CWE-352: Cross-Site Request Forgery (CSRF)
The web application does not sufficiently verify that a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
Yearly Trend
Top Affected Vendors
All Cross-Site Request Forgery (CSRF) CVEs (2,506)
A Cross-Site Request Forgery (CSRF) vulnerability in the SpruceJoy Cookie Consent & Autoblock for GDPR/CCPA WordPress plugin allows attackers to perfo...
Jan 16, 2025This CSRF vulnerability in the WordPress Extra Options β Favicons plugin allows attackers to trick authenticated administrators into executing malic...
Jan 16, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Zaantar WordPress Logging Service plugin allows attackers to perform actions as authenticated...
Jan 16, 2025This CSRF vulnerability in the WP VTiger Synchronization WordPress plugin allows attackers to trick authenticated administrators into executing malici...
Jan 16, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the EmailShroud WordPress plugin allows attackers to trick authenticated administrators into perf...
Jan 16, 2025This vulnerability in the WordPress MD Custom Content plugin allows attackers to perform Cross-Site Request Forgery (CSRF) attacks that lead to Stored...
Jan 16, 2025This CSRF vulnerability in the RSS News Scroller WordPress plugin allows attackers to trick authenticated administrators into executing malicious acti...
Jan 16, 2025This CSRF vulnerability in the WordPress Visit Site Link Enhanced plugin allows attackers to trick authenticated administrators into performing uninte...
Jan 16, 2025This vulnerability in the Andy Chapman ECT Add to Cart Button WordPress plugin allows attackers to perform Cross-Site Request Forgery (CSRF) attacks t...
Jan 16, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the WordPress my-related-posts plugin allows attackers to perform stored cross-site scripting (XS...
Jan 16, 2025This vulnerability in the Shockingly Big IE6 Warning WordPress plugin allows attackers to perform Cross-Site Request Forgery (CSRF) attacks that lead ...
Jan 16, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Scott Swezey Easy Tynt WordPress plugin allows attackers to trick authenticated administrator...
Jan 16, 2025This CSRF vulnerability in the Mass Custom Fields Manager WordPress plugin allows attackers to trick authenticated administrators into performing unin...
Jan 16, 2025This CSRF vulnerability in the Password Protect Plugin for WordPress allows attackers to trick authenticated administrators into executing malicious a...
Jan 16, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin Wp-Scribd-List allows attackers to inject malicious scripts via stored XSS. ...
Jan 16, 2025This CSRF vulnerability in the Marquee Style RSS News Ticker WordPress plugin allows attackers to trick authenticated administrators into performing u...
Jan 16, 2025This CSRF vulnerability in Wizcrew Technologies' go Social WordPress plugin allows attackers to trick authenticated administrators into performing act...
Jan 16, 2025This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in the web interface of Siemens SIMATIC S7-1200 and SIPLUS S7-1200 PLC CPUs. An u...
Jan 14, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Dylan James Zephyr Admin Theme WordPress plugin allows attackers to trick authenticated admin...
Jan 9, 2025This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Quote Tweet plugin that can lead to Stored Cross-Site Scripting ...
Jan 7, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Prayer Times Anywhere WordPress plugin allows attackers to inject malicious scripts that beco...
Jan 7, 2025This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in the Scott NellΓ© Uptime Robot WordPress plugin that can lead to Stored Cross-S...
Jan 7, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Instabot WordPress plugin allows attackers to trick authenticated administrators into perform...
Jan 7, 2025This CSRF vulnerability in TubePress.NET WordPress plugin allows attackers to trick authenticated administrators into performing unintended actions. I...
Jan 7, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Affiliate Disclosure Statement plugin allows attackers to trick authenticated admin...
Jan 7, 2025This CSRF vulnerability in the Smoothness Slider Shortcode WordPress plugin allows attackers to trick authenticated administrators into performing uni...
Jan 7, 2025This CSRF vulnerability in the Norse Rune Oracle WordPress plugin allows attackers to trick authenticated administrators into performing unintended ac...
Jan 7, 2025This CSRF vulnerability in WPMagic News Publisher Autopilot WordPress plugin allows attackers to trick authenticated administrators into performing un...
Jan 7, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Ofek Nakar Virtual Bot WordPress plugin allows attackers to inject malicious scripts via stor...
Jan 7, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Tock Tock Widget WordPress plugin allows attackers to trick authenticated administrators into...
Jan 7, 2025This vulnerability in the Elevio WordPress plugin allows attackers to perform Cross-Site Request Forgery (CSRF) attacks that lead to Stored Cross-Site...
Jan 7, 2025This CSRF vulnerability in WordPress Wizhi Multi Filters plugin allows attackers to trick authenticated administrators into performing actions that in...
Jan 7, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the WP Simple Sitemap WordPress plugin allows attackers to perform stored cross-site scripting (X...
Jan 7, 2025This CSRF vulnerability in the wpSOL WordPress plugin allows attackers to trick authenticated administrators into performing actions without their con...
Jan 7, 2025This CSRF vulnerability in Nik Chankov Autocompleter WordPress plugin allows attackers to trick authenticated administrators into executing malicious ...
Jan 7, 2025This vulnerability in the WordPress Stop Registration Spam plugin allows attackers to perform Cross-Site Request Forgery (CSRF) attacks that lead to S...
Dec 16, 2024This CSRF vulnerability in the John Godley Tidy Up WordPress plugin allows attackers to trick authenticated administrators into performing unintended ...
Dec 16, 2024This vulnerability in Simple Booking Widget allows attackers to perform Cross-Site Request Forgery (CSRF) attacks that lead to Stored Cross-Site Scrip...
Dec 16, 2024This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in the Thomas Hoefter Onlywire Multi Autosubmitter WordPress plugin that can lead...
Dec 16, 2024This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in the Amazon Product Price WordPress plugin that can lead to Stored Cross-Site S...
Dec 16, 2024A Cross-Site Request Forgery (CSRF) vulnerability in the Andy Fradelakis LeaderBoard WordPress plugin allows attackers to inject malicious scripts tha...
Dec 16, 2024This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress 'Add image to Post' plugin that leads to Stored Cross-Site Scrip...
Dec 16, 2024This vulnerability in the WordPress Admin Customization plugin allows attackers to perform Cross-Site Request Forgery (CSRF) attacks that lead to Stor...
Dec 16, 2024This CSRF vulnerability in the Aleksander Novikov Metrika WordPress plugin allows attackers to trick authenticated administrators into performing unin...
Dec 16, 2024This Cross-Site Request Forgery (CSRF) vulnerability in the WP-HideThat WordPress plugin allows attackers to trick authenticated administrators into p...
Dec 16, 2024This CSRF vulnerability in the WP Controller WordPress plugin allows attackers to trick authenticated administrators into performing actions that inje...
Dec 16, 2024A Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Display Future Posts plugin allows attackers to perform stored cross-site scripting...
Dec 16, 2024This CSRF vulnerability in the CK and SyntaxHighlighter WordPress plugin allows attackers to trick authenticated administrators into performing action...
Dec 16, 2024This vulnerability in the XPD Reduce Image Filesize WordPress plugin allows attackers to perform Cross-Site Request Forgery (CSRF) attacks that lead t...
Dec 16, 2024A Cross-Site Request Forgery (CSRF) vulnerability in the Andy Chapman ECT Social Share WordPress plugin allows attackers to inject malicious scripts t...
Dec 16, 2024About Cross-Site Request Forgery (CSRF) (CWE-352)
The web application does not sufficiently verify that a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
Our database tracks 2,506 CVEs classified as CWE-352, with 68 rated critical and 1,423 rated high severity. The average CVSS score for Cross-Site Request Forgery (CSRF) vulnerabilities is 6.8.
External reference: View CWE-352 on MITRE CWE →
Monitor Cross-Site Request Forgery (CSRF) Vulnerabilities
Get alerted when new Cross-Site Request Forgery (CSRF) CVEs affect your infrastructure.
Start Monitoring Free