CWE-352— Cross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.— MITRE CWE catalog
8,856 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-352page 140 of 178
- CVE-2025-23467HIGHCVSS 7.1EG 7.12025-01-16
Cross-Site Request Forgery (CSRF) vulnerability in vimal.ghorecha RSS News Scroller rss-news-scroller allows Stored XSS.This issue affects RSS News Scroller: from n/a through <= 2.0.0.
- CVE-2025-23470HIGHCVSS 7.1EG 7.12025-01-16
Cross-Site Request Forgery (CSRF) vulnerability in xavsio4 Visit Site Link enhanced visit-site-link-enhanced allows Stored XSS.This issue affects Visit Site Link enhanced: from n/a through <= 1.0.
- CVE-2025-23471HIGHCVSS 7.1EG 7.12025-01-16
Cross-Site Request Forgery (CSRF) vulnerability in etemplates ECT Add to Cart Button ect-add-to-cart-button allows Stored XSS.This issue affects ECT Add to Cart Button: from n/a through <= 1.4.
- CVE-2025-23476HIGHCVSS 7.1EG 7.12025-01-16
Cross-Site Request Forgery (CSRF) vulnerability in isnowfy my-related-posts my-related-posts allows Stored XSS.This issue affects my-related-posts: from n/a through <= 1.1.
- CVE-2025-23483HIGHCVSS 7.1EG 7.12025-01-16
Cross-Site Request Forgery (CSRF) vulnerability in hoyce Universal Analytics Injector universal-analytics-injector allows Stored XSS.This issue affects Universal Analytics Injector: from n/a through <= 1.0.3.
- CVE-2025-23497HIGHCVSS 7.1EG 7.12025-01-16
Cross-Site Request Forgery (CSRF) vulnerability in albdesign Simple Project Manager simple-project-managment allows Stored XSS.This issue affects Simple Project Manager: from n/a through <= 1.2.2.
- CVE-2025-23499HIGHCVSS 7.1EG 7.12025-01-16
Cross-Site Request Forgery (CSRF) vulnerability in Pascal Casier Board Election board-election allows Stored XSS.This issue affects Board Election: from n/a through <= 1.0.1.
- CVE-2025-23501HIGHCVSS 7.1EG 7.12025-01-16
Cross-Site Request Forgery (CSRF) vulnerability in SpruceJoy Cookie Consent & Autoblock for GDPR/CCPA cookie-consent-autoblock allows Stored XSS.This issue affects Cookie Consent & Autoblock for GDPR/CCPA: from n/a through <= 1.0.1.
- CVE-2025-23502HIGHCVSS 7.1EG 7.12025-03-03
Cross-Site Request Forgery (CSRF) vulnerability in Ned Curated Search curated-search allows Stored XSS.This issue affects Curated Search: from n/a through <= 1.2.
- CVE-2025-23508HIGHCVSS 7.1EG 7.12025-01-16
Cross-Site Request Forgery (CSRF) vulnerability in OrigoThemes Extra Options – Favicons extra-options-favicons allows Stored XSS.This issue affects Extra Options – Favicons: from n/a through <= 1.1.0.
- CVE-2025-23510HIGHCVSS 7.1EG 7.12025-01-16
Cross-Site Request Forgery (CSRF) vulnerability in Jan Štětina WordPress Logging Service wordpress-logging-service allows Stored XSS.This issue affects WordPress Logging Service: from n/a through <= 1.5.4.
- CVE-2025-23511HIGHCVSS 7.1EG 7.12025-01-16
Cross-Site Request Forgery (CSRF) vulnerability in Stargazer WP-BlackCheck wp-blackcheck allows Stored XSS.This issue affects WP-BlackCheck: from n/a through <= 2.7.2.
- CVE-2025-23513HIGHCVSS 7.1EG 7.12025-01-16
Cross-Site Request Forgery (CSRF) vulnerability in jd7777 Bible Embed bible-embed allows Stored XSS.This issue affects Bible Embed: from n/a through <= 0.0.4.
- CVE-2025-23530HIGHCVSS 8.8EG 8.82025-01-16
Cross-Site Request Forgery (CSRF) vulnerability in yonisink Custom Post Type Lockdown custom-post-type-lockdown allows Privilege Escalation.This issue affects Custom Post Type Lockdown: from n/a through <= 1.11.
- CVE-2025-23532HIGHCVSS 8.8EG 8.82025-01-16
Cross-Site Request Forgery (CSRF) vulnerability in Regios MyAnime Widget myanime-widget allows Privilege Escalation.This issue affects MyAnime Widget: from n/a through <= 1.0.
- CVE-2025-23533HIGHCVSS 7.1EG 7.12025-01-16
Cross-Site Request Forgery (CSRF) vulnerability in zetxek WP Lyrics wplyrics allows Stored XSS.This issue affects WP Lyrics: from n/a through <= 0.4.1.
- CVE-2025-23537HIGHCVSS 7.1EG 7.12025-01-16
Cross-Site Request Forgery (CSRF) vulnerability in קידום ובניית אתרים add custom google tag manager add-custom-google-tag-manager allows Stored XSS.This issue affects add custom google tag manager: from n/a through <= 1.0.3.
- CVE-2025-23557HIGHCVSS 7.1EG 7.12025-01-16
Cross-Site Request Forgery (CSRF) vulnerability in Kathleen Malone Find Your Reps find-your-reps allows Stored XSS.This issue affects Find Your Reps: from n/a through <= 1.2.
- CVE-2025-23558HIGHCVSS 7.1EG 7.12025-01-16
Cross-Site Request Forgery (CSRF) vulnerability in digitalfisherman Geotagged Media geotagged-media allows Stored XSS.This issue affects Geotagged Media: from n/a through <= 0.3.0.
- CVE-2025-23559HIGHCVSS 7.1EG 7.12025-01-16
Cross-Site Request Forgery (CSRF) vulnerability in Stepan Stepasyuk MemeOne allows Stored XSS.This issue affects MemeOne: from n/a through 2.0.5.
- CVE-2025-23560HIGHCVSS 7.1EG 7.12025-01-16
Cross-Site Request Forgery (CSRF) vulnerability in plumwd Web Testimonials web-testimonials allows Stored XSS.This issue affects Web Testimonials: from n/a through <= 1.2.
- CVE-2025-23566HIGHCVSS 7.1EG 7.12025-01-16
Cross-Site Request Forgery (CSRF) vulnerability in syedamirhussain91 Custom Post custom-post-type-gui allows Stored XSS.This issue affects Custom Post: from n/a through <= 1.0.
- CVE-2025-23567HIGHCVSS 7.1EG 7.12025-01-16
Cross-Site Request Forgery (CSRF) vulnerability in Tamer Ziady GDReseller gdreseller allows Stored XSS.This issue affects GDReseller: from n/a through <= 1.6.
- CVE-2025-23569HIGHCVSS 7.1EG 7.12025-01-16
Cross-Site Request Forgery (CSRF) vulnerability in Kelvin Ng Shortcode in Comment shortcode-in-comment allows Stored XSS.This issue affects Shortcode in Comment: from n/a through <= 1.1.1.
- CVE-2025-23572HIGHCVSS 7.1EG 7.12025-01-16
Cross-Site Request Forgery (CSRF) vulnerability in Dave Konopka UpDownUpDown updownupdown-postcomment-voting allows Stored XSS.This issue affects UpDownUpDown: from n/a through <= 1.1.
- CVE-2025-23573HIGHCVSS 7.1EG 7.12025-01-16
Cross-Site Request Forgery (CSRF) vulnerability in sammyb WP Background Tile wp-background-tile allows Stored XSS.This issue affects WP Background Tile: from n/a through <= 1.0.
- CVE-2025-23577HIGHCVSS 7.1EG 7.12025-01-16
Cross-Site Request Forgery (CSRF) vulnerability in Sourov Amin Word Freshener word-freshener allows Stored XSS.This issue affects Word Freshener: from n/a through <= 1.3.
- CVE-2025-23617HIGHCVSS 7.1EG 7.12025-01-16
Cross-Site Request Forgery (CSRF) vulnerability in cybio Floatbox Plus floatbox-plus allows Stored XSS.This issue affects Floatbox Plus: from n/a through <= 1.4.4.
- CVE-2025-23618HIGHCVSS 7.1EG 7.12025-01-16
Cross-Site Request Forgery (CSRF) vulnerability in starise Twitter Shortcode twitter-shortcode allows Stored XSS.This issue affects Twitter Shortcode: from n/a through <= 0.9.
- CVE-2025-23627HIGHCVSS 7.1EG 7.12025-01-16
Cross-Site Request Forgery (CSRF) vulnerability in frenchsquared Comment-Emailer comment-emailer allows Stored XSS.This issue affects Comment-Emailer: from n/a through <= 1.0.5.
- CVE-2025-23639HIGHCVSS 7.1EG 7.12025-01-16
Cross-Site Request Forgery (CSRF) vulnerability in Nazmul Ahsan MDC YouTube Downloader mdc-youtube-downloader allows Stored XSS.This issue affects MDC YouTube Downloader: from n/a through <= 3.0.0.
- CVE-2025-23640HIGHCVSS 7.1EG 7.12025-01-16
Cross-Site Request Forgery (CSRF) vulnerability in Nazmul Ahsan Rename Author Slug rename-author-slug allows Stored XSS.This issue affects Rename Author Slug: from n/a through <= 1.2.0.
- CVE-2025-23649HIGHCVSS 7.1EG 7.12025-01-16
Cross-Site Request Forgery (CSRF) vulnerability in Kreg Steppe Auphonic Importer auphonic-importer allows Stored XSS.This issue affects Auphonic Importer: from n/a through <= 1.5.1.
- CVE-2025-23654HIGHCVSS 7.1EG 7.12025-01-16
Cross-Site Request Forgery (CSRF) vulnerability in krolow Twitter Post twitterpost allows Stored XSS.This issue affects Twitter Post: from n/a through <= 0.1.
- CVE-2025-23659HIGHCVSS 7.1EG 7.12025-01-16
Cross-Site Request Forgery (CSRF) vulnerability in hernanjh MercadoLibre Integration mercadolibre-integration allows Stored XSS.This issue affects MercadoLibre Integration: from n/a through <= 1.1.
- CVE-2025-23660HIGHCVSS 7.1EG 7.12025-01-16
Cross-Site Request Forgery (CSRF) vulnerability in waltercerrudo MFPlugin mfplugin allows Stored XSS.This issue affects MFPlugin: from n/a through <= 1.3.
- CVE-2025-23661HIGHCVSS 7.1EG 7.12025-01-16
Cross-Site Request Forgery (CSRF) vulnerability in ryscript NV Slider nv-slider allows Stored XSS.This issue affects NV Slider: from n/a through <= 1.6.
- CVE-2025-23662HIGHCVSS 7.1EG 7.12025-01-16
Cross-Site Request Forgery (CSRF) vulnerability in ryscript WP Panoramio wp-panoramio allows Stored XSS.This issue affects WP Panoramio: from n/a through <= 1.5.0.
- CVE-2025-23664HIGHCVSS 7.1EG 7.12025-01-16
Cross-Site Request Forgery (CSRF) vulnerability in Real Seguro Viagem Real Seguro Viagem seguro-viagem allows Stored XSS.This issue affects Real Seguro Viagem: from n/a through <= 2.0.5.
- CVE-2025-23665HIGHCVSS 7.1EG 7.12025-01-16
Cross-Site Request Forgery (CSRF) vulnerability in Ravi Kumar Vanukuru RSV GMaps rsv-google-maps allows Stored XSS.This issue affects RSV GMaps: from n/a through <= 1.5.
- CVE-2025-23673HIGHCVSS 7.1EG 7.12025-01-16
Cross-Site Request Forgery (CSRF) vulnerability in dkukral Email on Publish email-on-publish allows Stored XSS.This issue affects Email on Publish: from n/a through <= 1.5.
- CVE-2025-23675HIGHCVSS 7.1EG 7.12025-01-16
Cross-Site Request Forgery (CSRF) vulnerability in Sana Ullah Import Users to MailChimp import-users-to-mailchimp allows Stored XSS.This issue affects Import Users to MailChimp: from n/a through <= 1.0.
- CVE-2025-23677HIGHCVSS 7.1EG 7.12025-01-16
Cross-Site Request Forgery (CSRF) vulnerability in DSmidge HTTP to HTTPS link changer by Eyga.net https-links-in-content allows Stored XSS.This issue affects HTTP to HTTPS link changer by Eyga.net: from n/a through <= 0.2.4.
- CVE-2025-23690HIGHCVSS 7.1EG 7.12025-01-16
Cross-Site Request Forgery (CSRF) vulnerability in ArtkanMedia Book a Place book-a-place allows Stored XSS.This issue affects Book a Place: from n/a through <= 0.7.1.
- CVE-2025-23691HIGHCVSS 7.1EG 7.12025-01-16
Cross-Site Request Forgery (CSRF) vulnerability in Braulio Aquino Send to Twitter send-to-twitter allows Stored XSS.This issue affects Send to Twitter: from n/a through <= 1.7.2.
- CVE-2025-23692HIGHCVSS 7.1EG 7.12025-01-16
Cross-Site Request Forgery (CSRF) vulnerability in artanik Slider for Writers slider-for-writers allows Stored XSS.This issue affects Slider for Writers: from n/a through <= 1.3.
- CVE-2025-23693HIGHCVSS 7.1EG 7.12025-01-16
Cross-Site Request Forgery (CSRF) vulnerability in uosiu Secure CAPTCHA secure-captcha allows Stored XSS.This issue affects Secure CAPTCHA: from n/a through <= 1.2.
- CVE-2025-23694HIGHCVSS 7.1EG 7.12025-01-16
Cross-Site Request Forgery (CSRF) vulnerability in shabboscommerce Shabbos and Yom Tov shabbos-and-yom-tov allows Stored XSS.This issue affects Shabbos and Yom Tov: from n/a through <= 1.9.
- CVE-2025-23698HIGHCVSS 7.1EG 7.12025-01-16
Cross-Site Request Forgery (CSRF) vulnerability in ivanra10 WP Custom Google Search wp-custom-google-search allows Stored XSS.This issue affects WP Custom Google Search: from n/a through <= 1.0.
- CVE-2025-23702HIGHCVSS 7.1EG 7.12025-01-16
Cross-Site Request Forgery (CSRF) vulnerability in Schalk Burger Anonymize Links anonymize-links allows Stored XSS.This issue affects Anonymize Links: from n/a through <= 1.1.
Map vulnerabilities like CWE-352 to your infrastructure
EchelonGraph correlates every CVE — across CWE-352 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →