CWE-352: Cross-Site Request Forgery (CSRF)
The web application does not sufficiently verify that a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
Yearly Trend
Top Affected Vendors
All Cross-Site Request Forgery (CSRF) CVEs (2,506)
This vulnerability in the CRUDLab Google Plus Button WordPress plugin allows attackers to perform Cross-Site Request Forgery (CSRF) attacks that lead ...
Dec 16, 2024A Cross-Site Request Forgery (CSRF) vulnerability in Turcu Ciprian's Advanced Fancybox WordPress plugin allows attackers to perform stored cross-site ...
Dec 16, 2024This vulnerability in the WP Fiddle WordPress plugin allows attackers to perform Cross-Site Request Forgery (CSRF) attacks that lead to Stored Cross-S...
Dec 16, 2024This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in the Go Animate WordPress plugin that can lead to Stored Cross-Site Scripting (...
Dec 16, 2024This CSRF vulnerability in the WordPress addWeather plugin allows attackers to trick authenticated administrators into performing unintended actions, ...
Dec 16, 2024A Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Filter plugin allows attackers to perform stored cross-site scripting (XSS) attacks...
Dec 16, 2024This vulnerability in the WPFactory WP Currency Exchange Rates WordPress plugin allows attackers to perform Cross-Site Request Forgery (CSRF) attacks ...
Dec 16, 2024This CSRF vulnerability in the WPGear Hack-Info WordPress plugin allows attackers to trick authenticated administrators into performing actions that i...
Dec 16, 2024A Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Fancy Roller Scroller plugin allows attackers to perform stored cross-site scriptin...
Dec 13, 2024A Cross-Site Request Forgery (CSRF) vulnerability in the DevriX DX Dark Site WordPress plugin allows attackers to perform stored cross-site scripting ...
Dec 13, 2024A Cross-Site Request Forgery (CSRF) vulnerability in the Paloma Widget WordPress plugin allows attackers to trick authenticated administrators into pe...
Dec 6, 2024A Cross-Site Request Forgery (CSRF) vulnerability in the CMSaccount Photo Video Store WordPress plugin allows attackers to trick authenticated adminis...
Dec 2, 2024This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin 'Advanced What Should We Write Next About' that can lead ...
Dec 2, 2024This vulnerability in the RingCentral Communications WordPress plugin allows attackers to perform Cross-Site Request Forgery (CSRF) attacks that lead ...
Dec 2, 2024This CSRF vulnerability in the Donate Me WordPress plugin allows attackers to trick authenticated administrators into performing actions that inject m...
Dec 2, 2024This CSRF vulnerability in the Simple Header and Footer WordPress plugin allows attackers to trick authenticated administrators into executing malicio...
Dec 2, 2024This vulnerability in the Yahoo! WebPlayer WordPress plugin allows attackers to perform Cross-Site Request Forgery (CSRF) attacks that lead to Stored ...
Dec 2, 2024A Cross-Site Request Forgery (CSRF) vulnerability in the Rajeev Chauhan Load More Posts WordPress plugin allows attackers to perform stored cross-site...
Dec 2, 2024This vulnerability in Home Junction SpatialMatch IDX WordPress plugin allows attackers to perform Cross-Site Request Forgery (CSRF) attacks that lead ...
Dec 2, 2024This vulnerability is a Cross-Site Request Forgery (CSRF) flaw in the CultBooking Hotel Booking Engine WordPress plugin that can lead to Stored Cross-...
Dec 2, 2024This CSRF vulnerability in the Arrow Design Out Of Stock Badge WordPress plugin allows attackers to trick authenticated administrators into performing...
Dec 2, 2024This CSRF vulnerability in the Third Party Cookie Eraser WordPress plugin allows attackers to trick authenticated administrators into performing actio...
Dec 2, 2024This vulnerability allows attackers to perform Cross-Site Request Forgery (CSRF) attacks that lead to Stored Cross-Site Scripting (XSS) in the FastBoo...
Dec 2, 2024This CSRF vulnerability in the Think201 Mins To Read WordPress plugin allows attackers to trick authenticated administrators into performing actions t...
Dec 2, 2024This vulnerability allows attackers to perform Cross-Site Request Forgery (CSRF) attacks that lead to Stored Cross-Site Scripting (XSS) in the WordPre...
Dec 2, 2024This CSRF vulnerability in LinkLaunder SEO WordPress plugin allows attackers to trick authenticated administrators into performing actions that inject...
