CWE-352— Cross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.— MITRE CWE catalog
8,843 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-352page 85 of 177
- CVE-2023-25480MEDIUMCVSS 4.3EG 4.32023-10-06
Cross-Site Request Forgery (CSRF) vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin <= 1.24.1 versions.
- CVE-2023-25481MEDIUMCVSS 5.4EG 5.42023-05-23
Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Subscribe button plugin <= 1.3.7 versions.
- CVE-2023-25482MEDIUMCVSS 4.3EG 4.32023-07-18
Cross-Site Request Forgery (CSRF) vulnerability in Mike Martel WP Tiles plugin <= 1.1.2 versions.
- CVE-2023-25487MEDIUMCVSS 4.3EG 4.32023-07-11
Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade PixTypes plugin <= 1.4.14 versions.
- CVE-2023-25489MEDIUMCVSS 4.3EG 4.32023-10-04
Cross-Site Request Forgery (CSRF) vulnerability in Jeff Sherk Update Theme and Plugins from Zip File plugin <= 2.0.0 versions.
- CVE-2023-2549HIGHCVSS 8.8EG 8.82023-05-31
The Feather Login Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions starting from 1.0.7 up to, and including, 1.1.1. This is due to missing nonce validation in the 'createTempAccountLink' function. This make…
- CVE-2023-2552HIGHCVSS 8.8EG 8.82023-05-05
Cross-Site Request Forgery (CSRF) in GitHub repository unilogies/bumsys prior to 2.1.1.
- CVE-2023-25569MEDIUMCVSS 5.7EG 5.72023-02-20
Apollo is a configuration management system. Prior to version 2.1.0, a low-privileged user can create a special web page. If an authenticated portal admin visits this page, the page can silently send a request to assign new roles for that …
- CVE-2023-2563MEDIUMCVSS 4.3EG 4.32023-06-13
The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.7. This is due to missing or incorrect nonce validation on the function _accua_forms_form_edit_ac…
- CVE-2023-25697MEDIUMCVSS 5.4EG 5.42024-06-19
Cross-Site Request Forgery (CSRF) vulnerability in GamiPress.This issue affects GamiPress: from n/a through 2.5.6.
- CVE-2023-25698MEDIUMCVSS 5.4EG 5.42023-05-18
Cross-Site Request Forgery (CSRF) vulnerability in Studio Wombat Shoppable Images plugin <= 1.2.3 versions.
- CVE-2023-25706MEDIUMCVSS 5.4EG 5.42023-07-11
Cross-Site Request Forgery (CSRF) vulnerability in Pagup WordPress Robots.Txt optimization plugin <= 1.4.5 versions.
- CVE-2023-25707MEDIUMCVSS 6.3EG 6.32023-05-23
Cross-Site Request Forgery (CSRF) vulnerability in E4J s.R.L. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.12 versions.
- CVE-2023-25708MEDIUMCVSS 4.3EG 8.82023-03-15
Cross-Site Request Forgery (CSRF) vulnerability in Rextheme WP VR – 360 Panorama and Virtual Tour Builder For WordPress plugin <= 8.2.7 versions.
- CVE-2023-25709MEDIUMCVSS 5.4EG 8.82023-03-15
Cross-Site Request Forgery (CSRF) vulnerability in Plainware Locatoraid Store Locator plugin <= 3.9.11 versions.
- CVE-2023-25767HIGHCVSS 8.8EG 8.82023-02-15
A cross-site request forgery (CSRF) vulnerability in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers to connect to an attacker-specified web server.
- CVE-2023-25788MEDIUMCVSS 6.3EG 6.32023-10-04
Cross-Site Request Forgery (CSRF) vulnerability in Saphali Saphali Woocommerce Lite plugin <= 1.8.13 versions.
- CVE-2023-25832HIGHCVSS 8.8EG 6.82023-05-09
There is a cross-site-request forgery vulnerability in Esri Portal for ArcGIS Versions 11.0 and below that may allow an attacker to trick an authorized user into executing unwanted actions.
- CVE-2023-25967MEDIUMCVSS 4.3EG 4.32023-05-03
Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by PeepSo plugin <= 6.0.2.0 versions.
- CVE-2023-25968MEDIUMCVSS 4.3EG 8.82023-03-15
Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs, Madalin Ungureanu, Antohe Cristian Client Portal – Private user pages and login plugin <= 1.1.8 versions.
- CVE-2023-25971MEDIUMCVSS 4.3EG 4.32023-05-26
Cross-Site Request Forgery (CSRF) vulnerability in FixBD Educare plugin <= 1.4.1 versions.
- CVE-2023-25973MEDIUMCVSS 5.4EG 8.82023-03-13
Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto Affiliate Links plugin <= 6.3.0.2 versions.
- CVE-2023-25975MEDIUMCVSS 5.4EG 8.82023-11-09
Cross-Site Request Forgery (CSRF) vulnerability in Frédéric Sheedy Etsy Shop plugin <= 3.0.3 versions.
- CVE-2023-25976MEDIUMCVSS 4.3EG 4.32023-05-26
Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Contact Form 7 and Zoho CRM, Bigin plugin <= 1.2.2 versions.
- CVE-2023-25980MEDIUMCVSS 4.3EG 4.32023-10-04
Cross-Site Request Forgery (CSRF) vulnerability in CAGE Web Design | Rolf van Gelder Optimize Database after Deleting Revisions plugin <= 5.1 versions.
- CVE-2023-25985MEDIUMCVSS 4.3EG 4.32023-11-18
Cross-Site Request Forgery (CSRF) vulnerability in Tomas | Docs | FAQ | Premium Support WordPress Tooltips.This issue affects WordPress Tooltips: from n/a through 8.2.5.
- CVE-2023-25986MEDIUMCVSS 4.3EG 4.32023-11-22
Cross-Site Request Forgery (CSRF) vulnerability in WattIsIt PayGreen – Ancienne version plugin <= 4.10.2 versions.
- CVE-2023-25987MEDIUMCVSS 4.3EG 4.32023-11-22
Cross-Site Request Forgery (CSRF) vulnerability in Aleksandar Urošević My YouTube Channel plugin <= 3.23.3 versions.
- CVE-2023-25989MEDIUMCVSS 4.3EG 4.32023-10-03
Cross-Site Request Forgery (CSRF) vulnerability in Meks Video Importer, Meks Time Ago, Meks ThemeForest Smart Widget, Meks Smart Author Widget, Meks Audio Player, Meks Easy Maps, Meks Easy Photo Feed Widget, Meks Simple Flickr Widget, Meks…
- CVE-2023-2599LOWCVSS 3.1EG 3.12023-06-09
The Active Directory Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 4.1.4 due to missing nonce verific…
- CVE-2023-25991MEDIUMCVSS 5.4EG 8.82023-03-13
Cross-Site Request Forgery (CSRF) vulnerability in RegistrationMagic plugin <= 5.1.9.2 versions.
- CVE-2023-25994MEDIUMCVSS 5.4EG 8.82023-11-09
Cross-Site Request Forgery (CSRF) vulnerability in Alex Benfica Publish to Schedule plugin <= 4.4.2 versions.
- CVE-2023-2601CRITICALCVSS 9.8EG 9.82023-06-27
The wpbrutalai WordPress plugin before 2.0.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin via CSRF.
- CVE-2023-26011MEDIUMCVSS 4.3EG 4.32023-05-23
Cross-Site Request Forgery (CSRF) vulnerability in Tim Eckel Read More Excerpt Link plugin <= 1.6 versions.
- CVE-2023-26014MEDIUMCVSS 4.3EG 4.32023-05-23
Cross-Site Request Forgery (CSRF) vulnerability in Tim Eckel Minify HTML plugin <= 2.1.7 vulnerability.
- CVE-2023-2608LOWCVSS 3.1EG 3.12023-05-17
The Multiple Page Generator Plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 3.3.17 due to missing nonce verificatio…
- CVE-2023-26248MEDIUMCVSS 5.3EG 5.32024-10-25
The Kademlia DHT (go-libp2p-kad-dht 0.20.0 and earlier) used in IPFS (0.18.1 and earlier) assigns routing information for content (i.e., information about who holds the content) to be stored by peers whose peer IDs have a small DHT distanc…
- CVE-2023-2627MEDIUMCVSS 4.3EG 4.32023-06-27
The KiviCare WordPress plugin before 3.2.1 does not have proper CSRF and authorisation checks in various AJAX actions, allowing any authenticated users, such as subscriber to call them. Attacks include but are not limited to: Add arbitrary…
- CVE-2023-2628HIGHCVSS 8.8EG 8.82023-06-27
The KiviCare WordPress plugin before 3.2.1 does not have CSRF checks (either flawed or missing completely) in various AJAX actions, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. This include…
- CVE-2023-2631MEDIUMCVSS 4.3EG 4.32023-05-16
A missing permission check in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.
- CVE-2023-26514MEDIUMCVSS 5.4EG 5.42023-11-13
Cross-Site Request Forgery (CSRF) vulnerability in WPGrim Dynamic XML Sitemaps Generator for Google plugin <= 1.3.3 versions.
- CVE-2023-26516HIGHCVSS 8.8EG 8.82023-11-13
Cross-Site Request Forgery (CSRF) vulnerability in WPIndeed Debug Assistant plugin <= 1.4 versions.
- CVE-2023-26518MEDIUMCVSS 5.4EG 5.42023-11-13
Cross-Site Request Forgery (CSRF) vulnerability in AccessPress Themes WP TFeed plugin <= 1.6.9 versions.
- CVE-2023-26524MEDIUMCVSS 4.3EG 4.32023-11-13
Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin <= 8.0.10 versions.
- CVE-2023-26531MEDIUMCVSS 5.4EG 5.42023-11-13
Cross-Site Request Forgery (CSRF) vulnerability in 闪电博 多合一搜索自动推送管理插件-支持Baidu/Google/Bing/IndexNow/Yandex/头条 allows Cross Site Request Forgery.This issue affects 多合一搜索自动推送管理插��…
- CVE-2023-26532MEDIUMCVSS 5.4EG 5.42023-11-22
Cross-Site Request Forgery (CSRF) vulnerability in AccessPress Themes Social Auto Poster plugin <= 2.1.4 versions.
- CVE-2023-26535MEDIUMCVSS 5.4EG 5.42023-11-22
Cross-Site Request Forgery (CSRF) vulnerability in WPPOOL Sheets To WP Table Live Sync plugin <= 2.12.15 versions.
- CVE-2023-26542MEDIUMCVSS 5.4EG 5.42023-11-22
Cross-Site Request Forgery (CSRF) vulnerability in Exeebit phpinfo() WP plugin <= 4.0 versions.
- CVE-2023-26543MEDIUMCVSS 4.3EG 4.32023-11-13
Cross-Site Request Forgery (CSRF) vulnerability in Aleksandr Guidrevitch WP Meteor Website Speed Optimization Addon plugin <= 3.1.4 versions.
- CVE-2023-26839MEDIUMCVSS 4.3EG 4.32023-04-25
A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 allows attackers to edit information for existing people on the site.
Map vulnerabilities like CWE-352 to your infrastructure
EchelonGraph correlates every CVE — across CWE-352 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →