CWE-352— Cross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.— MITRE CWE catalog
8,843 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-352page 82 of 177
- CVE-2023-22672MEDIUMCVSS 4.3EG 4.32023-07-17
Cross-Site Request Forgery (CSRF) vulnerability in Mr.Vibe vSlider Multi Image Slider for WordPress plugin <= 4.1.2 versions.
- CVE-2023-22673MEDIUMCVSS 5.4EG 5.42023-07-10
Cross-Site Request Forgery (CSRF) vulnerability in MageNet Website Monetization by MageNet plugin <= 1.0.29.1 versions.
- CVE-2023-22674MEDIUMCVSS 5.4EG 5.42023-12-21
Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in Hal Gatewood Dashicons + Custom Post Types.This issue affects Dashicons + Custom Post Types: from n/a through 1.0.2.
- CVE-2023-22675MEDIUMCVSS 4.3EG 4.32025-12-09
Cross-Site Request Forgery (CSRF) vulnerability in Taylor Hawkes WP Fast Cache allows Cross Site Request Forgery.This issue affects WP Fast Cache: from n/a through 1.5.
- CVE-2023-22678MEDIUMCVSS 5.4EG 8.82023-03-20
Cross-Site Request Forgery (CSRF) vulnerability in Rafael Dery Superior FAQ plugin <= 1.0.2 versions.
- CVE-2023-22681MEDIUMCVSS 4.3EG 6.52023-03-20
Cross-Site Request Forgery (CSRF) vulnerability in Aarvanshinfotech Online Exam Software: eExamhall plugin <= 4.0 versions.
- CVE-2023-22686MEDIUMCVSS 5.4EG 5.42023-04-23
Cross-Site Request Forgery (CSRF) vulnerability in TriniTronic Nice PayPal Button Lite plugin <= 1.3.5 versions.
- CVE-2023-22688MEDIUMCVSS 4.3EG 4.32023-05-22
Cross-Site Request Forgery (CSRF) vulnerability in Abdul Ibad WP Tabs Slides plugin <= 2.0.3 versions.
- CVE-2023-22689MEDIUMCVSS 4.6EG 5.42023-05-20
Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto Affiliate Links plugin <= 6.3 versions.
- CVE-2023-22691MEDIUMCVSS 4.3EG 4.32023-05-03
Cross-Site Request Forgery (CSRF) vulnerability in Tips and Tricks HQ, Ruhul Amin Category Specific RSS feed Subscription plugin <= v2.1 versions.
- CVE-2023-22692MEDIUMCVSS 4.3EG 4.32023-05-22
Cross-Site Request Forgery (CSRF) vulnerability in Jeroen Peters Name Directory plugin <= 1.27.1 versions.
- CVE-2023-22693MEDIUMCVSS 4.3EG 4.32023-05-26
Cross-Site Request Forgery (CSRF) vulnerability in conlabzgmbh WP Google Tag Manager plugin <= 1.1 versions.
- CVE-2023-22694MEDIUMCVSS 4.3EG 4.32023-07-10
Cross-Site Request Forgery (CSRF) vulnerability in Arian Khosravi, Norik Davtian BigContact Contact Page plugin <= 1.5.8 versions.
- CVE-2023-22695MEDIUMCVSS 4.3EG 4.32023-07-10
Cross-Site Request Forgery (CSRF) vulnerability in Hiroaki Miyashita Custom Field Template plugin <= 2.5.8 versions.
- CVE-2023-22700MEDIUMCVSS 4.3EG 4.32023-03-13
Cross-Site Request Forgery (CSRF) vulnerability in PixelYourSite PixelYourSite – Your smart PIXEL (TAG) Manager plugin <= 9.3.0 versions.
- CVE-2023-22709MEDIUMCVSS 4.3EG 4.32023-05-22
Cross-Site Request Forgery (CSRF) vulnerability in Atif N SRS Simple Hits Counter plugin <= 1.1.0 versions.
- CVE-2023-2271MEDIUMCVSS 4.3EG 4.32023-08-16
The Tiempo.com WordPress plugin through 0.1.2 does not have CSRF check when deleting its shortcode, which could allow attackers to make logged in admins delete arbitrary shortcode via a CSRF attack
- CVE-2023-22714MEDIUMCVSS 4.3EG 4.32023-05-22
Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Coming Soon by Supsystic plugin <= 1.7.10 versions.
- CVE-2023-2277MEDIUMCVSS 6.1EG 6.12023-06-13
The WP Directory Kit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.9. This is due to missing or incorrect nonce validation on the 'insert' function. This makes it possible for unauth…
- CVE-2023-2279MEDIUMCVSS 5.4EG 5.42023-08-31
The WP Directory Kit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on the 'admin_page_display' function. This makes it possibl…
- CVE-2023-2285MEDIUMCVSS 4.3EG 4.32023-06-09
The WP Activity Log Premium plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.0. This is due to missing or incorrect nonce validation on the ajax_switch_db function. This makes it possib…
- CVE-2023-22852MEDIUMCVSS 6.5EG 6.52023-01-14
Tiki through 25.0 allows CSRF attacks that are related to tiki-importer.php and tiki-import_sheet.php.
