CWE-352— Cross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.— MITRE CWE catalog
8,849 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-352page 95 of 177
- CVE-2023-44478HIGHCVSS 7.1EG 7.12024-05-17
Cross-Site Request Forgery (CSRF) vulnerability in WP Hive Events Rich Snippets for Google allows Exploitation of Trusted Credentials.This issue affects Events Rich Snippets for Google: from n/a through 1.8.
- CVE-2023-4454MEDIUMCVSS 5.7EG 5.72023-08-21
Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.6.3.
- CVE-2023-4455MEDIUMCVSS 6.5EG 6.52023-08-21
Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.6.3.
- CVE-2023-44811HIGHCVSS 8.8EG 8.82023-10-09
Cross Site Request Forgery (CSRF) vulnerability in MooSocial v.3.1.8 allows a remote attacker to execute arbitrary code and obtain sensitive information via the admin Password Change Function.
- CVE-2023-44993HIGHCVSS 8.8EG 4.32023-10-09
Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud AI ChatBot plugin <= 4.7.8 versions.
- CVE-2023-44994HIGHCVSS 8.8EG 4.32023-10-10
Cross-Site Request Forgery (CSRF) vulnerability in Bainternet ShortCodes UI plugin <= 1.9.8 versions.
- CVE-2023-44995HIGHCVSS 8.8EG 5.42023-10-10
Cross-Site Request Forgery (CSRF) vulnerability in WP Doctor WooCommerce Login Redirect plugin <= 2.2.4 versions.
- CVE-2023-44996HIGHCVSS 8.8EG 5.42023-10-10
Cross-Site Request Forgery (CSRF) vulnerability in Naresh Parmar Post View Count plugin <= 1.8.2 versions.
- CVE-2023-44997HIGHCVSS 8.8EG 5.42023-10-11
Cross-Site Request Forgery (CSRF) vulnerability in Nitin Rathod WP Forms Puzzle Captcha plugin <= 4.1 versions.
- CVE-2023-44998HIGHCVSS 8.8EG 4.32023-10-12
Cross-Site Request Forgery (CSRF) vulnerability in josecoelho, Randy Hoyt, steveclarkcouk, Vitaliy Kukin, Eric Le Bail, Tom Ransom Category Meta plugin plugin <= 1.2.8 versions.
- CVE-2023-44999MEDIUMCVSS 5.4EG 5.42024-03-27
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Stripe Payment Gateway.This issue affects WooCommerce Stripe Payment Gateway: from n/a through 7.6.0.
- CVE-2023-45011HIGHCVSS 8.8EG 4.32023-10-12
Cross-Site Request Forgery (CSRF) vulnerability in Igor Buyanov WP Power Stats plugin <= 2.2.3 versions.
- CVE-2023-45047HIGHCVSS 8.8EG 7.12023-10-12
Cross-Site Request Forgery (CSRF) vulnerability in LeadSquared, Inc LeadSquared Suite plugin <= 0.7.4 versions.
- CVE-2023-45048HIGHCVSS 8.8EG 5.42023-10-12
Cross-Site Request Forgery (CSRF) vulnerability in Repuso Social proof testimonials and reviews by Repuso plugin <= 5.00 versions.
- CVE-2023-45052HIGHCVSS 8.8EG 4.32023-10-12
Cross-Site Request Forgery (CSRF) vulnerability in dan009 WP Bing Map Pro plugin < 5.0 versions.
- CVE-2023-45058HIGHCVSS 8.8EG 4.32023-10-12
Cross-Site Request Forgery (CSRF) vulnerability in KaizenCoders Short URL plugin <= 1.6.8 versions.
- CVE-2023-45060HIGHCVSS 8.8EG 5.42023-10-12
Cross-Site Request Forgery (CSRF) vulnerability in Fla-shop.Com Interactive World Map plugin <= 3.2.0 versions.
- CVE-2023-45063HIGHCVSS 8.8EG 4.32023-10-12
Cross-Site Request Forgery (CSRF) vulnerability in ReCorp AI Content Writing Assistant (Content Writer, GPT 3 & 4, ChatGPT, Image Generator) All in One plugin <= 1.1.5 versions.
- CVE-2023-45068HIGHCVSS 8.8EG 5.42023-10-12
Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Contact Form by Supsystic plugin <= 1.7.27 versions.
- CVE-2023-45102HIGHCVSS 8.8EG 5.42023-10-12
Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes Blog Manager Light plugin <= 1.20 versions.
- CVE-2023-45103HIGHCVSS 8.8EG 4.32023-10-12
Cross-Site Request Forgery (CSRF) vulnerability in YAS Global Team Permalinks Customizer plugin <= 2.8.2 versions.
- CVE-2023-45106HIGHCVSS 8.8EG 4.32023-10-12
Cross-Site Request Forgery (CSRF) vulnerability in Fedor Urvanov, Aram Kocharyan Urvanov Syntax Highlighter plugin <= 2.8.33 versions.
- CVE-2023-45107HIGHCVSS 8.8EG 4.32023-10-13
Cross-Site Request Forgery (CSRF) vulnerability in GoodBarber plugin <= 1.0.22 versions.
- CVE-2023-45108HIGHCVSS 8.8EG 4.32023-10-13
Cross-Site Request Forgery (CSRF) vulnerability in Mailrelay plugin <= 2.1.1 versions.
- CVE-2023-45109HIGHCVSS 8.8EG 5.42023-10-13
Cross-Site Request Forgery (CSRF) vulnerability in ZAKSTAN WhitePage plugin <= 1.1.5 versions.
- CVE-2023-45128HIGHCVSS 8.8EG 10.02023-10-16
Fiber is an express inspired web framework written in Go. A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the application, which allows an attacker to inject arbitrary values and forge malicious requests on behalf …
- CVE-2023-45141HIGHCVSS 8.8EG 8.62023-10-16
Fiber is an express inspired web framework written in Go. A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the application, which allows an attacker to obtain tokens and forge malicious requests on behalf of a user.…
- CVE-2023-45267HIGHCVSS 8.8EG 4.32023-10-13
Cross-Site Request Forgery (CSRF) vulnerability in Zizou1988 IRivYou plugin <= 2.2.1 versions.
- CVE-2023-45268HIGHCVSS 8.8EG 4.32023-10-13
Cross-Site Request Forgery (CSRF) vulnerability in Hitsteps Hitsteps Web Analytics plugin <= 5.86 versions.
- CVE-2023-45269MEDIUMCVSS 5.4EG 5.42023-10-13
Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple SEO plugin <= 2.0.25 versions.
- CVE-2023-45270HIGHCVSS 8.8EG 4.32023-10-13
Cross-Site Request Forgery (CSRF) vulnerability in PINPOINT.WORLD Pinpoint Booking System plugin <= 2.9.9.4.0 versions.
- CVE-2023-45273HIGHCVSS 8.8EG 4.32023-10-16
Cross-Site Request Forgery (CSRF) vulnerability in Matt McKenny Stout Google Calendar plugin <= 1.2.3 versions.
- CVE-2023-45274HIGHCVSS 8.8EG 4.32023-10-16
Cross-Site Request Forgery (CSRF) vulnerability in SendPulse SendPulse Free Web Push plugin <= 1.3.1 versions.
- CVE-2023-45276HIGHCVSS 8.8EG 5.42023-10-13
Cross-Site Request Forgery (CSRF) vulnerability in automatededitor.Com Automated Editor plugin <= 1.3 versions.
- CVE-2023-45316HIGHCVSS 8.8EG 7.32023-12-12
Mattermost fails to validate if a relative path is passed in /plugins/playbooks/api/v0/telemetry/run/<telem_run_id> as a telemetry run ID, allowing an attacker to use a path traversal payload that points to a different endpoint leading to …
- CVE-2023-45317HIGHCVSS 8.8EG 8.82023-10-26
The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a log…
- CVE-2023-45374MEDIUMCVSS 5.3EG 5.32023-10-09
An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It does not check for the anti-CSRF edit token in Special:SportsTeamsManager and Special:Upda…
- CVE-2023-45605HIGHCVSS 8.8EG 4.32023-10-16
Cross-Site Request Forgery (CSRF) vulnerability in Christopher Finke Feed Statistics plugin <= 4.1 versions.
- CVE-2023-45606HIGHCVSS 8.8EG 4.32023-10-16
Cross-Site Request Forgery (CSRF) vulnerability in Lasso Simple URLs plugin <= 120 versions.
- CVE-2023-45629HIGHCVSS 8.8EG 5.42023-10-16
Cross-Site Request Forgery (CSRF) vulnerability in wpdevart Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.3 versions.
- CVE-2023-45638HIGHCVSS 8.8EG 6.52023-10-16
Cross-Site Request Forgery (CSRF) vulnerability in euPago Eupago Gateway For Woocommerce plugin <= 3.1.9 versions.
- CVE-2023-45639HIGHCVSS 8.8EG 4.32023-10-16
Cross-Site Request Forgery (CSRF) vulnerability in Codex-m Sort SearchResult By Title plugin <= 10.0 versions.
- CVE-2023-45641HIGHCVSS 8.8EG 5.42023-10-16
Cross-Site Request Forgery (CSRF) vulnerability in Caret Inc. Caret Country Access Limit plugin <= 1.0.2 versions.
- CVE-2023-45642HIGHCVSS 8.8EG 5.42023-10-16
Cross-Site Request Forgery (CSRF) vulnerability in Hassan Ali Snap Pixel plugin <= 1.5.7 versions.
- CVE-2023-45643HIGHCVSS 8.8EG 4.32023-10-16
Cross-Site Request Forgery (CSRF) vulnerability in Anurag Deshmukh CPT Shortcode Generator plugin <= 1.0 versions.
- CVE-2023-45645HIGHCVSS 8.8EG 5.42023-10-16
Cross-Site Request Forgery (CSRF) vulnerability in InfoD74 WP Open Street Map plugin <= 1.25 versions.
- CVE-2023-45647HIGHCVSS 8.8EG 5.42023-10-16
Cross-Site Request Forgery (CSRF) vulnerability in MailMunch Constant Contact Forms by MailMunch plugin <= 2.0.10 versions.
- CVE-2023-45650HIGHCVSS 8.8EG 4.32023-10-16
Cross-Site Request Forgery (CSRF) vulnerability in Fla-shop.Com HTML5 Maps plugin <= 1.7.1.4 versions.
- CVE-2023-45651HIGHCVSS 8.8EG 4.32023-10-16
Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi WP Attachments allows Cross Site Request Forgery.This issue affects WP Attachments: from n/a through 5.0.11.
- CVE-2023-45653HIGHCVSS 8.8EG 4.32023-10-16
Cross-Site Request Forgery (CSRF) vulnerability in Galaxy Weblinks Video Playlist For YouTube plugin <= 6.0 versions.
Map vulnerabilities like CWE-352 to your infrastructure
EchelonGraph correlates every CVE — across CWE-352 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →