CWE-352: Cross-Site Request Forgery (CSRF)
The web application does not sufficiently verify that a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
Yearly Trend
Top Affected Vendors
All Cross-Site Request Forgery (CSRF) CVEs (2,505)
This CSRF vulnerability in the Woocommerce - Loi Hamon WordPress plugin allows attackers to trick authenticated administrators into performing uninten...
Feb 24, 2025This CSRF vulnerability in the Smart Maintenance & Countdown WordPress plugin allows attackers to trick authenticated administrators into executing ma...
Feb 24, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Blighty Blightly Explorer WordPress plugin allows attackers to perform stored cross-site scri...
Feb 24, 2025This CSRF vulnerability in the WordPress 'Add Linked Images To Gallery' plugin allows attackers to trick authenticated administrators into performing ...
Feb 24, 2025This vulnerability in the what3words Address Field WordPress plugin allows attackers to perform Cross-Site Request Forgery (CSRF) attacks that lead to...
Feb 16, 2025This CSRF vulnerability in the Content Snippet Manager WordPress plugin allows attackers to trick authenticated administrators into executing maliciou...
Feb 16, 2025This CSRF vulnerability in the WP Coder WordPress plugin allows attackers to trick authenticated administrators into executing malicious actions, lead...
Feb 14, 2025This CSRF vulnerability in the Disqus Popular Posts WordPress plugin allows attackers to trick authenticated administrators into performing actions th...
Feb 14, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Page/Post Specific Social Share Buttons plugin allows attackers to inject malicious...
Feb 13, 2025This vulnerability allows attackers to perform Cross-Site Request Forgery (CSRF) attacks that lead to Stored Cross-Site Scripting (XSS) in the TinyMCE...
Feb 13, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Post Thumbs plugin allows attackers to perform unauthorized actions as authenticate...
Feb 13, 2025This CSRF vulnerability in the Glance That WordPress plugin allows attackers to trick authenticated administrators into performing unintended actions....
Feb 13, 2025Cross-Site Request Forgery (CSRF) vulnerability in wibiya Wibiya Toolbar WordPress plugin allows attackers to trick authenticated administrators into ...
Feb 13, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the WP PHPList WordPress plugin allows attackers to trick authenticated administrators into perfo...
Feb 13, 2025This CSRF vulnerability in the DX-auto-publish WordPress plugin allows attackers to trick authenticated administrators into executing malicious action...
Feb 13, 2025This CSRF vulnerability in the Simple Documentation WordPress plugin allows attackers to trick authenticated administrators into performing actions wi...
Feb 13, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Shambhu Patnaik RSS Filter WordPress plugin allows attackers to perform stored cross-site scr...
Feb 13, 2025This CSRF vulnerability in the Easy Amazon Product Information WordPress plugin allows attackers to trick authenticated administrators into executing ...
Feb 13, 2025This CSRF vulnerability in the WordPress plugin 'Related Posts Line-up-Exactly by Milliard' allows attackers to trick authenticated administrators int...
Feb 13, 2025This CSRF vulnerability in the My Login Logout WordPress plugin allows attackers to trick authenticated administrators into performing actions without...
Feb 13, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the WP Html Page Sitemap WordPress plugin allows attackers to perform stored cross-site scripting...
Feb 13, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Global Meta Keyword & Description plugin allows attackers to perform stored cross-s...
Feb 13, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Simple Responsive Menu WordPress plugin allows attackers to perform stored cross-site scripti...
Feb 13, 2025This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in the InLocation WordPress plugin that allows attackers to inject malicious scri...
Feb 7, 2025A CSRF vulnerability in the BookPress WordPress plugin allows attackers to trick authenticated administrators into executing malicious actions, which ...
Feb 7, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Custom Comment Notifications plugin allows attackers to trick authenticated adminis...
Feb 7, 2025This CSRF vulnerability in the WordPress Quote Comments plugin allows attackers to trick authenticated administrators into executing malicious actions...
Feb 7, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Style Tweaker plugin allows attackers to perform stored cross-site scripting (XSS) ...
Feb 7, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Phillip.Gooch Auto SEO WordPress plugin allows attackers to perform stored cross-site scripti...
Feb 7, 2025This CSRF vulnerability in the WordPress Read More Copy Link plugin allows attackers to trick authenticated administrators into performing actions tha...
Feb 7, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Danillo Nunes Login-box WordPress plugin allows attackers to inject malicious scripts that be...
Feb 7, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Smart DoFollow WordPress plugin allows attackers to perform actions as authenticated users, l...
Feb 7, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Simple Auto Tag WordPress plugin allows attackers to perform stored cross-site scripting (XSS...
Feb 7, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Simple User Profile plugin allows attackers to perform stored cross-site scripting ...
Feb 7, 2025This CSRF vulnerability in the Facilita Form Tracker WordPress plugin allows attackers to trick authenticated administrators into performing actions w...
Feb 7, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin 'Custom Links On Admin Dashboard Toolbar' allows attackers to trick authenti...
Feb 7, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the WordPress On Page SEO + Whatsapp Chat Button plugin allows attackers to inject malicious scri...
Feb 7, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the WP Custom Post RSS Feed WordPress plugin allows attackers to perform stored cross-site script...
Feb 7, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the xdark Easy Related Posts WordPress plugin allows attackers to perform stored cross-site scrip...
Feb 7, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the CyrilG Fyrebox Quizzes WordPress plugin allows attackers to perform stored cross-site scripti...
Feb 7, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the zmseo ZMSEO WordPress plugin allows attackers to perform stored cross-site scripting (XSS) at...
Feb 7, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the mraliende URL-Preview-Box WordPress plugin allows attackers to trick authenticated administra...
Feb 7, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the WP Keyword Monitor WordPress plugin allows attackers to perform stored cross-site scripting (...
Feb 7, 2025This CSRF vulnerability in the WP Admin Custom Page WordPress plugin allows attackers to trick authenticated administrators into executing malicious a...
Feb 7, 2025This CSRF vulnerability in WP Social Stream WordPress plugin allows attackers to trick authenticated administrators into performing actions that injec...
Feb 7, 2025This vulnerability in the WordPress 'Show notice or message on admin area' plugin allows attackers to perform Cross-Site Request Forgery (CSRF) attack...
Feb 7, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Vignette Ads plugin allows attackers to perform stored cross-site scripting (XSS) a...
Feb 7, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Forge – Front-End Page Builder WordPress plugin allows attackers to perform stored cross-si...
Feb 3, 2025This CSRF vulnerability in the Unlimited Page Sidebars WordPress plugin allows attackers to trick authenticated administrators into executing maliciou...
Feb 3, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Tags to Keywords plugin allows attackers to inject malicious scripts via stored XSS...
Feb 3, 2025About Cross-Site Request Forgery (CSRF) (CWE-352)
The web application does not sufficiently verify that a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
Our database tracks 2,505 CVEs classified as CWE-352, with 68 rated critical and 1,422 rated high severity. The average CVSS score for Cross-Site Request Forgery (CSRF) vulnerabilities is 6.8.
External reference: View CWE-352 on MITRE CWE →
Monitor Cross-Site Request Forgery (CSRF) Vulnerabilities
Get alerted when new Cross-Site Request Forgery (CSRF) CVEs affect your infrastructure.
Start Monitoring Free