CWE-352: Cross-Site Request Forgery (CSRF)
The web application does not sufficiently verify that a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
Yearly Trend
Top Affected Vendors
All Cross-Site Request Forgery (CSRF) CVEs (2,505)
This CSRF vulnerability in the ShowTime Slideshow WordPress plugin allows attackers to trick authenticated administrators into performing actions that...
Mar 28, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin 'The Visitor Counter' allows attackers to perform unauthorized actions as au...
Mar 28, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Microblog Poster plugin allows attackers to perform unauthorized actions as authent...
Mar 28, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Strategy11 Team Terms of Use WordPress plugin allows attackers to inject malicious scripts vi...
Mar 28, 2025This CSRF vulnerability in the KK I Like It WordPress plugin allows attackers to trick authenticated administrators into performing unintended actions...
Mar 28, 2025This CSRF vulnerability in the Cazamba WordPress plugin allows attackers to trick authenticated administrators into performing unintended actions, whi...
Mar 27, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Secret Meta plugin allows attackers to trick authenticated administrators into perf...
Mar 27, 2025This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Store Locator Widget plugin that can lead to Stored Cross-Site S...
Mar 27, 2025A Cross-Site Request Forgery (CSRF) vulnerability in PressMaximum Currency Switcher for WooCommerce allows attackers to perform actions as authenticat...
Mar 27, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the EZ SQL Reports Shortcode Widget and DB Backup WordPress plugin allows attackers to perform st...
Mar 27, 2025This CSRF vulnerability in the WIP WooCarousel Lite WordPress plugin allows attackers to trick authenticated administrators into executing malicious a...
Mar 27, 2025This CSRF vulnerability in WP Odoo Form Integrator WordPress plugin allows attackers to trick authenticated administrators into performing unintended ...
Mar 24, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the kornelly Translator WordPress plugin allows attackers to inject malicious scripts that become...
Mar 24, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Anthony WordPress SQL Backup plugin allows attackers to perform unauthorized actions on behal...
Mar 24, 2025This CSRF vulnerability in the WordPress Replace Default Words plugin allows attackers to trick authenticated administrators into performing unintende...
Mar 24, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the DEJAN CopyLink WordPress plugin allows attackers to perform stored cross-site scripting (XSS)...
Mar 24, 2025This CSRF vulnerability in the Map Contact WordPress plugin allows attackers to trick authenticated administrators into executing malicious actions, w...
Mar 24, 2025This CSRF vulnerability in the hotvanrod AdSense Privacy Policy WordPress plugin allows attackers to trick authenticated administrators into executing...
Mar 24, 2025This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in the ProRankTracker WordPress plugin that can lead to Stored Cross-Site Scripti...
Mar 24, 2025This CSRF vulnerability in the AlphaOmega Captcha & Anti-Spam Filter WordPress plugin allows attackers to trick authenticated administrators into exec...
Mar 24, 2025This CSRF vulnerability in the bbodine1 cTabs WordPress plugin allows attackers to trick authenticated administrators into performing actions that inj...
Mar 24, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the LH OGP Meta WordPress plugin allows attackers to perform stored cross-site scripting (XSS) at...
Mar 24, 2025This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in the Simple Rating WordPress plugin that can lead to Stored Cross-Site Scriptin...
Mar 24, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Browser Address Bar Color WordPress plugin allows attackers to perform stored cross-site scri...
Mar 24, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Custom Script Integration plugin allows attackers to inject malicious scripts via f...
Mar 24, 2025This CSRF vulnerability in the WordPress banner-manager plugin allows attackers to trick authenticated administrators into executing malicious actions...
Mar 24, 2025This CSRF vulnerability in the CAS Maestro WordPress plugin allows attackers to trick authenticated administrators into performing unintended actions,...
Mar 24, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the ANAC XML Render WordPress plugin allows attackers to perform actions as authenticated users, ...
Mar 24, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the WPShop.ru CallPhone'r WordPress plugin allows attackers to perform unauthorized actions as au...
Mar 24, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Admin Bar Improved plugin allows attackers to trick authenticated administrators in...
Mar 24, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the WordPres 同步微博 (wp2wb) WordPress plugin allows attackers to perform stored cross-site ...
Mar 24, 2025This CSRF vulnerability in Contact Form 7 Material Design WordPress plugin allows attackers to trick authenticated administrators into performing acti...
Mar 24, 2025A Cross-Site Request Forgery vulnerability in MLflow's signup feature allows attackers to create unauthorized accounts by tricking authenticated users...
Mar 20, 2025This vulnerability in the Limit Bio WordPress plugin allows attackers to trick logged-in administrators into executing Cross-Site Request Forgery (CSR...
Mar 13, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the DevriX Hashtags WordPress plugin allows attackers to perform stored cross-site scripting (XSS...
Mar 11, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Insert Code plugin allows attackers to trick authenticated administrators into exec...
Mar 11, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the MaxA/B WordPress plugin allows attackers to perform unauthorized actions as authenticated use...
Mar 11, 2025This CSRF vulnerability in the WordPress No Disposable Email plugin allows attackers to trick authenticated administrators into performing actions tha...
Mar 11, 2025This CSRF vulnerability in the WATI Chat and Notification WordPress plugin allows attackers to trick authenticated administrators into performing acti...
Mar 11, 2025This CSRF vulnerability in the WordPress Go To Top plugin allows attackers to trick authenticated administrators into executing malicious actions, lea...
Mar 11, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Steveorevo Domain Theme WordPress plugin allows attackers to perform stored cross-site script...
Mar 11, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the WordPress 'Members page only for logged in users' plugin allows attackers to perform stored c...
Mar 11, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Martin WP Compare Tables WordPress plugin allows attackers to perform stored cross-site scrip...
Mar 11, 2025This CSRF vulnerability in the Google News Editors Picks Feed Generator WordPress plugin allows attackers to trick authenticated administrators into e...
Mar 11, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the WP jQuery Persian Datepicker WordPress plugin allows attackers to perform stored cross-site s...
Mar 11, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Rankchecker.io Integration WordPress plugin allows attackers to perform unauthorized actions ...
Mar 11, 2025A Cross-Site Request Forgery (CSRF) vulnerability in Iqonic Design's WPBookit WordPress plugin allows attackers to perform stored cross-site scripting...
Mar 10, 2025Unauthenticated reflected cross-site scripting (XSS) vulnerability in Uniguest Tripleplay allows remote attackers to inject and execute arbitrary scri...
Mar 4, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the NotFound Curated Search WordPress plugin allows attackers to inject malicious scripts that be...
Mar 3, 2025This CSRF vulnerability in Tribulant Gallery Voting WordPress plugin allows attackers to trick authenticated administrators into executing malicious a...
Feb 25, 2025About Cross-Site Request Forgery (CSRF) (CWE-352)
The web application does not sufficiently verify that a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
Our database tracks 2,505 CVEs classified as CWE-352, with 68 rated critical and 1,422 rated high severity. The average CVSS score for Cross-Site Request Forgery (CSRF) vulnerabilities is 6.8.
External reference: View CWE-352 on MITRE CWE →
Monitor Cross-Site Request Forgery (CSRF) Vulnerabilities
Get alerted when new Cross-Site Request Forgery (CSRF) CVEs affect your infrastructure.
Start Monitoring Free