CWE-352— Cross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.— MITRE CWE catalog
8,843 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-352page 83 of 177
- CVE-2023-23731MEDIUMCVSS 4.3EG 4.32023-07-11
Cross-Site Request Forgery (CSRF) vulnerability in HasTheme WishSuite plugin <= 1.3.3 versions.
- CVE-2023-23750MEDIUMCVSS 6.3EG 6.32023-02-01
An issue was discovered in Joomla! 4.0.0 through 4.2.6. A missing token check causes a CSRF vulnerability in the handling of post-installation messages.
- CVE-2023-23787MEDIUMCVSS 4.3EG 4.32023-07-10
Cross-Site Request Forgery (CSRF) vulnerability in Premmerce Premmerce Redirect Manager plugin <= 1.0.9 versions.
- CVE-2023-23790HIGHCVSS 7.1EG 7.12023-05-03
Cross-Site Request Forgery (CSRF) vulnerability in Pods Framework Team Pods – Custom Content Types and Fields plugin <= 2.9.10.2 versions.
- CVE-2023-23791MEDIUMCVSS 4.3EG 4.32023-07-11
Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Menu plugin <= 1.2.1 versions.
- CVE-2023-23792MEDIUMCVSS 4.3EG 4.32023-07-11
Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Swatchly plugin <= 1.2.0 versions.
- CVE-2023-23795HIGHCVSS 7.1EG 7.12023-06-22
Cross-Site Request Forgery (CSRF) vulnerability in Muneeb Form Builder plugin <= 1.9.9.0 versions.
- CVE-2023-23797MEDIUMCVSS 5.4EG 5.42023-05-22
Cross-Site Request Forgery (CSRF) vulnerability in SecondLineThemes Auto YouTube Importer plugin <= 1.0.3 versions.
- CVE-2023-23801MEDIUMCVSS 4.3EG 8.82023-04-06
Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Really Simple Google Tag Manager plugin <= 1.0.6 versions.
- CVE-2023-23802MEDIUMCVSS 4.3EG 4.32023-06-15
Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Easy GA4 ( Google Analytics 4 ) plugin <= 1.0.6 versions.
- CVE-2023-23803MEDIUMCVSS 4.3EG 4.32023-07-11
Cross-Site Request Forgery (CSRF) vulnerability in HasThemes JustTables plugin <= 1.4.9 versions.
- CVE-2023-23804MEDIUMCVSS 4.3EG 4.32023-07-10
Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Feed plugin <= 1.2.7 versions.
- CVE-2023-23813MEDIUMCVSS 5.4EG 5.42023-05-22
Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My Calendar plugin <= 3.4.3 versions.
- CVE-2023-23847LOWCVSS 3.5EG 3.52023-02-15
A cross-site request forgery (CSRF) vulnerability in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another meth…
- CVE-2023-23861MEDIUMCVSS 5.4EG 8.82023-03-29
Cross-Site Request Forgery (CSRF) vulnerability in German Mesky GMAce plugin <= 1.5.2 versions.
- CVE-2023-23865MEDIUMCVSS 4.3EG 4.32023-02-28
Cross-Site Request Forgery (CSRF) vulnerability in Checkout Plugins Stripe Payments For WooCommerce plugin <= 1.4.10 leads to settings change.
- CVE-2023-23869MEDIUMCVSS 4.3EG 4.32023-07-10
Cross-Site Request Forgery (CSRF) vulnerability in Amit Agarwal Google XML Sitemap for Mobile plugin <= 1.6.1 versions.
- CVE-2023-23879MEDIUMCVSS 4.3EG 4.32023-04-23
Cross-Site Request Forgery (CSRF) vulnerability in Nicolas Zeh PHP Execution plugin <= 1.0.0 versions.
- CVE-2023-23890HIGHCVSS 7.1EG 7.12023-05-20
Cross-Site Request Forgery (CSRF) vulnerability in LJ Apps WP Airbnb Review Slider plugin <= 3.2 versions.
- CVE-2023-23897MEDIUMCVSS 4.3EG 4.32023-07-10
Cross-Site Request Forgery (CSRF) vulnerability in Ozette Plugins Simple Mobile URL Redirect plugin <= 1.7.2 versions.
- CVE-2023-23899MEDIUMCVSS 4.3EG 4.32023-02-17
Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Extensions For CF7 plugin <= 2.0.8 versions leads to arbitrary plugin activation.
- CVE-2023-23973MEDIUMCVSS 4.3EG 6.52023-03-01
Cross-Site Request Forgery (CSRF) vulnerability in a3rev Software Contact Us Page – Contact People plugin <= 3.7.0.
- CVE-2023-23974MEDIUMCVSS 4.3EG 5.42023-03-01
Cross-Site Request Forgery (CSRF) vulnerability in Fullworks Quick Event Manager plugin <= 9.7.4 affecting all registration actions (delete, delete all, edit, update).
- CVE-2023-23983MEDIUMCVSS 5.4EG 5.42023-02-28
Cross-Site Request Forgery (CSRF) vulnerability in wpdevart Responsive Vertical Icon Menu plugin <= 1.5.8 can lead to theme deletion.
- CVE-2023-23984MEDIUMCVSS 4.3EG 5.42023-03-01
Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Bubble Menu – circle floating menu plugin <= 3.0.1 leading to form deletion.
- CVE-2023-23992MEDIUMCVSS 4.3EG 4.32023-02-28
Cross-Site Request Forgery (CSRF) vulnerability in AutomatorWP plugin <= 2.5.0 leads to object delete.
