CWE-352— Cross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.— MITRE CWE catalog
8,843 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-352page 78 of 177
- CVE-2022-46851MEDIUMCVSS 4.3EG 4.32023-05-23
Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Starter Templates plugin <= 3.1.20 versions.
- CVE-2022-46853MEDIUMCVSS 4.3EG 4.32023-05-23
Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme The Post Grid plugin <= 5.0.4 versions.
- CVE-2022-46854MEDIUMCVSS 5.4EG 8.82023-03-17
Cross-Site Request Forgery (CSRF) vulnerability in Obox Themes Launchpad – Coming Soon & Maintenance Mode plugin <= 1.0.13 versions.
- CVE-2022-46856MEDIUMCVSS 5.4EG 5.42023-05-25
Cross-Site Request Forgery (CSRF) vulnerability in ORION Woocommerce Products Designer plugin <= 4.3.3 versions.
- CVE-2022-46857MEDIUMCVSS 6.5EG 5.42023-07-18
Cross-Site Request Forgery (CSRF) vulnerability in SiteAlert plugin <= 1.9.7 versions.
- CVE-2022-46862MEDIUMCVSS 4.3EG 8.82023-02-14
Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin <= 8.0.7 versions.
- CVE-2022-46865MEDIUMCVSS 4.3EG 4.32023-05-25
Cross-Site Request Forgery (CSRF) vulnerability in Marty Thornley Bulk Resize Media plugin <= 1.1 versions.
- CVE-2022-46866MEDIUMCVSS 4.3EG 4.32023-05-25
Cross-Site Request Forgery (CSRF) vulnerability in Marty Thornley Import External Images plugin <= 1.4 versions.
- CVE-2022-46867MEDIUMCVSS 4.3EG 8.82023-03-17
Cross-Site Request Forgery (CSRF) vulnerability in Chasil Universal Star Rating plugin <= 2.1.0 version.
- CVE-2022-4707MEDIUMCVSS 4.3EG 6.52023-01-10
The Royal Elementor Addons plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.59. This is due to missing nonce validation in the 'wpr_create_mega_menu_template' AJAX function. This allows…
- CVE-2022-47130MEDIUMCVSS 4.3EG 4.32023-02-03
A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows a discount coupon to be arbitrarily created if an attacker with administrative privileges interacts on the CSRF page.
- CVE-2022-47131MEDIUMCVSS 4.8EG 4.82023-02-03
A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows an attacker to arbitrarily create a page.
- CVE-2022-47132HIGHCVSS 8.8EG 8.82023-02-03
A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows attackers to arbitrarily add Administrator users.
- CVE-2022-47134MEDIUMCVSS 4.3EG 4.32023-05-20
Cross-Site Request Forgery (CSRF) vulnerability in Bill Erickson Gallery Metabox plugin <= 1.5 versions.
- CVE-2022-47135MEDIUMCVSS 4.3EG 4.32023-05-25
Cross-Site Request Forgery (CSRF) vulnerability in chronoengine.Com Chronoforms plugin <= 7.0.9 versions.
- CVE-2022-47136MEDIUMCVSS 4.3EG 4.32023-05-25
Cross-Site Request Forgery (CSRF) vulnerability in WPManageNinja LLC Ninja Tables – Best Data Table Plugin for WordPress plugin <= 4.3.4 versions.
- CVE-2022-47138MEDIUMCVSS 4.3EG 4.32023-05-25
Cross-Site Request Forgery (CSRF) vulnerability in German Krutov LOGIN AND REGISTRATION ATTEMPTS LIMIT plugin <= 2.1 versions.
- CVE-2022-47139MEDIUMCVSS 5.4EG 5.42023-05-25
Cross-Site Request Forgery (CSRF) vulnerability in Damir Calusic WP Basic Elements plugin <= 5.2.15 versions.
- CVE-2022-47141MEDIUMCVSS 5.4EG 8.82023-03-14
Cross-Site Request Forgery (CSRF) vulnerability in Seerox WP Dynamic Keywords Injector plugin <= 2.3.15 versions.
- CVE-2022-47142MEDIUMCVSS 4.3EG 4.32023-05-22
Cross-Site Request Forgery (CSRF) vulnerability in Plugincraft Mediamatic – Media Library Folders plugin <= 2.8.1 versions.
- CVE-2022-47143MEDIUMCVSS 4.3EG 8.82023-03-14
Cross-Site Request Forgery (CSRF) vulnerability in Themeisle Multiple Page Generator Plugin – MPG plugin <= 3.3.9 versions.
- CVE-2022-47144MEDIUMCVSS 4.3EG 4.32023-05-25
Cross-Site Request Forgery (CSRF) vulnerability in Plugincraft Mediamatic – Media Library Folders plugin <= 2.8.1 versions.
- CVE-2022-47147MEDIUMCVSS 5.4EG 8.82023-03-14
Cross-Site Request Forgery (CSRF) vulnerability in Kesz1 Technologies ipBlockList plugin <= 1.0 versions.
- CVE-2022-47148MEDIUMCVSS 4.3EG 4.32023-03-01
Cross-Site Request Forgery (CSRF) vulnerability in WP Overnight PDF Invoices & Packing Slips for WooCommerce plugin <= 3.2.5 leading to popup dismiss.
- CVE-2022-47149MEDIUMCVSS 4.3EG 4.32023-05-25
Cross-Site Request Forgery (CSRF) vulnerability in Pretty Links plugin <= 3.4.0 versions.
- CVE-2022-47150MEDIUMCVSS 4.3EG 4.32026-06-11
Cross-Site request forgery (CSRF) vulnerability in weDevs WooCommerce Conversion Tracking allows Cross Site Request Forgery. This issue affects WooCommerce Conversion Tracking: from n/a through 2.0.10.
- CVE-2022-47152MEDIUMCVSS 5.4EG 5.42023-05-24
Cross-Site Request Forgery (CSRF) vulnerability in Etison, LLC ClickFunnels plugin <= 3.1.1 versions.
- CVE-2022-47154MEDIUMCVSS 4.3EG 8.82023-03-14
Cross-Site Request Forgery (CSRF) vulnerability in Pi Websolution CSS JS Manager, Async JavaScript, Defer Render Blocking CSS supports WooCommerce plugin <= 2.4.49 versions.
- CVE-2022-47155MEDIUMCVSS 4.3EG 8.82023-03-14
Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Slider by Supsystic plugin <= 1.8.5 versions.
- CVE-2022-47159MEDIUMCVSS 4.3EG 4.32023-05-25
Cross-Site Request Forgery (CSRF) vulnerability in Logaster Logaster Logo Generator plugin <= 1.3 versions.
- CVE-2022-47161MEDIUMCVSS 4.3EG 4.32023-05-25
Cross-Site Request Forgery (CSRF) vulnerability in The WordPress.Org community Health Check & Troubleshooting plugin <= 1.5.1 versions.
- CVE-2022-47162MEDIUMCVSS 4.3EG 8.82023-03-14
Cross-Site Request Forgery (CSRF) vulnerability in Dannie Herdyawan DH – Anti AdBlocker plugin <= 36 versions.
- CVE-2022-47163LOWCVSS 3.1EG 7.52023-03-14
Cross-Site Request Forgery (CSRF) vulnerability in Tips and Tricks HQ, josh401 WP CSV to Database – Insert CSV file content into WordPress plugin <= 2.6 versions.
- CVE-2022-47164MEDIUMCVSS 4.3EG 4.32023-05-25
Cross-Site Request Forgery (CSRF) vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce plugin <= 3.7.7 versions.
- CVE-2022-47165MEDIUMCVSS 4.3EG 4.32023-05-25
Cross-Site Request Forgery (CSRF) vulnerability in CoSchedule plugin <= 3.3.8 versions.
- CVE-2022-47166MEDIUMCVSS 4.3EG 8.82023-03-13
Cross-Site Request Forgery (CSRF) vulnerability in voidCoders Void Contact Form 7 Widget For Elementor Page Builder plugin <= 2.1.1 versions.
- CVE-2022-47167MEDIUMCVSS 5.4EG 5.42023-05-22
Cross-Site Request Forgery (CSRF) vulnerability in Aram Kocharyan Crayon Syntax Highlighter plugin <= 2.8.4 versions.
- CVE-2022-47169MEDIUMCVSS 4.3EG 4.32023-07-18
Cross-Site Request Forgery (CSRF) vulnerability in StaxWP Visibility Logic for Elementor plugin <= 2.3.4 versions.
- CVE-2022-47172MEDIUMCVSS 4.3EG 4.32023-07-17
Cross-Site Request Forgery (CSRF) vulnerability in HasThemes ShopLentor plugin <= 2.6.2 versions.
- CVE-2022-47174MEDIUMCVSS 4.3EG 4.32023-05-25
Cross-Site Request Forgery (CSRF) vulnerability in WordPress Performance Team Performance Lab plugin <= 2.2.0 versions.
- CVE-2022-47175MEDIUMCVSS 4.3EG 4.32023-10-06
Cross-Site Request Forgery (CSRF) vulnerability in P Royal Royal Elementor Addons and Templates plugin <= 1.3.75 versions.
- CVE-2022-47177MEDIUMCVSS 4.3EG 4.32023-05-25
Cross-Site Request Forgery (CSRF) vulnerability in WP Easy Pay WP EasyPay – Square for WordPress plugin <= 4.1 versions.
- CVE-2022-47178MEDIUMCVSS 4.3EG 4.32023-05-25
Cross-Site Request Forgery (CSRF) vulnerability in Simple Share Buttons Simple Share Buttons Adder plugin <= 8.4.7 versions.
- CVE-2022-47179MEDIUMCVSS 4.3EG 4.32023-02-28
Cross-Site Request Forgery (CSRF) vulnerability in Uwe Jacobs OWM Weather plugin <= 5.6.11 leads to post duplication as a draft.
- CVE-2022-47180MEDIUMCVSS 4.3EG 4.32023-05-24
Cross-Site Request Forgery (CSRF) vulnerability in Kopa Theme Kopa Framework plugin <= 1.3.5 versions.
- CVE-2022-47181MEDIUMCVSS 4.3EG 8.82023-11-07
Cross-Site Request Forgery (CSRF) vulnerability in wpexpertsio Email Templates Customizer and Designer for WordPress and WooCommerce email-templates allows Cross Site Request Forgery.This issue affects Email Templates Customizer and Design…
- CVE-2022-47183MEDIUMCVSS 5.4EG 5.42023-05-22
Cross-Site Request Forgery (CSRF) vulnerability in StylistWP Extra Block Design, Style, CSS for ANY Gutenberg Blocks plugin <= 0.2.6 versions.
- CVE-2022-47372HIGHCVSS 7.6EG 5.42023-02-15
Stored cross-site scripting vulnerability in the Create event section in Pandora FMS Console v766 and lower. An attacker typically exploits this vulnerability by injecting XSS payloads on popular pages of a site or passing a link to a vict…
- CVE-2022-47373MEDIUMCVSS 6.4EG 6.12023-02-15
Reflected Cross Site Scripting in Search Functionality of Module Library in Pandora FMS Console v766 and lower. This vulnerability arises on the forget password functionality in which parameter username does not proper input validation/san…
- CVE-2022-47395HIGHCVSS 8.1EG 8.12023-01-18
Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 is vulnerable to cross-site request forgery in its monitor services. An attacker could take advantage of this vulnerability to execute arbitr…
Map vulnerabilities like CWE-352 to your infrastructure
EchelonGraph correlates every CVE — across CWE-352 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →