CWE-352: Cross-Site Request Forgery (CSRF)
The web application does not sufficiently verify that a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
Yearly Trend
Top Affected Vendors
All Cross-Site Request Forgery (CSRF) CVEs (2,505)
A Cross-Site Request Forgery (CSRF) vulnerability in Overt Software Solutions LTD's EZPZ SAML SP Single Sign On (SSO) WordPress plugin allows attacker...
Jan 31, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Post Meta plugin allows attackers to perform unauthorized actions on behalf of auth...
Jan 31, 2025This CSRF vulnerability in the WordPress Internal Link Builder plugin allows attackers to trick authenticated administrators into performing unintende...
Jan 31, 2025This CSRF vulnerability in the Scroll Styler WordPress plugin allows attackers to trick authenticated administrators into performing unintended action...
Jan 31, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Issuu Panel WordPress plugin allows attackers to perform actions as authenticated users, lead...
Jan 31, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Bhaskar Dhote Post Carousel Slider WordPress plugin allows attackers to perform stored cross-...
Jan 31, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Ninos Ego FlashCounter WordPress plugin allows attackers to perform stored cross-site scripti...
Jan 31, 2025This CSRF vulnerability in the WordPress Full Circle plugin allows attackers to trick authenticated administrators into performing unintended actions,...
Jan 31, 2025This vulnerability in the Dyn Business Panel WordPress plugin allows attackers to trick logged-in administrators into executing Cross-Site Scripting (...
Jan 27, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the mgplugin Roi Calculator WordPress plugin allows attackers to perform stored cross-site script...
Jan 24, 2025This CSRF vulnerability in MachForm Shortcode WordPress plugin allows attackers to trick authenticated administrators into executing malicious actions...
Jan 24, 2025This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in the Subscription DNA WordPress plugin that can lead to Stored Cross-Site Scrip...
Jan 24, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the ReviewsTap WordPress plugin allows attackers to perform stored cross-site scripting (XSS) att...
Jan 24, 2025This CSRF vulnerability in KBucket WordPress plugin allows attackers to trick authenticated administrators into executing malicious actions, leading t...
Jan 24, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Rocket Media Library Mime Type WordPress plugin allows attackers to perform unauthorized acti...
Jan 23, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the PQINA Snippy WordPress plugin allows attackers to perform Reflected Cross-Site Scripting (XSS...
Jan 22, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the ThemeFarmer Ultimate Subscribe WordPress plugin allows attackers to trick authenticated admin...
Jan 22, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the PPO Call To Actions WordPress plugin allows attackers to trick authenticated administrators i...
Jan 21, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Oliver Schaal GravatarLocalCache WordPress plugin allows attackers to trick authenticated adm...
Jan 16, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Error Notification plugin allows attackers to trick authenticated administrators in...
Jan 16, 2025A Cross-Site Request Forgery vulnerability in the Apply with LinkedIn buttons WordPress plugin allows attackers to perform stored cross-site scripting...
Jan 16, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Genkisan Genki Announcement WordPress plugin allows attackers to trick authenticated administ...
Jan 16, 2025This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Add RSS plugin that can lead to Stored Cross-Site Scripting (XSS...
Jan 16, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the amr personalise WordPress plugin allows attackers to trick authenticated administrators into ...
Jan 16, 2025This CSRF vulnerability in the Annie WordPress plugin allows attackers to trick authenticated users into performing unintended actions. It affects all...
Jan 16, 2025This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin 'Better Protected Pages' that can lead to Stored Cross-Si...
Jan 16, 2025This CSRF vulnerability in the WordPress Copyright Safeguard Footer Notice plugin allows attackers to trick authenticated administrators into performi...
Jan 16, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the LSD Google Maps Embedder WordPress plugin allows attackers to trick authenticated administrat...
Jan 16, 2025This Cross-Site Request Forgery (CSRF) vulnerability in the PayForm WordPress plugin allows attackers to trick authenticated administrators into perfo...
Jan 16, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the CJ Custom Content WordPress plugin allows attackers to perform stored cross-site scripting (X...
Jan 16, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Custom Widget Classes plugin allows attackers to trick authenticated administrators...
Jan 16, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Hotspots Analytics WordPress plugin allows attackers to perform stored cross-site scripting (...
Jan 16, 2025This CSRF vulnerability in the Debt Calculator WordPress plugin allows attackers to trick authenticated administrators into performing unintended acti...
Jan 16, 2025This CSRF vulnerability in the WordPress Admin Cleanup plugin allows attackers to trick authenticated administrators into performing unintended action...
Jan 16, 2025This CSRF vulnerability in the Nilesh Shiragave WordPress Gallery Plugin allows attackers to trick authenticated administrators into performing uninte...
Jan 16, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Category Custom Fields plugin allows attackers to trick authenticated administrator...
Jan 16, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the jprintf CNZZ&51LA for WordPress plugin allows attackers to trick authenticated administrators...
Jan 16, 2025This vulnerability in the Len Slider WordPress plugin allows attackers to perform Cross-Site Request Forgery (CSRF) attacks that lead to Reflected Cro...
Jan 16, 2025This CSRF vulnerability in the linickx root Cookie WordPress plugin allows attackers to trick authenticated administrators into performing unintended ...
Jan 16, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the MHR-Custom-Anti-Copy WordPress plugin allows attackers to perform stored cross-site scripting...
Jan 16, 2025This Cross-Site Request Forgery (CSRF) vulnerability in the WordPress More Link Modifier plugin allows attackers to trick authenticated administrators...
Jan 16, 2025This CSRF vulnerability in Content Security Policy Pro WordPress plugin allows attackers to trick authenticated administrators into performing uninten...
Jan 16, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Aleapp WP Cookies Alert WordPress plugin allows attackers to trick authenticated administrato...
Jan 16, 2025This vulnerability in the WordPress Custom List Table Example plugin allows attackers to perform Cross-Site Request Forgery (CSRF) attacks that lead t...
Jan 16, 2025This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Style Admin plugin that can lead to Stored Cross-Site Scripting ...
Jan 16, 2025This CSRF vulnerability in the WP Service Payment Form With Authorize.net WordPress plugin allows attackers to trick authenticated administrators into...
Jan 16, 2025This CSRF vulnerability in SEOReseller Partner WordPress plugin allows attackers to trick authenticated administrators into performing unintended acti...
Jan 16, 2025A Cross-Site Request Forgery (CSRF) vulnerability in Turcu Ciprian Auto FTP WordPress plugin allows attackers to perform stored cross-site scripting (...
Jan 16, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the RaymondDesign Post & Page Notes WordPress plugin allows attackers to perform stored cross-sit...
Jan 16, 2025This vulnerability allows attackers to perform Cross-Site Request Forgery (CSRF) attacks that lead to Stored Cross-Site Scripting (XSS) in the Theme M...
Jan 16, 2025About Cross-Site Request Forgery (CSRF) (CWE-352)
The web application does not sufficiently verify that a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
Our database tracks 2,505 CVEs classified as CWE-352, with 68 rated critical and 1,422 rated high severity. The average CVSS score for Cross-Site Request Forgery (CSRF) vulnerabilities is 6.8.
External reference: View CWE-352 on MITRE CWE →
Monitor Cross-Site Request Forgery (CSRF) Vulnerabilities
Get alerted when new Cross-Site Request Forgery (CSRF) CVEs affect your infrastructure.
Start Monitoring Free