4.7 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
- CVE-2024-4757HIGHCVSS 8.1EG 8.12024-06-25
The Logo Manager For Enamad WordPress plugin through 0.7.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF att…
- CVE-2024-4758HIGHCVSS 7.6EG 7.62024-06-26
The Muslim Prayer Time BD WordPress plugin through 2.4 does not have CSRF check in place when reseting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack
- CVE-2024-47634MEDIUMCVSS 5.4EG 6.52024-10-20
Cross-Site Request Forgery (CSRF) vulnerability in Streamline CartBounty – Save and recover abandoned carts for WooCommerce woo-save-abandoned-carts allows Cross Site Request Forgery.This issue affects CartBounty – Save and recover aba…
- CVE-2024-47635MEDIUMCVSS 5.4EG 5.42024-10-05
Cross-Site Request Forgery (CSRF) vulnerability in TinyPNG TinyPNG tiny-compress-images allows Cross Site Request Forgery.This issue affects TinyPNG: from n/a through <= 3.4.3.
- CVE-2024-47828MEDIUMCVSS 5.3EG 5.32024-10-09
ampache is a web based audio/video streaming application and file manager. A CSRF attack can be performed in order to delete objects (Playlist, smartlist etc.). Cross-Site Request Forgery (CSRF) is an attack that forces authenticated users…
- CVE-2024-47846HIGHCVSS 8.8EG 8.82024-10-05
Cross-Site Request Forgery (CSRF) vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows Cross Site Request Forgery.This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1.
- CVE-2024-47879HIGHCVSS 7.6EG 7.62024-10-24
OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, lack of cross-site request forgery protection on the `preview-expression` command means that visiting a malicious website could cause an attacker-c…
- CVE-2024-47914MEDIUMCVSS 4.5EG 4.52024-11-14
VaeMendis - CWE-352: Cross-Site Request Forgery (CSRF)
- CVE-2024-48031MEDIUMCVSS 6.5EG 6.52024-10-17
Cross-Site Request Forgery (CSRF) vulnerability in sumitsurai Featured Posts with Multiple Custom Groups (FPMCG) featured-posts-with-multiple-custom-groups-fpmcg allows Cross Site Request Forgery.This issue affects Featured Posts with Mult…
- CVE-2024-48037MEDIUMCVSS 5.4EG 5.42024-10-17
Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Contact Form Widget new-contact-form-widget allows Cross Site Request Forgery.This issue affects Contact Form Widget: from n/a through <= 1.4.2.
- CVE-2024-48038MEDIUMCVSS 4.3EG 4.32024-10-17
Cross-Site Request Forgery (CSRF) vulnerability in tuxlog wp-Monalisa wp-monalisa.This issue affects wp-Monalisa: from n/a through <= 6.4.
- CVE-2024-48047MEDIUMCVSS 4.3EG 4.32024-10-17
Cross-Site Request Forgery (CSRF) vulnerability in Razon Komar Pal Linked Variation for WooCommerce linked-variation-for-woocommerce allows Cross Site Request Forgery.This issue affects Linked Variation for WooCommerce: from n/a through <=…
- CVE-2024-48048HIGHCVSS 7.1EG 7.12024-10-17
Cross-Site Request Forgery (CSRF) vulnerability in GabbyKhrmon Wsify Widget wsify-widget allows Stored XSS.This issue affects Wsify Widget: from n/a through <= 1.0.
- CVE-2024-48057MEDIUMCVSS 6.1EG 6.12024-11-04
localai <=2.20.1 is vulnerable to Cross Site Scripting (XSS). When calling the delete model API and passing inappropriate parameters, it can cause a one-time storage XSS, which will trigger the payload when a user accesses the homepage.
- CVE-2024-48191MEDIUMCVSS 6.3EG 6.32024-10-28
dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/doAdminAction.php?act=delAdmin&id=17
- CVE-2024-48278MEDIUMCVSS 5.5EG 5.52024-10-15
Phpgurukul User Registration & Login and User Management System 3.2 is vulnerable to Cross Site Request Forgery (CSRF) via /edit-profile.php.
- CVE-2024-48291MEDIUMCVSS 6.3EG 6.32024-10-28
dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/doAdminAction.php?act=editAdmin&id=17
- CVE-2024-48311HIGHCVSS 8.8EG 8.82024-10-31
Piwigo v14.5.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Edit album function.
- CVE-2024-48341LOWCVSS 3.7EG 3.72025-09-08
dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/doAdminAction.php?act=addShop
- CVE-2024-4839LOWCVSS 3.3EG 4.42024-06-24
A Cross-Site Request Forgery (CSRF) vulnerability exists in the 'Servers Configurations' function of the parisneo/lollms-webui, versions 9.6 to the latest. The affected functions include Elastic search Service (under construction), XTTS se…
- CVE-2024-48418HIGHCVSS 8.8EG 8.82025-01-27
In Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06, the request /goform/fromSetDDNS does not properly handle special characters in any of user provided parameters, allowing an attacker with access to the web interface to inject and e…
Map vulnerabilities like CWE-352 to your infrastructure
EchelonGraph correlates every CVE — across CWE-352 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →