Login Sign Up

CWE-352: Cross-Site Request Forgery (CSRF)

The web application does not sufficiently verify that a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

2,484
Total CVEs
67
Critical
1,402
High
6.7
Avg CVSS

Yearly Trend

2026
123
2025
1,302
2024
529
2023
186
2022
95

Top Affected Vendors

1 Jenkins 55
2 Idccms 25
3 Ibm 25
4 Netgear 16
5 Dedecms 14
6 Cisco 12
7 Jfinalcms Project 10
8 Flycms Project 9
9 Oracle 8
10 Enalean 8

All Cross-Site Request Forgery (CSRF) CVEs (2,484)

CVE-2025-49343
7.1

A Cross-Site Request Forgery (CSRF) vulnerability in Socialprofilr Social Profilr WordPress plugin allows attackers to inject malicious scripts that e...

Dec 31, 2025
CVE-2025-49344
7.1

A Cross-Site Request Forgery (CSRF) vulnerability in the WordPress SensitiveTagCloud plugin allows attackers to inject malicious scripts that execute ...

Dec 31, 2025
CVE-2025-49345
7.1

A Cross-Site Request Forgery (CSRF) vulnerability in the WP-EasyArchives WordPress plugin allows attackers to inject malicious scripts that execute wh...

Dec 31, 2025
CVE-2025-59137
7.1

A Cross-Site Request Forgery (CSRF) vulnerability in the eLEOPARD Behance Portfolio Manager WordPress plugin allows attackers to inject malicious scri...

Dec 31, 2025
CVE-2025-49346
7.1

A Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Simple Archive Generator plugin allows attackers to trick authenticated administrat...

Dec 31, 2025
CVE-2025-59131
7.1

A Cross-Site Request Forgery (CSRF) vulnerability in the Hoernerfranz WP-CalDav2ICS WordPress plugin allows attackers to perform unauthorized actions ...

Dec 30, 2025
CVE-2025-1927
7.1

This CSRF vulnerability in Restajet Online Food Delivery System allows attackers to trick authenticated users into performing unintended actions on th...

Dec 19, 2025
CVE-2025-65203
7.1

KeePassXC-Browser versions through 1.9.9.2 automatically fill or prompt to fill stored credentials into documents rendered under browser-enforced CSP ...

Dec 17, 2025
CVE-2025-34429
7.1

This CSRF vulnerability in 1Panel allows attackers to change the web service port when authenticated users visit malicious pages. Affected users are t...

Dec 10, 2025
CVE-2025-34410
7.1

This CSRF vulnerability in 1Panel allows attackers to change authenticated users' usernames without consent via malicious webpages. When exploited, vi...

Dec 10, 2025
CVE-2025-67534
7.1

A Cross-Site Request Forgery (CSRF) vulnerability in the Jacques Malgrange Rencontre WordPress plugin allows attackers to perform stored cross-site sc...

Dec 9, 2025
CVE-2025-63030
7.1

This CSRF vulnerability in the WordPress New User Approve plugin allows attackers to trick administrators into performing unintended actions. Attacker...

Dec 9, 2025
CVE-2025-49341
7.1

This Cross-Site Request Forgery (CSRF) vulnerability in PDF Creator Lite WordPress plugin allows attackers to trick authenticated administrators into ...

Dec 9, 2025
CVE-2025-49347
7.1

This CSRF vulnerability in the WP sIFR WordPress plugin allows attackers to trick authenticated administrators into executing malicious actions, leadi...

Dec 9, 2025
CVE-2025-49351
7.1

This CSRF vulnerability in the WordPress Create Posts & Terms plugin allows attackers to trick authenticated administrators into performing unintended...

Dec 9, 2025
CVE-2025-60075
7.1

This vulnerability allows attackers to perform Cross-Site Request Forgery (CSRF) attacks that lead to Reflected Cross-Site Scripting (XSS) in the Alle...

Oct 29, 2025
CVE-2025-62986
7.1

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in the FanBridge WordPress plugin that allows attackers to inject malicious scrip...

Oct 27, 2025
CVE-2025-62005
7.1

This CSRF vulnerability in SUMO Memberships for WooCommerce allows attackers to trick authenticated administrators into performing unintended actions....

Oct 22, 2025
CVE-2025-60168
7.1

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in the HotelRunner Booking Widget WordPress plugin that allows attackers to injec...

Oct 22, 2025
CVE-2025-60171
7.1

This CSRF vulnerability in the Conditional Cart Messages for WooCommerce plugin allows attackers to trick authenticated administrators into performing...

Sep 26, 2025
CVE-2025-60173
7.1

A Cross-Site Request Forgery (CSRF) vulnerability in the Ashwani kumar GST for WooCommerce WordPress plugin allows attackers to perform stored cross-s...

Sep 26, 2025
CVE-2025-60164
7.1

A Cross-Site Request Forgery (CSRF) vulnerability in the NewsMAN NewsmanApp WordPress plugin allows attackers to perform stored cross-site scripting (...

Sep 26, 2025
CVE-2025-60169
7.1

A Cross-Site Request Forgery (CSRF) vulnerability in the W3SCloud Contact Form 7 to Zoho CRM WordPress plugin allows attackers to inject malicious scr...

Sep 26, 2025
CVE-2025-58956
7.1

A Cross-Site Request Forgery (CSRF) vulnerability in the WP Attractive Donations System WordPress plugin allows attackers to trick authenticated admin...

Sep 22, 2025
CVE-2025-58688
7.1

A Cross-Site Request Forgery (CSRF) vulnerability in the Casengo Live Chat Support WordPress plugin allows attackers to inject malicious scripts that ...

Sep 22, 2025
CVE-2025-58690
7.1

A Cross-Site Request Forgery (CSRF) vulnerability in the Doliconnect WordPress plugin allows attackers to perform unauthorized actions on behalf of au...

Sep 22, 2025
CVE-2025-58670
7.1

A Cross-Site Request Forgery (CSRF) vulnerability in the WP Content Protection WordPress plugin allows attackers to perform unauthorized actions on be...

Sep 22, 2025
CVE-2025-58676
7.1

A Cross-Site Request Forgery (CSRF) vulnerability in the extendyourweb HORIZONTAL SLIDER WordPress plugin allows attackers to inject malicious scripts...

Sep 22, 2025
CVE-2025-58657
7.1

A Cross-Site Request Forgery (CSRF) vulnerability in the EdwardBock Grid WordPress plugin allows attackers to perform stored cross-site scripting (XSS...

Sep 22, 2025
CVE-2025-58267
7.1

A Cross-Site Request Forgery (CSRF) vulnerability in the Aftabul Islam Stock Message WordPress plugin allows attackers to perform stored cross-site sc...

Sep 22, 2025
CVE-2025-58270
7.1

This CSRF vulnerability in NIX Anti-Spam Light WordPress plugin allows attackers to trick authenticated administrators into performing unintended acti...

Sep 22, 2025
CVE-2025-58259
7.1

A Cross-Site Request Forgery (CSRF) vulnerability in the Nokri WordPress theme allows attackers to trick authenticated users into performing unintende...

Sep 22, 2025
CVE-2025-58261
7.1

A Cross-Site Request Forgery (CSRF) vulnerability in PressPage Entertainment's Mavis HTTPS to HTTP Redirection WordPress plugin allows attackers to pe...

Sep 22, 2025
CVE-2025-57977
7.1

A Cross-Site Request Forgery (CSRF) vulnerability in the Flexible PDF Invoices for WooCommerce & WordPress plugin allows attackers to trick authentica...

Sep 22, 2025
CVE-2025-57918
7.1

A Cross-Site Request Forgery (CSRF) vulnerability in the ERA404 LinkedInclude WordPress plugin allows attackers to inject malicious scripts that execu...

Sep 22, 2025
CVE-2025-58991
7.1

A Cross-Site Request Forgery (CSRF) vulnerability in the WooCommerce Booking Bundle Hours WordPress plugin allows attackers to perform unauthorized ac...

Sep 9, 2025
CVE-2025-48104
7.1

A Cross-Site Request Forgery (CSRF) vulnerability in the Floating Window Music Player WordPress plugin allows attackers to inject malicious scripts th...

Sep 5, 2025
CVE-2025-58859
7.1

A Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Add to Feedly plugin allows attackers to trick authenticated administrators into pe...

Sep 5, 2025
CVE-2025-58861
7.1

A Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Quick Event Calendar plugin allows attackers to trick authenticated administrators ...

Sep 5, 2025
CVE-2025-58849
7.1

A Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Hide Real Download Path plugin allows attackers to perform stored cross-site script...

Sep 5, 2025
CVE-2025-58852
7.1

A Cross-Site Request Forgery (CSRF) vulnerability in the MSTW League Manager WordPress plugin allows attackers to trick authenticated administrators i...

Sep 5, 2025
CVE-2025-58854
7.1

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in the Ultimate AJAX Login WordPress plugin that can lead to Reflected Cross-Site...

Sep 5, 2025
CVE-2025-58845
7.1

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in the ChrisHurst Bulk Watermark WordPress plugin that can lead to Reflected Cros...

Sep 5, 2025
CVE-2025-58847
7.1

A Cross-Site Request Forgery (CSRF) vulnerability in the Yaidier WN Flipbox Pro WordPress plugin allows attackers to perform unauthorized actions on b...

Sep 5, 2025
CVE-2025-58843
7.1

A Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Auto Last Youtube Video plugin allows attackers to perform stored cross-site script...

Sep 5, 2025
CVE-2025-58807
7.1

A Cross-Site Request Forgery (CSRF) vulnerability in the Dsingh Purge Varnish Cache WordPress plugin allows attackers to trick authenticated administr...

Sep 5, 2025
CVE-2025-58809
7.1

A Cross-Site Request Forgery (CSRF) vulnerability in the To Lead For Salesforce WordPress plugin allows attackers to trick authenticated administrator...

Sep 5, 2025
CVE-2025-48359
7.1

A Cross-Site Request Forgery (CSRF) vulnerability in the ATT YouTube Widget WordPress plugin allows attackers to inject malicious scripts that execute...

Aug 28, 2025
CVE-2025-48353
7.1

This CSRF vulnerability in the Clickbank WordPress Plugin (Niche Storefront) allows attackers to trick authenticated administrators into performing un...

Aug 28, 2025
CVE-2025-48351
7.1

A Cross-Site Request Forgery (CSRF) vulnerability in the Kento Splash Screen WordPress plugin allows attackers to inject malicious scripts that become...

Aug 28, 2025

About Cross-Site Request Forgery (CSRF) (CWE-352)

The web application does not sufficiently verify that a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

Our database tracks 2,484 CVEs classified as CWE-352, with 67 rated critical and 1,402 rated high severity. The average CVSS score for Cross-Site Request Forgery (CSRF) vulnerabilities is 6.7.

External reference: View CWE-352 on MITRE CWE →

Monitor Cross-Site Request Forgery (CSRF) Vulnerabilities

Get alerted when new Cross-Site Request Forgery (CSRF) CVEs affect your infrastructure.

Start Monitoring Free