CWE-352: Cross-Site Request Forgery (CSRF)
The web application does not sufficiently verify that a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
Yearly Trend
Top Affected Vendors
All Cross-Site Request Forgery (CSRF) CVEs (2,489)
A Cross-Site Request Forgery (CSRF) vulnerability in the Dsingh Purge Varnish Cache WordPress plugin allows attackers to trick authenticated administr...
Sep 5, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the To Lead For Salesforce WordPress plugin allows attackers to trick authenticated administrator...
Sep 5, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the ATT YouTube Widget WordPress plugin allows attackers to inject malicious scripts that execute...
Aug 28, 2025This CSRF vulnerability in the Clickbank WordPress Plugin (Niche Storefront) allows attackers to trick authenticated administrators into performing un...
Aug 28, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Kento Splash Screen WordPress plugin allows attackers to inject malicious scripts that become...
Aug 28, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the shmish111 WP Admin Theme WordPress plugin allows attackers to perform stored cross-site scrip...
Aug 28, 2025This CSRF vulnerability in the WPMU Ldap Authentication WordPress plugin allows attackers to trick authenticated administrators into executing malicio...
Aug 28, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the cuckoohello Baidu Share Button WordPress plugin allows attackers to inject malicious scripts ...
Aug 28, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the OffClicks Invisible Optin WordPress plugin allows attackers to inject malicious scripts that ...
Aug 28, 2025This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in the Newsletter subscription optin module WordPress plugin that can lead to Sto...
Aug 28, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Gary Illyes Google XML News Sitemap WordPress plugin allows attackers to perform stored cross...
Aug 28, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Savyour Affiliate Partner WordPress plugin allows attackers to perform actions on behalf of a...
Aug 28, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Instant Breaking News plugin allows attackers to perform stored cross-site scriptin...
Aug 27, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the NetInsight Analytics Implementation Plugin for WordPress allows attackers to perform stored c...
Aug 14, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the tosend.it Simple Poll WordPress plugin allows attackers to inject malicious scripts that beco...
Aug 14, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Import CDN-Remote Images plugin allows attackers to trick authenticated administrat...
Jul 16, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Track Everything plugin allows attackers to perform unauthorized actions on behalf ...
Jun 27, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the WordPress re.place plugin allows attackers to perform unauthorized actions on behalf of authe...
Jun 27, 2025This CSRF vulnerability in the szajenw Społecznościowa 6 PL 2013 WordPress plugin allows attackers to trick authenticated users into performing unin...
Jun 27, 2025A Cross-Site Request Forgery (CSRF) vulnerability in AcmeeDesign WPShapere Lite WordPress plugin allows attackers to inject malicious scripts that exe...
Jun 27, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the HidePost WordPress plugin allows attackers to trick authenticated users into performing unint...
Jun 27, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Looks Awesome OnionBuzz WordPress plugin allows attackers to inject malicious scripts that ex...
Jun 27, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the WP Forum Server WordPress plugin allows attackers to inject malicious scripts via forged requ...
Jun 27, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the WordPress 'Image Slider With Description' plugin allows attackers to inject malicious scripts...
Jun 27, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Hossin Asaadi WP Permalink Translator WordPress plugin allows attackers to perform stored cro...
Jun 27, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Anton Bond Additional Order Filters for WooCommerce WordPress plugin allows attackers to perf...
Jun 27, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the devfelixmoira Knowledge Base Maker WordPress plugin allows attackers to perform stored cross-...
Jun 20, 2025This CSRF vulnerability in Esselink.nu Settings WordPress plugin allows attackers to trick authenticated administrators into performing unintended act...
Jun 20, 2025This CSRF vulnerability in the WP Front User Submit / Front Editor WordPress plugin allows attackers to trick authenticated administrators into perfor...
Jun 20, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Virtual Moderator WordPress plugin allows attackers to trick authenticated administrators int...
Jun 20, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Beee TinyNav WordPress plugin allows attackers to trick authenticated administrators into per...
Jun 20, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Change Cart button Colors WooCommerce WordPress plugin allows attackers to inject malicious s...
Jun 20, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Lewe ChordPress WordPress plugin allows attackers to perform unauthorized actions on behalf o...
Jun 20, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the uxper Civi Framework WordPress plugin allows attackers to trick authenticated users into perf...
Jun 10, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the BP Profile as Homepage WordPress plugin allows attackers to perform unauthorized actions on b...
Jun 6, 2025This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in the Widgetize Pages Light WordPress plugin that can lead to Stored Cross-Site ...
Jun 6, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Personal Favicon plugin allows attackers to perform stored cross-site scripting (XS...
Jun 6, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Free WP Mail SMTP WordPress plugin allows attackers to perform unauthorized actions on behalf...
Jun 6, 2025This CSRF vulnerability in the Mediabay WordPress plugin allows attackers to trick authenticated administrators into performing unintended actions, wh...
Jun 6, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the WordPress CheckBot plugin allows attackers to perform actions as authenticated users, leading...
May 19, 2025This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Best Posts Summary plugin that leads to Stored Cross-Site Script...
May 19, 2025This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in the AWcode Toolkit WordPress plugin that can lead to Stored Cross-Site Scripti...
May 19, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Affiliates Manager Google reCAPTCHA Integration WordPress plugin allows attackers to perform ...
May 19, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Import Export For WooCommerce WordPress plugin allows attackers to perform stored cross-site ...
May 16, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the ShayanWeb Admin FontChanger WordPress plugin allows attackers to inject malicious scripts via...
May 16, 2025A Cross-Site Request Forgery (CSRF) vulnerability in QuanticaLabs CSS3 Accordions for WordPress allows attackers to trick authenticated administrators...
May 16, 2025This vulnerability in the aBitGone CommentSafe WordPress plugin allows attackers to trick logged-in administrators into executing malicious actions wi...
May 15, 2025This vulnerability in the Marketing Twitter Bot WordPress plugin allows attackers to perform Cross-Site Request Forgery (CSRF) attacks that inject sto...
May 15, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Tobias WP2LEADS WordPress plugin allows attackers to perform stored cross-site scripting (XSS...
May 15, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Moloni Contribuinte Checkout WordPress plugin allows attackers to perform stored cross-site s...
May 7, 2025About Cross-Site Request Forgery (CSRF) (CWE-352)
The web application does not sufficiently verify that a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
Our database tracks 2,489 CVEs classified as CWE-352, with 67 rated critical and 1,407 rated high severity. The average CVSS score for Cross-Site Request Forgery (CSRF) vulnerabilities is 6.7.
External reference: View CWE-352 on MITRE CWE →
Monitor Cross-Site Request Forgery (CSRF) Vulnerabilities
Get alerted when new Cross-Site Request Forgery (CSRF) CVEs affect your infrastructure.
Start Monitoring Free