CWE-352: Cross-Site Request Forgery (CSRF)
The web application does not sufficiently verify that a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
Yearly Trend
Top Affected Vendors
All Cross-Site Request Forgery (CSRF) CVEs (2,505)
A Cross-Site Request Forgery (CSRF) vulnerability in Mozilla Web Push WordPress plugin allows attackers to inject malicious scripts via stored XSS. Th...
Jan 16, 2025This CSRF vulnerability in the Social Analytics WordPress plugin allows attackers to trick authenticated administrators into executing malicious actio...
Jan 16, 2025This CSRF vulnerability in the WordPress Call me Now plugin allows attackers to trick authenticated administrators into executing malicious actions, l...
Jan 16, 2025This vulnerability in the Mahdi Khaksar mybb Last Topics WordPress plugin allows attackers to perform Cross-Site Request Forgery (CSRF) attacks that l...
Jan 16, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Anonymize Links plugin allows attackers to perform stored cross-site scripting (XSS...
Jan 16, 2025This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in the Free MailClient FMC WordPress plugin that can lead to Stored Cross-Site Sc...
Jan 16, 2025This vulnerability in the DF Draggable WordPress plugin allows attackers to perform Cross-Site Request Forgery (CSRF) attacks that lead to Stored Cros...
Jan 16, 2025This CSRF vulnerability in the Flying Twitter Birds WordPress plugin allows attackers to trick authenticated administrators into performing actions th...
Jan 16, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Kapost WordPress plugin allows attackers to inject malicious scripts that become stored XSS. ...
Jan 16, 2025This vulnerability in the WordPress plugin 'Hack me if you can' allows attackers to perform Cross-Site Request Forgery (CSRF) attacks that lead to Sto...
Jan 16, 2025This CSRF vulnerability in the Book a Place WordPress plugin allows attackers to trick authenticated administrators into executing malicious actions, ...
Jan 16, 2025This CSRF vulnerability in the WordPress Send to Twitter plugin allows attackers to trick authenticated administrators into performing actions that in...
Jan 16, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Slider for Writers WordPress plugin allows attackers to perform stored cross-site scripting (...
Jan 16, 2025This CSRF vulnerability in the Secure CAPTCHA WordPress plugin allows attackers to trick authenticated administrators into executing actions that inje...
Jan 16, 2025This CSRF vulnerability in the Shabbos and Yom Tov WordPress plugin allows attackers to trick authenticated administrators into performing actions tha...
Jan 16, 2025This vulnerability in the WP Custom Google Search WordPress plugin allows attackers to perform Cross-Site Request Forgery (CSRF) attacks that lead to ...
Jan 16, 2025A Cross-Site Request Forgery (CSRF) vulnerability in Ryan Sutana NV Slider WordPress plugin allows attackers to perform stored cross-site scripting (X...
Jan 16, 2025This vulnerability in the Ryan Sutana WP Panoramio WordPress plugin allows attackers to perform Cross-Site Request Forgery (CSRF) attacks that lead to...
Jan 16, 2025This vulnerability in the Real Seguro Viagem WordPress plugin allows attackers to perform Cross-Site Request Forgery (CSRF) attacks that lead to Store...
Jan 16, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Rapid Sort RSV GMaps WordPress plugin allows attackers to perform stored cross-site scripting...
Jan 16, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Email on Publish plugin allows attackers to perform stored cross-site scripting (XS...
Jan 16, 2025This CSRF vulnerability in the Import Users to MailChimp WordPress plugin allows attackers to trick authenticated administrators into performing unint...
Jan 16, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the DSmidgy HTTP to HTTPS link changer WordPress plugin allows attackers to inject malicious scri...
Jan 16, 2025This CSRF vulnerability in the Auphonic Importer WordPress plugin allows attackers to trick authenticated administrators into executing malicious acti...
Jan 16, 2025This CSRF vulnerability in the VinΓcius Krolow Twitter Post WordPress plugin allows attackers to trick authenticated administrators into executing ma...
Jan 16, 2025This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in the Hernan Javier Hegykozi MercadoLibre Integration WordPress plugin that can ...
Jan 16, 2025This CSRF vulnerability in Walter Cerrudo MFPlugin WordPress plugin allows attackers to trick authenticated administrators into performing actions tha...
Jan 16, 2025This CSRF vulnerability in Floatbox Plus WordPress plugin allows attackers to trick authenticated administrators into executing malicious actions, lea...
Jan 16, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Andrea Brandi Twitter Shortcode WordPress plugin allows attackers to perform stored cross-sit...
Jan 16, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Comment-Emailer plugin allows attackers to perform stored cross-site scripting (XSS...
Jan 16, 2025This CSRF vulnerability in the MDC YouTube Downloader WordPress plugin allows attackers to trick authenticated administrators into performing unintend...
Jan 16, 2025This vulnerability in the WordPress Rename Author Slug plugin allows attackers to perform Cross-Site Request Forgery (CSRF) attacks that lead to Store...
Jan 16, 2025This CSRF vulnerability in the Intuitive Design GDReseller WordPress plugin allows attackers to trick authenticated administrators into executing mali...
Jan 16, 2025A CSRF vulnerability in the Kelvin Ng Shortcode in Comment WordPress plugin allows attackers to trick authenticated users into executing malicious act...
Jan 16, 2025This CSRF vulnerability in the UpDownUpDown WordPress plugin allows attackers to trick authenticated users into performing unintended actions, which c...
Jan 16, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the WP Background Tile WordPress plugin allows attackers to perform stored cross-site scripting (...
Jan 16, 2025This CSRF vulnerability in the Word Freshener WordPress plugin allows attackers to trick authenticated administrators into performing actions that inj...
Jan 16, 2025This CSRF vulnerability in the WordPress 'Add Custom Google Tag Manager' plugin allows attackers to trick authenticated administrators into executing ...
Jan 16, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin 'Find Your Reps' allows attackers to perform stored cross-site scripting (XS...
Jan 16, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the digfish Geotagged Media WordPress plugin allows attackers to perform actions as authenticated...
Jan 16, 2025This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in the MemeOne WordPress plugin that can lead to Stored Cross-Site Scripting (XSS...
Jan 16, 2025This vulnerability in the Web Testimonials WordPress plugin allows attackers to perform Cross-Site Request Forgery (CSRF) attacks that lead to Stored ...
Jan 16, 2025This vulnerability in the Syed Amir Hussain Custom Post WordPress plugin allows attackers to perform Cross-Site Request Forgery (CSRF) attacks that le...
Jan 16, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the WP-BlackCheck WordPress plugin allows attackers to perform actions as authenticated users, le...
Jan 16, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Joshua Wieczorek Bible Embed WordPress plugin allows attackers to perform stored cross-site s...
Jan 16, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Adrian Moreno WP Lyrics WordPress plugin allows attackers to perform stored cross-site script...
Jan 16, 2025This vulnerability in the Universal Analytics Injector WordPress plugin allows attackers to perform Cross-Site Request Forgery (CSRF) attacks that lea...
Jan 16, 2025This CSRF vulnerability in Albdesign Simple Project Manager WordPress plugin allows attackers to trick authenticated administrators into executing mal...
Jan 16, 2025This vulnerability in the Pascal Casier Board Election WordPress plugin allows attackers to perform Cross-Site Request Forgery (CSRF) attacks that lea...
Jan 16, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the SpruceJoy Cookie Consent & Autoblock for GDPR/CCPA WordPress plugin allows attackers to perfo...
Jan 16, 2025About Cross-Site Request Forgery (CSRF) (CWE-352)
The web application does not sufficiently verify that a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
Our database tracks 2,505 CVEs classified as CWE-352, with 68 rated critical and 1,422 rated high severity. The average CVSS score for Cross-Site Request Forgery (CSRF) vulnerabilities is 6.8.
External reference: View CWE-352 on MITRE CWE →
Monitor Cross-Site Request Forgery (CSRF) Vulnerabilities
Get alerted when new Cross-Site Request Forgery (CSRF) CVEs affect your infrastructure.
Start Monitoring Free