CWE-352: Cross-Site Request Forgery (CSRF)
The web application does not sufficiently verify that a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
Yearly Trend
Top Affected Vendors
All Cross-Site Request Forgery (CSRF) CVEs (2,505)
A Cross-Site Request Forgery (CSRF) vulnerability in the Listings for Buildium WordPress plugin allows attackers to perform actions as authenticated u...
Apr 17, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the SOFTAGON WooCommerce Products without featured images WordPress plugin allows attackers to tr...
Apr 17, 2025A Cross-Site Request Forgery (CSRF) vulnerability in Toast Plugins Internal Link Optimiser WordPress plugin allows attackers to inject malicious scrip...
Apr 16, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the dsky Site Search 360 WordPress plugin allows attackers to inject malicious scripts that execu...
Apr 16, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the WordPress My auctions allegro plugin allows attackers to perform stored cross-site scripting ...
Apr 14, 2025A Cross-Site Request Forgery (CSRF) vulnerability in MERGADO Mergado Pack WordPress plugin allows attackers to perform stored cross-site scripting (XS...
Apr 9, 2025A Cross-Site Request Forgery (CSRF) vulnerability in FraudLabs Pro for WooCommerce allows attackers to perform actions on behalf of authenticated user...
Apr 9, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Nepali Date Utilities WordPress plugin allows attackers to perform actions as authenticated u...
Apr 9, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the PlainInventory WordPress plugin allows attackers to perform stored cross-site scripting (XSS)...
Apr 9, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the IP2Location World Clock WordPress plugin allows attackers to trick authenticated administrato...
Apr 9, 2025This CSRF vulnerability in the Nimbata Call Tracking WordPress plugin allows attackers to trick authenticated administrators into executing malicious ...
Apr 9, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the KeyCAPTCHA WordPress plugin allows attackers to perform actions as authenticated users, leadi...
Apr 9, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Kevon Adonis WP Abstracts WordPress plugin allows attackers to trick authenticated users into...
Apr 9, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Foliopress WYSIWYG WordPress plugin allows attackers to trick authenticated administrators in...
Apr 9, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the WP Calais Auto Tagger WordPress plugin allows attackers to trick authenticated administrators...
Apr 9, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the WP w3all phpBB WordPress plugin allows attackers to trick authenticated administrators into p...
Apr 9, 2025A Cross-Site Request Forgery (CSRF) vulnerability in Sandor Kovacs Simple Post Meta Manager WordPress plugin allows attackers to perform unauthorized ...
Apr 9, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the lemmentwickler ePaper Lister for Yumpu WordPress plugin allows attackers to perform stored cr...
Apr 9, 2025A Cross-Site Request Forgery (CSRF) vulnerability in SCAND MultiMailer WordPress plugin allows attackers to perform stored cross-site scripting (XSS) ...
Apr 9, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the WordPress VKontakte Cross-Post plugin allows attackers to perform unauthorized actions on beh...
Apr 9, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Codescar Radio Widget WordPress plugin allows attackers to inject malicious scripts that exec...
Apr 9, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Mathieu Chartier WP-Planification WordPress plugin allows attackers to perform stored cross-s...
Apr 9, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Flags Widget WordPress plugin allows attackers to inject malicious scripts that execute when ...
Apr 9, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Nino Social Connect WordPress plugin allows attackers to inject malicious scripts that become...
Apr 9, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin 'MMX - Make Me Christmas' allows attackers to perform actions as authenticat...
Apr 9, 2025This CSRF vulnerability in the AF Tell a Friend WordPress plugin allows attackers to trick authenticated administrators into executing malicious actio...
Apr 9, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the WP-Easy Menu WordPress plugin allows attackers to perform stored cross-site scripting (XSS) a...
Apr 9, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Chandan Garg CG Scroll To Top WordPress plugin allows attackers to inject malicious scripts t...
Apr 9, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Site Table of Contents plugin allows attackers to perform stored cross-site scripti...
Apr 9, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the bdoga Social Crowd WordPress plugin allows attackers to perform stored cross-site scripting (...
Apr 9, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Smart Product Gallery Slider WordPress plugin allows attackers to trick authenticated adminis...
Apr 9, 2025This CSRF vulnerability in the Scheduled WordPress plugin allows attackers to trick authenticated administrators into executing malicious actions with...
Apr 9, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Language Field WordPress plugin allows attackers to perform stored cross-site scripting (XSS)...
Apr 9, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Pagopar WooCommerce Gateway WordPress plugin allows attackers to perform stored cross-site sc...
Apr 9, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the OTWthemes Sidebar Manager Light WordPress plugin allows attackers to trick authenticated admi...
Apr 4, 2025A Cross-Site Request Forgery (CSRF) vulnerability in Shamalli Web Directory Free WordPress plugin allows attackers to inject malicious scripts via for...
Apr 3, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the JSON Structuring Markup WordPress plugin allows attackers to perform stored cross-site script...
Apr 1, 2025This CSRF vulnerability in Infoway LLC's Ebook Downloader WordPress plugin allows attackers to trick authenticated administrators into performing unin...
Apr 1, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the richtexteditor Rich Text Editor WordPress plugin allows attackers to perform stored cross-sit...
Mar 31, 2025This CSRF vulnerability in the AB Google Map Travel WordPress plugin allows attackers to trick authenticated administrators into performing unintended...
Mar 31, 2025This CSRF vulnerability in the Varnish WordPress plugin allows attackers to trick authenticated administrators into performing unintended actions. It ...
Mar 31, 2025This CSRF vulnerability in the PostmarkApp Email Integrator WordPress plugin allows attackers to trick authenticated administrators into performing un...
Mar 31, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the WP Copy Media URL WordPress plugin allows attackers to perform stored cross-site scripting (X...
Mar 31, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Leadfox for WordPress plugin allows attackers to trick authenticated administrators into perf...
Mar 31, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Rio Video Gallery WordPress plugin allows attackers to perform stored cross-site scripting (X...
Mar 31, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Related Posts with Thumbnails plugin allows attackers to perform stored cross-site ...
Mar 31, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the wp-buy Related Posts Widget with Thumbnails WordPress plugin allows attackers to perform stor...
Mar 31, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Video Embedder WordPress plugin allows attackers to perform stored cross-site scripting (XSS)...
Mar 28, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Login Alert plugin allows attackers to perform stored cross-site scripting (XSS) at...
Mar 28, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the OmniLeads Scripts and Tags Manager WordPress plugin allows attackers to inject malicious scri...
Mar 28, 2025About Cross-Site Request Forgery (CSRF) (CWE-352)
The web application does not sufficiently verify that a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
Our database tracks 2,505 CVEs classified as CWE-352, with 68 rated critical and 1,422 rated high severity. The average CVSS score for Cross-Site Request Forgery (CSRF) vulnerabilities is 6.8.
External reference: View CWE-352 on MITRE CWE →
Monitor Cross-Site Request Forgery (CSRF) Vulnerabilities
Get alerted when new Cross-Site Request Forgery (CSRF) CVEs affect your infrastructure.
Start Monitoring Free