- CVE-2023-23993MEDIUMCVSS 5.4EG 5.42023-07-10
Cross-Site Request Forgery (CSRF) vulnerability in LionScripts.Com LionScripts: IP Blocker Lite plugin <= 11.1.1 versions.
- CVE-2023-23997MEDIUMCVSS 4.3EG 4.32023-07-11
Cross-Site Request Forgery (CSRF) vulnerability in Dave Jesch Database Collation Fix plugin <= 1.2.7 versions.
- CVE-2023-24007MEDIUMCVSS 4.3EG 4.32023-05-26
Cross-Site Request Forgery (CSRF) vulnerability in TheOnlineHero - Tom Skroza Admin Block Country plugin <= 7.1.4 versions.
- CVE-2023-24008MEDIUMCVSS 4.3EG 4.32023-05-26
Cross-Site Request Forgery (CSRF) vulnerability in yonifre Maspik – Spam Blacklist plugin <= 0.7.8 versions.
- CVE-2023-24048HIGHCVSS 8.8EG 8.82023-12-04
Cross Site Request Forgery (CSRF) vulnerability in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain control of the device via crafted GET request to /man_password.htm.
- CVE-2023-2405MEDIUMCVSS 6.1EG 6.12023-06-03
The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.0. This is due to missing nonce validation in the vcita-callback.php file. This makes it possible f…
- CVE-2023-2407MEDIUMCVSS 6.1EG 6.12023-06-03
The Event Registration Calendar By vcita plugin, versions up to and including 3.10.0, and Online Payments – Get Paid with PayPal, Square & Stripe plugin, for WordPress are vulnerable to Cross-Site Request Forgery. This is due to missing …
- CVE-2023-2416MEDIUMCVSS 5.4EG 5.42023-06-03
The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the vcita_logout_callback function in versions up to, and including, 4.5. This…
- CVE-2023-24377MEDIUMCVSS 5.4EG 8.82023-02-14
Cross-Site Request Forgery (CSRF) vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart plugin <= 6.11.3 versions.
- CVE-2023-2438MEDIUMCVSS 6.1EG 6.12023-11-22
The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due to missing or incorrect nonce validation on the 'userpro_save_userdata' function. This makes it possible for …
- CVE-2023-24380MEDIUMCVSS 4.3EG 4.32023-12-17
Cross-Site Request Forgery (CSRF) vulnerability in Webbjocke Simple Wp Sitemap.This issue affects Simple Wp Sitemap: from n/a through 1.2.1.
- CVE-2023-24382MEDIUMCVSS 5.4EG 8.82023-02-14
Cross-Site Request Forgery (CSRF) vulnerability in Photon WP Material Design Icons for Page Builders plugin <= 1.4.2 versions.
- CVE-2023-24384MEDIUMCVSS 4.3EG 8.82023-02-23
Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Organization chart <= 1.4.4 versions.
- CVE-2023-24388MEDIUMCVSS 4.3EG 5.42023-02-17
Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Booking calendar, Appointment Booking System plugin <= 3.2.3 versions affects plugin forms actions (create, duplicate, edit, delete).
- CVE-2023-24395MEDIUMCVSS 5.4EG 5.42023-07-10
Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Contact Form 7 Redirect & Thank You Page plugin <= 1.0.3 versions.
- CVE-2023-2440HIGHCVSS 8.8EG 8.82023-11-22
The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing nonce validation in the 'admin_page', 'userpro_verify_user' and 'verifyUnverifyAllUsers' functions…
- CVE-2023-24405MEDIUMCVSS 5.4EG 5.42023-07-10
Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Contact Form 7 – PayPal & Stripe Add-on plugin <= 1.9.3 versions.
- CVE-2023-24414MEDIUMCVSS 4.3EG 4.32023-05-20
Cross-Site Request Forgery (CSRF) vulnerability in RoboSoft Photo Gallery, Images, Slider in Rbs Image Gallery plugin <= 3.2.11 versions.
- CVE-2023-24415MEDIUMCVSS 5.4EG 8.82023-02-23
Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud AI ChatBot plugin <= 4.2.8 versions.
- CVE-2023-24417MEDIUMCVSS 4.3EG 4.32023-07-11
Cross-Site Request Forgery (CSRF) vulnerability in tiggersWelt.Net Worthy plugin <= 1.6.5-6497609 versions.
- CVE-2023-24419HIGHCVSS 7.1EG 8.82023-02-28
Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Form Builder Team Formidable Forms plugin <= 5.5.6 versions.
- CVE-2023-24421MEDIUMCVSS 5.4EG 5.42023-07-11
Cross-Site Request Forgery (CSRF) vulnerability in WP Engine PHP Compatibility Checker plugin <= 1.5.2 versions.
- CVE-2023-24423MEDIUMCVSS 6.5EG 6.52023-01-26
A cross-site request forgery (CSRF) vulnerability in Jenkins Gerrit Trigger Plugin 2.38.0 and earlier allows attackers to rebuild previous builds triggered by Gerrit.
- CVE-2023-24428MEDIUMCVSS 5.7EG 5.72023-01-26
A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket OAuth Plugin 0.12 and earlier allows attackers to trick users into logging in to the attacker's account.
Map vulnerabilities like CWE-352 to your infrastructure
EchelonGraph correlates every CVE — across CWE-352 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →