CWE-352: Cross-Site Request Forgery (CSRF)
The web application does not sufficiently verify that a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
Yearly Trend
Top Affected Vendors
All Cross-Site Request Forgery (CSRF) CVEs (2,496)
A Cross-Site Request Forgery (CSRF) vulnerability in the Import Export For WooCommerce WordPress plugin allows attackers to perform stored cross-site ...
May 16, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the ShayanWeb Admin FontChanger WordPress plugin allows attackers to inject malicious scripts via...
May 16, 2025A Cross-Site Request Forgery (CSRF) vulnerability in QuanticaLabs CSS3 Accordions for WordPress allows attackers to trick authenticated administrators...
May 16, 2025This vulnerability in the aBitGone CommentSafe WordPress plugin allows attackers to trick logged-in administrators into executing malicious actions wi...
May 15, 2025This vulnerability in the Marketing Twitter Bot WordPress plugin allows attackers to perform Cross-Site Request Forgery (CSRF) attacks that inject sto...
May 15, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Tobias WP2LEADS WordPress plugin allows attackers to perform stored cross-site scripting (XSS...
May 15, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Moloni Contribuinte Checkout WordPress plugin allows attackers to perform stored cross-site s...
May 7, 2025This CSRF vulnerability in the Supertext Translation and Proofreading WordPress plugin allows attackers to trick authenticated administrators into per...
May 7, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the axima Pays – WooCommerce Payment Gateway WordPress plugin allows attackers to perform store...
May 7, 2025This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in the Martins Free Monetized Ad Exchange Network WordPress plugin that can lead ...
May 7, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the AresIT WP Compress WordPress plugin allows attackers to trick authenticated administrators in...
May 7, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Accept Donations with PayPal WordPress plugin allows attackers to inject malicious scripts th...
May 7, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Steve Availability Calendar WordPress plugin allows attackers to inject malicious scripts tha...
Apr 24, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Hacklog Remote Attachment WordPress plugin allows attackers to perform unauthorized actions o...
Apr 24, 2025This vulnerability in the WordPress plugin 'Related Posts via Taxonomies' allows attackers to perform Cross-Site Request Forgery (CSRF) attacks that l...
Apr 24, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Billy Bryant Tabs WordPress plugin allows attackers to inject malicious scripts that become s...
Apr 24, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the WP Filter Post Category WordPress plugin allows attackers to perform stored cross-site script...
Apr 24, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Contact Form 7 Calendar WordPress plugin allows attackers to perform stored cross-site script...
Apr 24, 2025This CSRF vulnerability in the Shamim Hasan Custom Functions WordPress plugin allows attackers to trick authenticated administrators into executing ma...
Apr 24, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Milat jQuery Automatic Popup WordPress plugin allows attackers to perform stored cross-site s...
Apr 24, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Vasaio QR Code WordPress plugin allows attackers to perform stored cross-site scripting (XSS)...
Apr 24, 2025This CSRF vulnerability in the Lora77 WpZon Amazon Affiliate WordPress plugin allows attackers to trick authenticated administrators into executing ma...
Apr 24, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Advanced lazy load WordPress plugin allows attackers to inject malicious scripts that become ...
Apr 24, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Navegg Analytics WordPress plugin allows attackers to inject malicious scripts via stored XSS...
Apr 24, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Call Now PHT Blog WordPress plugin allows attackers to inject malicious scripts via stored XS...
Apr 24, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Print Science Designer WordPress plugin allows attackers to inject malicious scripts that bec...
Apr 24, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Olav Kolbu Google News WordPress plugin allows attackers to perform stored cross-site scripti...
Apr 24, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Wp Custom CMS Block WordPress plugin allows attackers to perform stored cross-site scripting ...
Apr 24, 2025This vulnerability allows attackers to perform Cross-Site Request Forgery (CSRF) attacks that lead to Stored Cross-Site Scripting (XSS) in the KiotVie...
Apr 24, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the VikRestaurants WordPress plugin allows attackers to trick authenticated administrators into p...
Apr 22, 2025This CSRF vulnerability in the IP2Location Variables WordPress plugin allows attackers to trick authenticated administrators into executing malicious ...
Apr 17, 2025This Cross-Site Request Forgery (CSRF) vulnerability in the Rajesh Broken Links Remover WordPress plugin allows attackers to perform stored cross-site...
Apr 17, 2025This CSRF vulnerability in the WordPress Review Wave - Google Places Reviews plugin allows attackers to trick authenticated administrators into perfor...
Apr 17, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Amazon Showcase WordPress plugin allows attackers to trick authenticated administrators into ...
Apr 17, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the beke_ro Bknewsticker WordPress plugin allows attackers to perform stored cross-site scripting...
Apr 17, 2025This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress My Marginalia plugin that leads to Stored Cross-Site Scripting (...
Apr 17, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the PResponsive WP Social Bookmarking WordPress plugin allows attackers to inject malicious scrip...
Apr 17, 2025This CSRF vulnerability in the Simple Maps WordPress plugin allows attackers to trick authenticated administrators into executing malicious actions, l...
Apr 17, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the WordPress spam-stopper plugin allows attackers to perform actions as authenticated users, lea...
Apr 17, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the WordPress 'translit it!' plugin allows attackers to perform stored cross-site scripting (XSS)...
Apr 17, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the ajayver RSS Manager WordPress plugin allows attackers to inject malicious scripts that become...
Apr 17, 2025This CSRF vulnerability in the WordPress Restrict User Registration plugin allows attackers to trick authenticated administrators into performing unin...
Apr 17, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Listings for Buildium WordPress plugin allows attackers to perform actions as authenticated u...
Apr 17, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the SOFTAGON WooCommerce Products without featured images WordPress plugin allows attackers to tr...
Apr 17, 2025A Cross-Site Request Forgery (CSRF) vulnerability in Toast Plugins Internal Link Optimiser WordPress plugin allows attackers to inject malicious scrip...
Apr 16, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the dsky Site Search 360 WordPress plugin allows attackers to inject malicious scripts that execu...
Apr 16, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the WordPress My auctions allegro plugin allows attackers to perform stored cross-site scripting ...
Apr 14, 2025A Cross-Site Request Forgery (CSRF) vulnerability in MERGADO Mergado Pack WordPress plugin allows attackers to perform stored cross-site scripting (XS...
Apr 9, 2025A Cross-Site Request Forgery (CSRF) vulnerability in FraudLabs Pro for WooCommerce allows attackers to perform actions on behalf of authenticated user...
Apr 9, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Nepali Date Utilities WordPress plugin allows attackers to perform actions as authenticated u...
Apr 9, 2025About Cross-Site Request Forgery (CSRF) (CWE-352)
The web application does not sufficiently verify that a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
Our database tracks 2,496 CVEs classified as CWE-352, with 67 rated critical and 1,414 rated high severity. The average CVSS score for Cross-Site Request Forgery (CSRF) vulnerabilities is 6.8.
External reference: View CWE-352 on MITRE CWE →
Monitor Cross-Site Request Forgery (CSRF) Vulnerabilities
Get alerted when new Cross-Site Request Forgery (CSRF) CVEs affect your infrastructure.
Start Monitoring Free