Dec 2, 2024This vulnerability allows attackers to perform Cross-Site Request Forgery (CSRF) attacks that lead to Stored Cross-Site Scripting (XSS) in the WordPre...
Dec 2, 2024A Cross-Site Request Forgery (CSRF) vulnerability in the Plumeria Web Design Blizzard Quotes WordPress plugin allows attackers to perform stored cross...
Dec 2, 2024This vulnerability in the WordPress plugin 'April's Call Posts' allows attackers to perform Cross-Site Request Forgery (CSRF) attacks that lead to Sto...
Dec 2, 2024This vulnerability in the WP-ISPConfig 3 WordPress plugin allows attackers to perform Cross-Site Request Forgery (CSRF) attacks that lead to Stored Cr...
Dec 2, 2024This vulnerability in the WordPress Favicon My Blog plugin allows attackers to perform Cross-Site Request Forgery (CSRF) attacks that lead to Stored C...
Dec 2, 2024This CSRF vulnerability in the Google Plus Share and +1 Button WordPress plugin allows attackers to trick authenticated administrators into performing...
Dec 2, 2024This Cross-Site Request Forgery (CSRF) vulnerability in the IceStats WordPress plugin allows attackers to trick authenticated administrators into perf...
Dec 2, 2024This CSRF vulnerability in the WordPress Post Hits Counter plugin allows attackers to trick authenticated administrators into executing malicious acti...
Dec 2, 2024This CSRF vulnerability in RealtyCandy IDX Broker Extended WordPress plugin allows attackers to trick authenticated administrators into performing act...
Dec 2, 2024A Cross-Site Request Forgery (CSRF) vulnerability in Kevin's WordPress plugin allows attackers to perform actions as authenticated users, leading to s...
Dec 2, 2024This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in the Silverlight Video Player WordPress plugin that can lead to Stored Cross-Si...
Dec 2, 2024This vulnerability in the WordPress 'Continue Shopping From Cart' plugin allows attackers to perform Cross-Site Request Forgery (CSRF) attacks that le...
Dec 2, 2024A Cross-Site Request Forgery (CSRF) vulnerability in the Simple Travel Map WordPress plugin allows attackers to perform stored cross-site scripting (X...
Dec 2, 2024This CSRF vulnerability in the wp auto top WordPress plugin allows attackers to trick authenticated administrators into performing actions that inject...
Dec 2, 2024This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in the yPHPlista WordPress plugin that can lead to Stored Cross-Site Scripting (X...
Dec 2, 2024A Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Multi Feed Reader plugin allows attackers to inject malicious scripts that persist ...
Dec 2, 2024This vulnerability in the Zajax - Ajax Navigation WordPress plugin allows attackers to perform Cross-Site Request Forgery (CSRF) attacks that lead to ...
Dec 2, 2024This vulnerability in the ITERAS WordPress plugin allows attackers to perform Cross-Site Request Forgery (CSRF) attacks that lead to Stored Cross-Site...
Dec 2, 2024This vulnerability in the Hotlink2Watermark WordPress plugin allows attackers to perform Cross-Site Request Forgery (CSRF) attacks that lead to Stored...
Dec 2, 2024This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in the No-nonsense Labs Document & Data Automation WordPress plugin that can lead...
Dec 2, 2024This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in the Maeve Lander PayPal Responder WordPress plugin that can lead to Stored Cro...
Dec 1, 2024This CSRF vulnerability in the Essential Breadcrumbs WordPress plugin allows attackers to trick authenticated administrators into performing actions w...
Nov 30, 2024A Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Custom Shortcode Sidebars plugin allows attackers to perform stored cross-site scri...
Nov 28, 2024A Cross-Site Request Forgery (CSRF) vulnerability in the WordPress WP Popup Window Maker plugin allows attackers to perform actions as authenticated u...
Nov 19, 2024About Cross-Site Request Forgery (CSRF) (CWE-352)
The web application does not sufficiently verify that a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
Our database tracks 2,506 CVEs classified as CWE-352, with 68 rated critical and 1,423 rated high severity. The average CVSS score for Cross-Site Request Forgery (CSRF) vulnerabilities is 6.8.
External reference: View CWE-352 on MITRE CWE →
Monitor Cross-Site Request Forgery (CSRF) Vulnerabilities
Get alerted when new Cross-Site Request Forgery (CSRF) CVEs affect your infrastructure.
Start Monitoring Free