- CVE-2023-2286MEDIUMCVSS 4.3EG 4.32023-06-09
The WP Activity Log for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.0. This is due to missing or incorrect nonce validation on the ajax_run_cleanup function. This makes it possible for unauth…
- CVE-2023-22942MEDIUMCVSS 5.4EG 4.32023-02-14
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a cross-site request forgery in the Splunk Secure Gateway (SSG) app in the ‘kvstore_client’ REST endpoint lets a potential attacker update SSG KV store collections using an…
- CVE-2023-2301MEDIUMCVSS 6.1EG 6.12023-06-03
The Contact Form Builder by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.10.3. This is due to missing nonce validation on the ls_parse_vcita_callback function. This makes it pos…
- CVE-2023-2303MEDIUMCVSS 6.1EG 6.12023-06-03
The Contact Form and Calls To Action by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.10.5. This is due to missing nonce validation in the vcita-callback.php file. This makes it …
- CVE-2023-2307MEDIUMCVSS 4.7EG 4.72023-04-26
Cross-Site Request Forgery (CSRF) in GitHub repository builderio/qwik prior to 0.104.0.
- CVE-2023-2326MEDIUMCVSS 6.5EG 6.52023-06-27
The Gravity Forms Google Sheet Connector WordPress plugin before 1.3.5, gsheetconnector-gravityforms-pro WordPress plugin through 1.3.5 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in a…
- CVE-2023-2329HIGHCVSS 8.8EG 8.82023-07-17
The WooCommerce Google Sheet Connector WordPress plugin before 1.3.6 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack
- CVE-2023-2330HIGHCVSS 8.8EG 8.82023-07-17
The Caldera Forms Google Sheets Connector WordPress plugin before 1.3 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack
- CVE-2023-2334MEDIUMCVSS 5.4EG 5.42025-05-15
The edd-google-sheet-connector-pro WordPress plugin before 1.4, Easy Digital Downloads Google Sheet Connector WordPress plugin before 1.6.6 does not have CSRF check when updating its Access Code, which could allow attackers to make logged …
- CVE-2023-23465CRITICALCVSS 9.1EG 8.82023-02-15
Media CP Media Control Panel latest version. CSRF possible through unspecified endpoint.
- CVE-2023-23473MEDIUMCVSS 5.3EG 5.32023-08-28
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 245400.
- CVE-2023-2352MEDIUMCVSS 4.3EG 4.32023-08-31
The CHP Ads Block Detector plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.9.4. This is due to missing or incorrect nonce validation on the chp_abd_action function. This makes it possibl…
- CVE-2023-23572MEDIUMCVSS 4.8EG 6.52023-04-11
Cross-site scripting vulnerability in SEIKO EPSON printers/network interface Web Config allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script. [Note] Web Config is the software that allows us…
- CVE-2023-23646MEDIUMCVSS 4.3EG 4.32023-07-17
Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Album Gallery – WordPress Gallery plugin <= 1.4.9 versions.
- CVE-2023-23659MEDIUMCVSS 4.3EG 8.82023-02-23
Cross-Site Request Forgery (CSRF) vulnerability in MainWP Matomo Extension <= 4.0.4 versions.
- CVE-2023-23671HIGHCVSS 7.1EG 7.12023-07-11
Cross-Site Request Forgery (CSRF) vulnerability in Muneeb Layer Slider plugin <= 1.1.9.7 versions.
- CVE-2023-23680MEDIUMCVSS 5.4EG 5.42023-05-22
Cross-Site Request Forgery (CSRF) vulnerability in Bob Goetz WP-TopBar plugin <= 5.36 versions.
- CVE-2023-23704MEDIUMCVSS 4.3EG 4.32023-07-11
Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade Comments Ratings plugin <= 1.1.6 versions.
- CVE-2023-23705MEDIUMCVSS 4.3EG 4.32023-05-23
Cross-Site Request Forgery (CSRF) vulnerability in HM Plugin WordPress Books Gallery plugin <= 4.4.8 versions.
- CVE-2023-23706MEDIUMCVSS 4.3EG 4.32023-05-23
Cross-Site Request Forgery (CSRF) vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin <= 7.5.14 versions.
- CVE-2023-23711MEDIUMCVSS 4.3EG 4.32023-03-13
Cross-Site Request Forgery (CSRF) vulnerability in A2 Hosting A2 Optimized WP plugin <= 3.0.4 versions.
- CVE-2023-23712MEDIUMCVSS 5.4EG 5.42023-05-22
Cross-Site Request Forgery (CSRF) vulnerability in User Meta Manager plugin <= 3.4.9 versions.
- CVE-2023-23713MEDIUMCVSS 4.3EG 4.32023-05-23
Cross-Site Request Forgery (CSRF) vulnerability in Manoj Thulasidas Theme Tweaker plugin <= 5.20 versions.
- CVE-2023-23714MEDIUMCVSS 4.3EG 4.32023-05-26
Cross-Site Request Forgery (CSRF) vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash plugin <= 3.6.4.1 versions.
- CVE-2023-23719MEDIUMCVSS 5.4EG 5.42023-07-17
Cross-Site Request Forgery (CSRF) vulnerability in Premmerce plugin <= 1.3.17 versions.
- CVE-2023-23721MEDIUMCVSS 4.3EG 8.82023-03-20
Cross-Site Request Forgery (CSRF) vulnerability in David Gwyer Admin Log plugin <= 1.50 versions.
- CVE-2023-23724MEDIUMCVSS 4.3EG 4.32023-05-23
Cross-Site Request Forgery (CSRF) vulnerability in Winwar Media WP Email Capture plugin <= 3.9.3 versions.
- CVE-2023-23726MEDIUMCVSS 5.4EG 5.42024-12-09
Cross-Site Request Forgery (CSRF) vulnerability in Tickera.com Tickera allows Cross Site Request Forgery.This issue affects Tickera: from n/a through 3.5.1.0.
Map vulnerabilities like CWE-352 to your infrastructure
EchelonGraph correlates every CVE — across CWE-352 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →