CWE-352— Cross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.— MITRE CWE catalog
8,856 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-352page 139 of 178
- CVE-2025-22336HIGHCVSS 7.1EG 7.12025-01-07
Cross-Site Request Forgery (CSRF) vulnerability in Amos Lee(一刀) Wizhi Multi Filters by Wenprise wizhi-multi-filters allows Stored XSS.This issue affects Wizhi Multi Filters by Wenprise: from n/a through <= 1.8.6.
- CVE-2025-22342HIGHCVSS 7.1EG 7.12025-01-07
Cross-Site Request Forgery (CSRF) vulnerability in Jenst WP Simple Sitemap wp-simple-sitemap allows Stored XSS.This issue affects WP Simple Sitemap: from n/a through <= 0.2.
- CVE-2025-22343HIGHCVSS 7.1EG 7.12025-01-07
Cross-Site Request Forgery (CSRF) vulnerability in koter84 wpSOL wpsol allows Stored XSS.This issue affects wpSOL: from n/a through <= 1.2.0.
- CVE-2025-22347HIGHCVSS 8.2EG 8.22025-01-07
Cross-Site Request Forgery (CSRF) vulnerability in bannersky BSK Forms Blacklist bsk-gravityforms-blacklist allows Blind SQL Injection.This issue affects BSK Forms Blacklist: from n/a through <= 3.9.
- CVE-2025-2247MEDIUMCVSS 5.4EG 5.42025-05-15
The WP-PManager WordPress plugin through 1.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
- CVE-2025-22503MEDIUMCVSS 4.3EG 4.32025-01-07
Cross-Site Request Forgery (CSRF) vulnerability in digitalzoomstudio Admin debug wordpress – enable debug dzs-enable-debug allows Cross Site Request Forgery.This issue affects Admin debug wordpress – enable debug: from n/a through <= 1…
- CVE-2025-22520HIGHCVSS 7.1EG 7.12025-01-07
Cross-Site Request Forgery (CSRF) vulnerability in Tock Tock Widget tock-widget allows Cross Site Request Forgery.This issue affects Tock Widget: from n/a through <= 1.1.
- CVE-2025-22538HIGHCVSS 7.1EG 7.12025-01-07
Cross-Site Request Forgery (CSRF) vulnerability in Ofek Nakar Virtual Bot virtual-bot allows Stored XSS.This issue affects Virtual Bot: from n/a through <= 1.0.0.
- CVE-2025-22552HIGHCVSS 7.1EG 7.12025-01-07
Cross-Site Request Forgery (CSRF) vulnerability in bnielsen Affiliate Disclosure Statement affiliate-disclosure-statement allows Cross Site Request Forgery.This issue affects Affiliate Disclosure Statement: from n/a through <= 0.3.
- CVE-2025-22555HIGHCVSS 7.1EG 7.12025-01-07
Cross-Site Request Forgery (CSRF) vulnerability in njshofe Smoothness Slider Shortcode smoothness-slider-shortcode allows Cross Site Request Forgery.This issue affects Smoothness Slider Shortcode: from n/a through <= v1.2.2.
- CVE-2025-22556HIGHCVSS 7.1EG 7.12025-01-07
Cross-Site Request Forgery (CSRF) vulnerability in WP CMS Ninja Norse Rune Oracle Plugin norse-runes-oracle allows Cross Site Request Forgery.This issue affects Norse Rune Oracle Plugin: from n/a through <= 1.4.2.
- CVE-2025-22557HIGHCVSS 7.1EG 7.12025-01-07
Cross-Site Request Forgery (CSRF) vulnerability in cdowp News Publisher Autopilot wpm-news-api allows Cross Site Request Forgery.This issue affects News Publisher Autopilot: from n/a through <= 2.1.4.
- CVE-2025-22559HIGHCVSS 7.1EG 7.12025-01-07
Cross-Site Request Forgery (CSRF) vulnerability in tubepress TubePress.NET tubepressnet allows Cross Site Request Forgery.This issue affects TubePress.NET: from n/a through <= 4.0.1.
- CVE-2025-22562MEDIUMCVSS 4.3EG 4.32025-01-07
Cross-Site Request Forgery (CSRF) vulnerability in kbowson Title Experiments Free wp-experiments-free allows Cross Site Request Forgery.This issue affects Title Experiments Free: from n/a through <= 9.0.4.
- CVE-2025-22563MEDIUMCVSS 4.3EG 4.32025-01-07
Cross-Site Request Forgery (CSRF) vulnerability in faaiq Pretty Url pretty-url allows Cross Site Request Forgery.This issue affects Pretty Url: from n/a through <= 1.5.5.
- CVE-2025-22571HIGHCVSS 7.1EG 7.12025-01-07
Cross-Site Request Forgery (CSRF) vulnerability in instabot Instabot instabot allows Cross Site Request Forgery.This issue affects Instabot: from n/a through <= 1.10.
- CVE-2025-22582HIGHCVSS 7.1EG 7.12025-01-07
Cross-Site Request Forgery (CSRF) vulnerability in Scott Nelle Uptime Robot uptime-robot allows Stored XSS.This issue affects Uptime Robot: from n/a through <= 0.1.3.
- CVE-2025-22589HIGHCVSS 7.1EG 7.12025-01-07
Cross-Site Request Forgery (CSRF) vulnerability in bozdoz Quote Tweet quote-tweet allows Stored XSS.This issue affects Quote Tweet: from n/a through <= 0.7.
- CVE-2025-22590HIGHCVSS 7.1EG 7.12025-01-07
Cross-Site Request Forgery (CSRF) vulnerability in mmrs151 Prayer Times Anywhere prayer-times-anywhere allows Stored XSS.This issue affects Prayer Times Anywhere: from n/a through <= 2.0.1.
- CVE-2025-22634MEDIUMCVSS 5.4EG 5.42025-03-27
Cross-Site Request Forgery (CSRF) vulnerability in MD Abu Jubayer Hossain Easy Booked – Appointment Booking and Scheduling Management System for WordPress easy-booked allows Cross Site Request Forgery.This issue affects Easy Booked – A…
- CVE-2025-22637MEDIUMCVSS 4.3EG 4.32025-03-27
Cross-Site Request Forgery (CSRF) vulnerability in verkkovaraani Print PDF Generator and Publisher nopeamedia allows Cross Site Request Forgery.This issue affects Print PDF Generator and Publisher: from n/a through <= 1.2.0.
- CVE-2025-22658HIGHCVSS 7.1EG 7.12025-03-27
Cross-Site Request Forgery (CSRF) vulnerability in Listings for Appfolio Listings for Appfolio listings-for-appfolio allows Stored XSS.This issue affects Listings for Appfolio: from n/a through <= 1.2.0.
- CVE-2025-22669MEDIUMCVSS 4.3EG 4.32025-03-27
Cross-Site Request Forgery (CSRF) vulnerability in AwesomeTOGI Awesome Event Booking awesome-event-booking allows Cross Site Request Forgery.This issue affects Awesome Event Booking: from n/a through <= 2.7.5.
- CVE-2025-22685HIGHCVSS 7.1EG 7.12025-02-03
Cross-Site Request Forgery (CSRF) vulnerability in CheGevara29 Tags to Keywords tags-to-meta-keywords allows Stored XSS.This issue affects Tags to Keywords: from n/a through <= 1.0.1.
- CVE-2025-22688HIGHCVSS 7.1EG 7.12025-02-03
Cross-Site Request Forgery (CSRF) vulnerability in Ederson Peka Unlimited Page Sidebars unlimited-page-sidebars allows Stored XSS.This issue affects Unlimited Page Sidebars: from n/a through <= 0.2.6.
- CVE-2025-22690HIGHCVSS 7.1EG 7.12025-02-03
Cross-Site Request Forgery (CSRF) vulnerability in DigiTimber DigiTimber cPanel Integration digitimber-cpanel-integration allows Stored XSS.This issue affects DigiTimber cPanel Integration: from n/a through <= 1.4.6.
- CVE-2025-22703HIGHCVSS 7.1EG 7.12025-02-03
Cross-Site Request Forgery (CSRF) vulnerability in manuelvicedo Forge – Front-End Page Builder forge allows Stored XSS.This issue affects Forge – Front-End Page Builder: from n/a through <= 1.4.6.
- CVE-2025-22705HIGHCVSS 7.1EG 7.12025-02-14
Cross-Site Request Forgery (CSRF) vulnerability in godthor Disqus Popular Posts disqus-popular-posts allows Reflected XSS.This issue affects Disqus Popular Posts: from n/a through <= 2.1.1.
- CVE-2025-22731MEDIUMCVSS 4.3EG 4.32025-01-15
Cross-Site Request Forgery (CSRF) vulnerability in silverplugins217 Build Private Store For Woocommerce build-private-store-for-woocommerce allows Cross Site Request Forgery.This issue affects Build Private Store For Woocommerce: from n/a …
- CVE-2025-22768HIGHCVSS 7.1EG 7.12025-01-23
Cross-Site Request Forgery (CSRF) vulnerability in JinHan Park Rocket Media Library Mime Type rocket-media-library-mime-type allows Stored XSS.This issue affects Rocket Media Library Mime Type: from n/a through <= 2.1.0.
- CVE-2025-22784HIGHCVSS 8.6EG 8.62025-01-15
Cross-Site Request Forgery (CSRF) vulnerability in swedish boy Background Control background-control allows Path Traversal.This issue affects Background Control: from n/a through <= 1.0.5.
- CVE-2025-22814HIGHCVSS 7.1EG 7.12025-01-09
Cross-Site Request Forgery (CSRF) vulnerability in Dylan James Zephyr Admin Theme zephyr-modern-admin-theme allows Cross Site Request Forgery.This issue affects Zephyr Admin Theme: from n/a through <= 1.4.1.
- CVE-2025-22963HIGHCVSS 7.5EG 7.52025-01-13
Teedy through 1.11 allows CSRF for account takeover via POST /api/user/admin.
- CVE-2025-2299MEDIUMCVSS 6.1EG 6.12025-04-03
The LuckyWP Table of Contents plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.10. This is due to missing or incorrect nonce validation on the 'ajaxEdit' function. This makes it pos…
- CVE-2025-23044MEDIUMCVSS 6.8EG 6.82025-01-20
PwnDoc is a penetration test report generator. There is no CSRF protection in pwndoc, allowing attackers to send requests on a logged-in user's behalf. This includes GET and POST requests due to the missing SameSite= attribute on cookies a…
- CVE-2025-23081MEDIUMCVSS 6.1EG 6.12025-01-14
Cross-Site Request Forgery (CSRF), Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - DataTransfer Extension allows Cross Site Request Forgery, Cros…
- CVE-2025-23113LOWCVSS 3.4EG 3.42025-01-10
An issue was discovered in REDCap 14.9.6. It has an action=myprojects&logout=1 CSRF issue in the alert-title while performing an upload of a CSV file containing a list of alert configuration. An attacker can send the victim a CSV file cont…
- CVE-2025-2319HIGHCVSS 8.8EG 8.82025-03-25
The EZ SQL Reports Shortcode Widget and DB Backup plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 4.11.13 to 5.25.08. This is due to missing or incorrect nonce validation on the 'ELISQLREPORTS_menu' function. T…
- CVE-2025-23411MEDIUMCVSS 6.3EG 6.32025-02-13
mySCADA myPRO Manager is vulnerable to cross-site request forgery (CSRF), which could allow an attacker to obtain sensitive information. An attacker would need to trick the victim in to visiting an attacker-controlled website.
- CVE-2025-23424HIGHCVSS 7.1EG 7.12025-01-16
Cross-Site Request Forgery (CSRF) vulnerability in bnovotny Marquee Style RSS News Ticker marquee-style-rss-news-ticker allows Cross Site Request Forgery.This issue affects Marquee Style RSS News Ticker: from n/a through <= 3.2.0.
- CVE-2025-23426HIGHCVSS 7.1EG 7.12025-01-16
Cross-Site Request Forgery (CSRF) vulnerability in Binesh Dobhal go Social go-social allows Stored XSS.This issue affects go Social: from n/a through <= 1.0.
- CVE-2025-23430HIGHCVSS 7.1EG 7.12025-01-16
Cross-Site Request Forgery (CSRF) vulnerability in Oren Yomtov Mass Custom Fields Manager mass-custom-fields-manager allows Reflected XSS.This issue affects Mass Custom Fields Manager: from n/a through <= 1.5.
- CVE-2025-23435HIGHCVSS 7.1EG 7.12025-01-16
Cross-Site Request Forgery (CSRF) vulnerability in marcucci Password Protect Plugin for WordPress password-protect-plugin-for-wordpress allows Stored XSS.This issue affects Password Protect Plugin for WordPress: from n/a through <= 0.8.1.0.
- CVE-2025-23436HIGHCVSS 7.1EG 7.12025-01-16
Cross-Site Request Forgery (CSRF) vulnerability in capa Wp-Scribd-List wp-scribd-list allows Stored XSS.This issue affects Wp-Scribd-List: from n/a through <= 1.2.
- CVE-2025-23442HIGHCVSS 7.1EG 7.12025-01-16
Cross-Site Request Forgery (CSRF) vulnerability in mschertel Shockingly Big IE6 Warning shockingly-big-ie6-warning allows Stored XSS.This issue affects Shockingly Big IE6 Warning: from n/a through <= 1.6.3.
- CVE-2025-23445HIGHCVSS 7.1EG 7.12025-01-16
Cross-Site Request Forgery (CSRF) vulnerability in scottswezey Easy Tynt easy-tynt allows Cross Site Request Forgery.This issue affects Easy Tynt: from n/a through <= 0.2.5.1.
- CVE-2025-23446HIGHCVSS 7.1EG 7.12025-03-03
Cross-Site Request Forgery (CSRF) vulnerability in KokoenDE WP SpaceContent wp-spacecontent allows Stored XSS.This issue affects WP SpaceContent: from n/a through <= 0.4.5.
- CVE-2025-23455HIGHCVSS 7.1EG 7.12025-01-16
Cross-Site Request Forgery (CSRF) vulnerability in Master Software Solutions WP VTiger Synchronization msstiger allows Stored XSS.This issue affects WP VTiger Synchronization: from n/a through <= 1.1.1.
- CVE-2025-23456HIGHCVSS 7.1EG 7.12025-01-16
Cross-Site Request Forgery (CSRF) vulnerability in Oddthinking EmailShroud emailshroud allows Reflected XSS.This issue affects EmailShroud: from n/a through <= 2.2.1.
- CVE-2025-23463HIGHCVSS 7.1EG 7.12025-01-16
Cross-Site Request Forgery (CSRF) vulnerability in Mukesh Dak MD Custom content after or before of post md-custom-content allows Stored XSS.This issue affects MD Custom content after or before of post: from n/a through <= 1.0.
Map vulnerabilities like CWE-352 to your infrastructure
EchelonGraph correlates every CVE — across CWE-352 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →