CWE-352— Cross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.— MITRE CWE catalog
8,854 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-352page 129 of 178
- CVE-2024-53765HIGHCVSS 7.1EG 7.12024-12-02
Cross-Site Request Forgery (CSRF) vulnerability in Think201 Mins To Read mins-to-read allows Stored XSS.This issue affects Mins To Read: from n/a through <= 1.2.2.
- CVE-2024-53769HIGHCVSS 7.1EG 7.12024-12-02
Cross-Site Request Forgery (CSRF) vulnerability in lriaudel Custom Post Type to Map Store cpt-to-map-store allows Stored XSS.This issue affects Custom Post Type to Map Store: from n/a through <= 1.1.0.
- CVE-2024-53770HIGHCVSS 7.1EG 7.12024-12-02
Cross-Site Request Forgery (CSRF) vulnerability in pbmacintyre RingCentral Communications rccp-free allows Stored XSS.This issue affects RingCentral Communications: from n/a through <= 1.7.0.
- CVE-2024-53775MEDIUMCVSS 4.3EG 4.32024-12-02
Cross-Site Request Forgery (CSRF) vulnerability in benmoreassynt DancePress (TRWA) dancepress-trwa allows Cross Site Request Forgery.This issue affects DancePress (TRWA): from n/a through <= 3.1.11.
- CVE-2024-53776HIGHCVSS 7.1EG 7.12024-12-02
Cross-Site Request Forgery (CSRF) vulnerability in raphaelheide Donate Me donate-me allows Stored XSS.This issue affects Donate Me: from n/a through <= 1.2.5.
- CVE-2024-53777HIGHCVSS 7.1EG 7.12024-12-02
Cross-Site Request Forgery (CSRF) vulnerability in Alberto Reineri Simple Header and Footer simple-header-and-footer allows Stored XSS.This issue affects Simple Header and Footer: from n/a through <= 1.0.0.
- CVE-2024-53778HIGHCVSS 7.1EG 7.12024-11-30
Cross-Site Request Forgery (CSRF) vulnerability in Essential Marketer Essential Breadcrumbs essential-breadcrumbs allows Stored XSS.This issue affects Essential Breadcrumbs: from n/a through <= 1.1.1.
- CVE-2024-53779HIGHCVSS 7.1EG 7.12024-12-02
Cross-Site Request Forgery (CSRF) vulnerability in 8bitkid Yahoo! WebPlayer yahoo-media-player allows Stored XSS.This issue affects Yahoo! WebPlayer: from n/a through <= 2.0.6.
- CVE-2024-53780HIGHCVSS 7.1EG 7.12024-12-02
Cross-Site Request Forgery (CSRF) vulnerability in rajeevglocify Load More Posts load-more-posts allows Stored XSS.This issue affects Load More Posts: from n/a through <= 1.5.0.
- CVE-2024-53781HIGHCVSS 7.1EG 7.12024-12-02
Cross-Site Request Forgery (CSRF) vulnerability in homejunction SpatialMatch IDX spatialmatch-free-lifestyle-search allows Stored XSS.This issue affects SpatialMatch IDX: from n/a through <= 3.0.9.
- CVE-2024-53782HIGHCVSS 7.1EG 7.12024-12-02
Cross-Site Request Forgery (CSRF) vulnerability in cmsaccount Photo Video Store photo-video-store allows Cross-Site Scripting (XSS).This issue affects Photo Video Store: from n/a through <= 21.07.
- CVE-2024-53789HIGHCVSS 7.1EG 7.12024-12-02
Cross-Site Request Forgery (CSRF) vulnerability in Ritesh Sanap Advanced What should we write next about advanced-what-should-we-write-about-next allows Stored XSS.This issue affects Advanced What should we write next about: from n/a throu…
- CVE-2024-53793HIGHCVSS 8.2EG 8.22024-12-02
Cross-Site Request Forgery (CSRF) vulnerability in jerodmoore eDoc Easy Tables edoc-easy-tables allows Blind SQL Injection.This issue affects eDoc Easy Tables: from n/a through <= 1.29.
- CVE-2024-53809MEDIUMCVSS 4.3EG 4.32024-12-06
Cross-Site Request Forgery (CSRF) vulnerability in Bob Namaste! LMS namaste-lms allows Cross Site Request Forgery.This issue affects Namaste! LMS: from n/a through <= 2.6.4.1.
- CVE-2024-53829HIGHCVSS 8.2EG 8.22025-01-21
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Cross-site request forgery allows an unauthenticated attacker to hijack the authentication of a logged in user, and use…
- CVE-2024-53946HIGHCVSS 8.8EG 8.82025-08-14
The KuWFi 4G LTE AC900 router 1.0.13 is vulnerable to Cross-Site Request Forgery (CSRF) on its web management interface. This vulnerability allows an attacker to trick an authenticated admin user into performing unauthorized actions, such …
- CVE-2024-54139HIGHCVSS 7.9EG 7.92024-12-13
Combodo iTop is an open source and web-based IT service management platform. Prior to versions 2.7.11, 3.1.2, and 3.2.0., iTop has a cross-site scripting vulnerability that can lead to cross-site request forgery on the `_table_id` paramete…
- CVE-2024-54172MEDIUMCVSS 4.3EG 4.32025-06-18
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitt…
- CVE-2024-54205HIGHCVSS 7.1EG 7.12024-12-06
Cross-Site Request Forgery (CSRF) vulnerability in Paloma Paloma Widget postman-widget allows Cross Site Request Forgery.This issue affects Paloma Widget: from n/a through <= 1.14.
- CVE-2024-54226HIGHCVSS 7.1EG 7.12024-12-09
Cross-Site Request Forgery (CSRF) vulnerability in karlkiesinger Country Blocker country-blocker allows Stored XSS.This issue affects Country Blocker: from n/a through <= 3.2.
- CVE-2024-54248HIGHCVSS 8.8EG 8.82024-12-13
Cross-Site Request Forgery (CSRF) vulnerability in eewee eewee admin custom eewee-admincustom allows Privilege Escalation.This issue affects eewee admin custom: from n/a through <= 1.8.2.4.
- CVE-2024-5428MEDIUMCVSS 4.3EG 4.32024-05-28
A vulnerability classified as problematic was found in SourceCodester Simple Online Bidding System 1.0. Affected by this vulnerability is the function save_product of the file /admin/index.php?page=manage_product of the component HTTP POST…
- CVE-2024-54300MEDIUMCVSS 4.3EG 4.32024-12-13
Cross-Site Request Forgery (CSRF) vulnerability in Basar Ventures AutoWP autowp-ai-content-writer-rewriter allows Cross Site Request Forgery.This issue affects AutoWP: from n/a through <= 2.0.8.
- CVE-2024-54306MEDIUMCVSS 4.3EG 4.32024-12-13
Cross-Site Request Forgery (CSRF) vulnerability in aitool AIKCT Engine Chatbot, ChatGPT, Gemini, GPT-4o Best AI Chatbot ai-seo-translator allows Cross Site Request Forgery.This issue affects AIKCT Engine Chatbot, ChatGPT, Gemini, GPT-4o Be…
- CVE-2024-54307MEDIUMCVSS 4.3EG 4.32024-12-13
Cross-Site Request Forgery (CSRF) vulnerability in aipost AIcomments aicomments allows Cross Site Request Forgery.This issue affects AIcomments: from n/a through <= 1.4.1.
- CVE-2024-54321MEDIUMCVSS 4.3EG 4.32024-12-13
Cross-Site Request Forgery (CSRF) vulnerability in Hive Support Hive Support hive-support allows Cross Site Request Forgery.This issue affects Hive Support: from n/a through <= 1.1.2.
- CVE-2024-54331HIGHCVSS 7.1EG 7.12024-12-16
Cross-Site Request Forgery (CSRF) vulnerability in Micha I Plant A Tree i-plant-a-tree allows Stored XSS.This issue affects I Plant A Tree: from n/a through <= 1.7.3.
- CVE-2024-54332HIGHCVSS 7.1EG 7.12024-12-16
Cross-Site Request Forgery (CSRF) vulnerability in WPFactory WP Currency Exchange Rates wp-currency-exchange-rates allows Stored XSS.This issue affects WP Currency Exchange Rates: from n/a through <= 1.2.0.
- CVE-2024-54337HIGHCVSS 7.1EG 7.12024-12-13
Cross-Site Request Forgery (CSRF) vulnerability in DevriX DX Dark Site devrix-dark-site allows Stored XSS.This issue affects DX Dark Site: from n/a through <= 1.0.1.
- CVE-2024-54351HIGHCVSS 7.1EG 7.12024-12-13
Cross-Site Request Forgery (CSRF) vulnerability in Thomas K Landis Fancy Roller Scroller fancy-roller-scroller allows Stored XSS.This issue affects Fancy Roller Scroller: from n/a through <= 1.4.0.
- CVE-2024-54352HIGHCVSS 8.8EG 8.82024-12-16
Cross-Site Request Forgery (CSRF) vulnerability in Sabri Sogrid sogrid allows Privilege Escalation.This issue affects Sogrid: from n/a through <= 1.5.2.
- CVE-2024-54353HIGHCVSS 7.1EG 7.12024-12-16
Cross-Site Request Forgery (CSRF) vulnerability in wpgear Hack-Info hack-info allows Stored XSS.This issue affects Hack-Info: from n/a through <= 3.17.
- CVE-2024-54355MEDIUMCVSS 4.3EG 4.32024-12-16
Cross-Site Request Forgery (CSRF) vulnerability in brandtoss WP Mailster wp-mailster allows Cross Site Request Forgery.This issue affects WP Mailster: from n/a through <= 1.8.17.0.
- CVE-2024-54356MEDIUMCVSS 5.4EG 5.42024-12-16
Cross-Site Request Forgery (CSRF) vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita meeting-scheduler-by-vcita allows Cross Site Request Forgery.This issue affects Online Booking & Scheduling Calendar for W…
- CVE-2024-54357MEDIUMCVSS 4.3EG 4.32024-12-16
Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada avada.This issue affects Avada: from n/a through <= 7.11.10.
- CVE-2024-54368CRITICALCVSS 9.6EG 9.62024-12-16
Cross-Site Request Forgery (CSRF) vulnerability in rubengarzajr GitSync git-sync allows Code Injection.This issue affects GitSync: from n/a through <= 1.1.0.
- CVE-2024-54372CRITICALCVSS 9.6EG 9.62024-12-16
Cross-Site Request Forgery (CSRF) vulnerability in Sourov Amin Insertify insertify allows Code Injection.This issue affects Insertify: from n/a through <= 1.1.4.
- CVE-2024-54386HIGHCVSS 7.1EG 7.12024-12-16
Cross-Site Request Forgery (CSRF) vulnerability in pushmonkey Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart push-monkey-desktop-push-notifications allows Cross Site Request Forgery.This issue affects Push Monkey…
- CVE-2024-54388HIGHCVSS 7.1EG 7.12024-12-16
Cross-Site Request Forgery (CSRF) vulnerability in Phuc Pham Multiple Admin Emails multiple-admin-emails allows Cross Site Request Forgery.This issue affects Multiple Admin Emails: from n/a through <= 1.0.
- CVE-2024-54389HIGHCVSS 7.1EG 7.12024-12-16
Cross-Site Request Forgery (CSRF) vulnerability in Eduardo addWeather myweather allows Cross Site Request Forgery.This issue affects addWeather: from n/a through <= 2.5.1.
- CVE-2024-54391HIGHCVSS 7.1EG 7.12024-12-16
Cross-Site Request Forgery (CSRF) vulnerability in mattwalters WordPress Filter wordpress-filter allows Stored XSS.This issue affects WordPress Filter: from n/a through <= 1.4.1.
- CVE-2024-54392HIGHCVSS 7.1EG 7.12024-12-16
Cross-Site Request Forgery (CSRF) vulnerability in midoks WP微信机器人 wp-weixin-robot allows Stored XSS.This issue affects WP微信机器人: from n/a through <= 5.3.5.
- CVE-2024-54393HIGHCVSS 7.1EG 7.12024-12-16
Cross-Site Request Forgery (CSRF) vulnerability in Sheikh Heera WP Fiddle wp-fiddle allows Stored XSS.This issue affects WP Fiddle: from n/a through <= 1.0.
- CVE-2024-54394HIGHCVSS 7.1EG 7.12024-12-16
Cross-Site Request Forgery (CSRF) vulnerability in khubbaib Mandrill WP email-form-under-post allows Stored XSS.This issue affects Mandrill WP: from n/a through <= 1.0.5.
- CVE-2024-54396MEDIUMCVSS 4.3EG 4.32024-12-16
Cross-Site Request Forgery (CSRF) vulnerability in elmervillanueva Bet sport Free bet-sport-free allows Cross Site Request Forgery.This issue affects Bet sport Free: from n/a through <= 1.0.0.
- CVE-2024-54397HIGHCVSS 7.1EG 7.12024-12-16
Cross-Site Request Forgery (CSRF) vulnerability in antonio.gocaj Go Animate goanimate allows Stored XSS.This issue affects Go Animate: from n/a through <= 1.0.
- CVE-2024-54398HIGHCVSS 7.1EG 7.12024-12-16
Cross-Site Request Forgery (CSRF) vulnerability in jcaruso001 Flaming Forms flaming-forms allows Stored XSS.This issue affects Flaming Forms: from n/a through <= 1.0.1.
- CVE-2024-54399HIGHCVSS 7.1EG 7.12024-12-16
Cross-Site Request Forgery (CSRF) vulnerability in CRUDLab CRUDLab Google Plus Button crudlab-google-plus allows Stored XSS.This issue affects CRUDLab Google Plus Button: from n/a through <= 1.0.2.
- CVE-2024-54400HIGHCVSS 7.1EG 7.12024-12-16
Cross-Site Request Forgery (CSRF) vulnerability in meloniq AppMaps appmaps allows Stored XSS.This issue affects AppMaps: from n/a through <= 1.1.
- CVE-2024-54401HIGHCVSS 7.1EG 7.12024-12-16
Cross-Site Request Forgery (CSRF) vulnerability in Ciprian Turcu Advanced Fancybox advanced-fancybox allows Stored XSS.This issue affects Advanced Fancybox: from n/a through <= 1.1.1.
Map vulnerabilities like CWE-352 to your infrastructure
EchelonGraph correlates every CVE — across CWE-352 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →