CWE-352— Cross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.— MITRE CWE catalog
8,857 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-352page 144 of 178
- CVE-2025-26206CRITICALCVSS 9.0EG 9.02025-03-03
Cross Site Request Forgery vulnerability in sell done storefront v.1.0 allows a remote attacker to escalate privileges via the index.html component
- CVE-2025-26211LOWCVSS 3.7EG 3.72025-05-27
Gibbon before 29.0.00 allows CSRF.
- CVE-2025-26543HIGHCVSS 7.1EG 7.12025-02-13
Cross-Site Request Forgery (CSRF) vulnerability in Pukhraj Suthar Simple Responsive Menu simple-responsive-menu allows Stored XSS.This issue affects Simple Responsive Menu: from n/a through <= 2.1.
- CVE-2025-26545HIGHCVSS 7.1EG 7.12025-02-13
Cross-Site Request Forgery (CSRF) vulnerability in shisuh Related Posts Line-up-Exactly by Milliard related-posts-line-up-exactry-by-milliard allows Stored XSS.This issue affects Related Posts Line-up-Exactly by Milliard: from n/a through …
- CVE-2025-26547HIGHCVSS 7.1EG 7.12025-02-13
Cross-Site Request Forgery (CSRF) vulnerability in nagarjunsonti My Login Logout Plugin my-loginlogout allows Stored XSS.This issue affects My Login Logout Plugin: from n/a through <= 2.4.
- CVE-2025-26549HIGHCVSS 7.1EG 7.12025-02-13
Cross-Site Request Forgery (CSRF) vulnerability in pa1 WP Html Page Sitemap wp-html-page-sitemap allows Stored XSS.This issue affects WP Html Page Sitemap: from n/a through <= 2.2.
- CVE-2025-26550HIGHCVSS 7.1EG 7.12025-02-13
Cross-Site Request Forgery (CSRF) vulnerability in Kunal Shivale Global Meta Keyword & Description global-meta-keyword-and-description allows Stored XSS.This issue affects Global Meta Keyword & Description: from n/a through <= 2.3.
- CVE-2025-26562HIGHCVSS 7.1EG 7.12025-02-13
Cross-Site Request Forgery (CSRF) vulnerability in Shambhu Patnaik RSS Filter rss-filter allows Stored XSS.This issue affects RSS Filter: from n/a through <= 1.2.
- CVE-2025-26568HIGHCVSS 7.1EG 7.12025-02-13
Cross-Site Request Forgery (CSRF) vulnerability in jensmueller Easy Amazon Product Information easy-amazon-product-information allows Stored XSS.This issue affects Easy Amazon Product Information: from n/a through <= 4.0.1.
- CVE-2025-26569HIGHCVSS 7.1EG 7.12025-02-13
Cross-Site Request Forgery (CSRF) vulnerability in Callmeforsox Post Thumbs allows Stored XSS. This issue affects Post Thumbs: from n/a through 1.5.
- CVE-2025-26570HIGHCVSS 7.1EG 7.12025-02-13
Cross-Site Request Forgery (CSRF) vulnerability in uamv Glance That allows Cross Site Request Forgery. This issue affects Glance That: from n/a through 4.9.
- CVE-2025-26571HIGHCVSS 7.1EG 7.12025-02-13
Cross-Site Request Forgery (CSRF) vulnerability in wibiya Wibiya Toolbar wibiya allows Cross Site Request Forgery.This issue affects Wibiya Toolbar: from n/a through <= 2.0.
- CVE-2025-26572HIGHCVSS 7.1EG 7.12025-02-13
Cross-Site Request Forgery (CSRF) vulnerability in jesseheap WP PHPList phplist-form-integration allows Cross Site Request Forgery.This issue affects WP PHPList: from n/a through <= 1.7.
- CVE-2025-26577HIGHCVSS 7.1EG 7.12025-02-13
Cross-Site Request Forgery (CSRF) vulnerability in daxiawp DX-auto-publish dx-auto-publish allows Stored XSS.This issue affects DX-auto-publish: from n/a through <= 1.2.
- CVE-2025-26578HIGHCVSS 7.1EG 7.12025-02-13
Cross-Site Request Forgery (CSRF) vulnerability in mathieuhays Simple Documentation client-documentation allows Stored XSS.This issue affects Simple Documentation: from n/a through <= 1.2.8.
- CVE-2025-26580HIGHCVSS 7.1EG 7.12025-02-13
Cross-Site Request Forgery (CSRF) vulnerability in Complete SEO Page/Post Specific Social Share Buttons pagepost-specific-social-share-buttons allows Stored XSS.This issue affects Page/Post Specific Social Share Buttons: from n/a through <…
- CVE-2025-26582HIGHCVSS 7.1EG 7.12025-02-13
Cross-Site Request Forgery (CSRF) vulnerability in Blackbam TinyMCE Advanced qTranslate fix editor problems tinymce-advanced-qtranslate-fix-editor-problems allows Stored XSS.This issue affects TinyMCE Advanced qTranslate fix editor problem…
- CVE-2025-26593MEDIUMCVSS 4.3EG 4.32025-06-06
Cross-Site Request Forgery (CSRF) vulnerability in FasterThemes FastBook fastbook-responsive-appointment-booking-and-scheduling-system allows Cross Site Request Forgery.This issue affects FastBook: from n/a through <= 1.1.
- CVE-2025-26748HIGHCVSS 8.1EG 8.12025-04-15
Cross-Site Request Forgery (CSRF) vulnerability in looswebstudio Arkhe arkhe allows PHP Local File Inclusion.This issue affects Arkhe: from n/a through <= 3.12.0.
- CVE-2025-26759HIGHCVSS 7.1EG 7.12025-02-16
Cross-Site Request Forgery (CSRF) vulnerability in alexvtn Content Snippet Manager content-snippet-manager allows Stored XSS.This issue affects Content Snippet Manager: from n/a through <= 1.1.5.
- CVE-2025-26768HIGHCVSS 7.1EG 7.12025-02-16
Cross-Site Request Forgery (CSRF) vulnerability in what3words what3words Address Field 3-word-address-validation-field allows Stored XSS.This issue affects what3words Address Field: from n/a through <= 4.0.15.
- CVE-2025-26899MEDIUMCVSS 6.5EG 6.52025-03-15
Cross-Site Request Forgery (CSRF) vulnerability in Recapture Cart Recovery and Email Marketing Recapture for WooCommerce recapture-for-woocommerce allows Cross Site Request Forgery.This issue affects Recapture for WooCommerce: from n/a thr…
- CVE-2025-26902MEDIUMCVSS 4.3EG 4.32025-04-09
Cross-Site Request Forgery (CSRF) vulnerability in Brizy Brizy Pro allows Cross Site Request Forgery.This issue affects Brizy Pro: from n/a through 2.6.1.
- CVE-2025-26903MEDIUMCVSS 4.3EG 4.32025-04-15
Cross-Site Request Forgery (CSRF) vulnerability in RealMag777 InPost Gallery inpost-gallery allows Cross Site Request Forgery.This issue affects InPost Gallery: from n/a through <= 2.1.4.3.
- CVE-2025-26910HIGHCVSS 7.1EG 7.12025-03-10
Cross-Site Request Forgery (CSRF) vulnerability in Iqonic Design WPBookit wpbookit allows Stored XSS.This issue affects WPBookit: from n/a through <= 1.0.1.
- CVE-2025-26925MEDIUMCVSS 4.3EG 4.32025-02-26
Cross-Site Request Forgery (CSRF) vulnerability in Required Admin Menu Manager allows Cross Site Request Forgery.This issue affects Admin Menu Manager: from n/a through 1.0.3.
- CVE-2025-26926MEDIUMCVSS 4.3EG 4.32025-02-25
Cross-Site Request Forgery (CSRF) vulnerability in fs-code Booknetic booknetic.This issue affects Booknetic: from n/a through <= 4.0.9.
- CVE-2025-26931HIGHCVSS 7.1EG 7.12025-02-25
Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Software Tribulant Gallery Voting gallery-voting allows Stored XSS.This issue affects Tribulant Gallery Voting: from n/a through <= 1.2.1.
- CVE-2025-26963MEDIUMCVSS 5.4EG 5.42025-02-25
Cross-Site Request Forgery (CSRF) vulnerability in ClickWhale ClickWhale clickwhale allows Cross Site Request Forgery.This issue affects ClickWhale: from n/a through <= 2.4.3.
- CVE-2025-27003MEDIUMCVSS 4.3EG 4.32025-09-05
Cross-Site Request Forgery (CSRF) vulnerability in fullworks Quick Paypal Payments quick-paypal-payments allows Cross Site Request Forgery.This issue affects Quick Paypal Payments: from n/a through <= 5.7.46.
- CVE-2025-27009HIGHCVSS 7.1EG 7.12025-04-14
Cross-Site Request Forgery (CSRF) vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows Stored XSS.This issue affects My auctions allegro: from n/a through <= 3.6.33.
- CVE-2025-27012HIGHCVSS 8.8EG 8.82025-02-22
Cross-Site Request Forgery (CSRF) vulnerability in a1post A1POST.BG Shipping for Woo a1post-bg-shipping-for-woocommerce allows Privilege Escalation.This issue affects A1POST.BG Shipping for Woo: from n/a through <= 1.5.
- CVE-2025-27189MEDIUMCVSS 4.3EG 4.32025-04-08
Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could be exploited to cause a denial-of-service condition. An attacker could t…
- CVE-2025-27276HIGHCVSS 8.8EG 8.82025-02-24
Cross-Site Request Forgery (CSRF) vulnerability in lizeipe Photo Gallery ( Responsive ) photo-gallery-pearlbells allows Privilege Escalation.This issue affects Photo Gallery ( Responsive ): from n/a through <= 4.0.
- CVE-2025-27277HIGHCVSS 7.1EG 7.12025-02-24
Cross-Site Request Forgery (CSRF) vulnerability in tiefpunkt Add Linked Images To Gallery add-linked-images-to-gallery-v01 allows Cross Site Request Forgery.This issue affects Add Linked Images To Gallery: from n/a through <= 1.4.
- CVE-2025-27290MEDIUMCVSS 4.3EG 4.32025-02-24
Cross-Site Request Forgery (CSRF) vulnerability in seyyed-amir Erima Zarinpal Donate erima-zarinpal-donate allows Cross Site Request Forgery.This issue affects Erima Zarinpal Donate: from n/a through <= 1.0.
- CVE-2025-27298HIGHCVSS 8.3EG 8.32025-02-24
Cross-Site Request Forgery (CSRF) vulnerability in cmstactics WP Video Posts wp-video-posts allows OS Command Injection.This issue affects WP Video Posts: from n/a through <= 3.5.1.
- CVE-2025-27311MEDIUMCVSS 4.3EG 4.32025-02-24
Cross-Site Request Forgery (CSRF) vulnerability in luk3thomas Bulk Content Creator bulk-content-creator allows Cross Site Request Forgery.This issue affects Bulk Content Creator: from n/a through <= 1.2.1.
- CVE-2025-27315MEDIUMCVSS 4.3EG 4.32025-02-24
Cross-Site Request Forgery (CSRF) vulnerability in wptom All-In-One Cufon all-in-one-cufon allows Cross Site Request Forgery.This issue affects All-In-One Cufon: from n/a through <= 1.3.0.
- CVE-2025-27316MEDIUMCVSS 4.3EG 4.32025-02-24
Cross-Site Request Forgery (CSRF) vulnerability in hosting.io JPG, PNG Compression and Optimization wp-image-compression allows Cross Site Request Forgery.This issue affects JPG, PNG Compression and Optimization: from n/a through <= 1.7.35.
- CVE-2025-27317MEDIUMCVSS 4.3EG 4.32025-02-24
Cross-Site Request Forgery (CSRF) vulnerability in IT-RAYS RAYS Grid rays-grid allows Cross Site Request Forgery.This issue affects RAYS Grid: from n/a through <= 1.3.1.
- CVE-2025-27318MEDIUMCVSS 4.3EG 4.32025-02-24
Cross-Site Request Forgery (CSRF) vulnerability in ixiter Simple Google Sitemap simple-google-sitemap allows Cross Site Request Forgery.This issue affects Simple Google Sitemap: from n/a through <= 1.6.
- CVE-2025-27321HIGHCVSS 7.1EG 7.12025-02-24
Cross-Site Request Forgery (CSRF) vulnerability in Blighty Blightly Explorer blighty-explorer allows Stored XSS.This issue affects Blightly Explorer: from n/a through <= 2.3.0.
- CVE-2025-27328MEDIUMCVSS 4.3EG 4.32025-02-24
Cross-Site Request Forgery (CSRF) vulnerability in queeez WP-PostRatings Cheater wp-postratings-cheater allows Cross Site Request Forgery.This issue affects WP-PostRatings Cheater: from n/a through <= 1.5.
- CVE-2025-27332HIGHCVSS 7.1EG 7.12025-02-24
Cross-Site Request Forgery (CSRF) vulnerability in gmnazmul Smart Maintenance & Countdown smart-maintenance-countdown allows Stored XSS.This issue affects Smart Maintenance & Countdown: from n/a through <= 1.2.
- CVE-2025-27335MEDIUMCVSS 4.3EG 4.32025-02-24
Cross-Site Request Forgery (CSRF) vulnerability in Free plug in by SEO Roma Auto Tag Links auto-tag-links allows Cross Site Request Forgery.This issue affects Auto Tag Links: from n/a through <= 1.0.13.
- CVE-2025-27336MEDIUMCVSS 4.3EG 4.32025-02-24
Cross-Site Request Forgery (CSRF) vulnerability in Alex Prokopenko / JustCoded Just Variables just-wp-variables allows Cross Site Request Forgery.This issue affects Just Variables: from n/a through <= 1.2.3.
- CVE-2025-27339MEDIUMCVSS 4.3EG 4.32025-02-24
Cross-Site Request Forgery (CSRF) vulnerability in Will Anderson Minimum Password Strength minimum-password-strength allows Cross Site Request Forgery.This issue affects Minimum Password Strength: from n/a through <= 1.2.0.
- CVE-2025-27340MEDIUMCVSS 5.4EG 5.42025-02-24
Cross-Site Request Forgery (CSRF) vulnerability in Forge12 Interactive GmbH F12-Profiler f12-profiler allows Cross Site Request Forgery.This issue affects F12-Profiler: from n/a through <= 1.3.9.
- CVE-2025-27342MEDIUMCVSS 4.3EG 4.32025-02-24
Cross-Site Request Forgery (CSRF) vulnerability in josesan WooCommerce Recargo de Equivalencia woo-recargo-de-equivalencia allows Cross Site Request Forgery.This issue affects WooCommerce Recargo de Equivalencia: from n/a through <= 1.6.24.
Map vulnerabilities like CWE-352 to your infrastructure
EchelonGraph correlates every CVE — across CWE-352 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →