CWE-352: Cross-Site Request Forgery (CSRF)
The web application does not sufficiently verify that a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
Yearly Trend
Top Affected Vendors
All Cross-Site Request Forgery (CSRF) CVEs (2,376)
This CSRF vulnerability in the POST SMTP Mailer WordPress plugin allows attackers to trick authenticated administrators into resending emails to attac...
Jul 17, 2023This CSRF vulnerability in ELECOM WTC-C1167GC routers allows attackers to trick authenticated users into performing unintended operations. Attackers c...
Jul 13, 2023This CSRF vulnerability in Jenkins ElasticBox CI Plugin allows attackers to trick authenticated users into unknowingly connecting Jenkins to attacker-...
Jul 12, 2023A CSRF vulnerability in Jenkins Pipeline restFul API Plugin 0.11 and earlier allows attackers to trick authenticated users into unknowingly connecting...
Jul 12, 2023A CSRF vulnerability in Jenkins Assembla Auth Plugin 1.14 and earlier allows attackers to trick authenticated users into unknowingly logging into the ...
Jul 12, 2023This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in SuiteCRM Core that allows attackers to trick authenticated users into performi...
Jul 11, 2023This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in MultiTech Conduit AP MTCAP2-L4E1 devices running firmware v6.0.0. It allows re...
Jul 7, 2023PiiGAB M-Bus devices are vulnerable to cross-site request forgery (CSRF) attacks. An attacker can trick authenticated users into clicking malicious li...
Jul 7, 2023CVE-2023-31999 is a CSRF vulnerability in @fastify/oauth2 where a static state parameter was reused across all users and requests, allowing attackers ...
Jul 4, 2023This CSRF vulnerability in ZZCMS allows attackers to trick authenticated administrators into performing unauthorized actions, such as adding new admin...
Jul 3, 2023This CSRF vulnerability in FeiFeiCMS v4.1.190209 allows attackers to trick authenticated administrators into unknowingly creating new administrator ac...
Jun 27, 2023CVE-2022-3372 is a CSRF vulnerability in Netman-204 version 02.05 that allows attackers to change administrator passwords without proper CSRF token va...
Jun 21, 2023This CSRF vulnerability in Neeke HongCMS 3.0.0 allows attackers to trick authenticated users into performing unauthorized actions, potentially leading...
Jun 20, 2023This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in GilaCMS v1.11.4 that allows remote attackers to execute arbitrary code via the...
Jun 20, 2023This Cross-Site Request Forgery (CSRF) vulnerability in the Shingo Intrepidity WordPress plugin allows attackers to trick authenticated administrators...
Jun 15, 2023The Better Search WordPress plugin up to version 2.5.2 contains a Cross-Site Request Forgery (CSRF) vulnerability that allows unauthenticated attacker...
Jun 7, 2023This CSRF vulnerability in the Coming Soon & Maintenance Mode Page WordPress plugin allows attackers to trick administrators into performing unauthori...
Jun 7, 2023Shop Beat Media Player versions 2.5.95 through 3.2.57 contain a Cross-Site Request Forgery (CSRF) vulnerability that allows attackers to trick authent...
May 30, 2023This CVE describes a cross-site request forgery (CSRF) vulnerability in T&D Corporation and ESPEC MIC CORP. data logger products that allows an unauth...
May 23, 2023This CSRF vulnerability in Jenkins SAML SSO Plugin allows attackers to trick authenticated users into making unintended HTTP requests to attacker-cont...
May 16, 2023This CSRF vulnerability in Jenkins SAML SSO Plugin allows attackers to trick authenticated users into unknowingly sending malicious HTTP POST requests...
May 16, 2023This CSRF vulnerability in Jenkins Azure VM Agents Plugin allows attackers to trick authenticated users into connecting Jenkins to attacker-controlled...
May 16, 2023This CSRF vulnerability in LIQUID SPEECH BALLOON WordPress plugin allows attackers to trick authenticated users into performing unintended actions by ...
May 10, 2023This cross-site request forgery (CSRF) vulnerability in Esri Portal for ArcGIS allows attackers to trick authenticated users into performing unintende...
May 9, 2023MCCMS v2.6.3 is vulnerable to Cross-Site Request Forgery (CSRF), allowing attackers to trick authenticated users into performing unintended actions on...
Apr 28, 2023This vulnerability allows attackers to perform Cross-Site Request Forgery (CSRF) attacks against GitLab's Slack integration, enabling unauthorized exe...
Apr 15, 2023CVE-2023-0480 is a Cross-Site Request Forgery (CSRF) vulnerability in VitalPBX that allows unauthenticated attackers to steal administrator credential...
Apr 4, 2023CVE-2020-19278 is a Cross-Site Request Forgery (CSRF) vulnerability in Phachon mm-wiki v0.1.2 that allows attackers to trick authenticated users into ...
Apr 4, 2023This CSRF vulnerability in the User Role WordPress plugin allows attackers to escalate privileges for any user role without authentication. Attackers ...
Apr 3, 2023This CSRF vulnerability in Jenkins OctoPerf Load Testing Plugin allows attackers to trick authenticated users into connecting to attacker-controlled O...
Apr 2, 2023This CSRF vulnerability in Jenkins Convert To Pipeline Plugin allows attackers to trick authenticated users into unknowingly creating pipelines from f...
Apr 2, 2023The Replyable WordPress plugin before version 2.2.10 contains an object injection vulnerability in the prompt_dismiss_notice action. This allows any a...
Mar 6, 2023This CSRF vulnerability in taoCMS 3.0.2 allows attackers to trick authenticated administrators into performing unintended actions, potentially grantin...
Feb 24, 2023This CSRF vulnerability in Cisco APIC and Cloud Network Controller web interfaces allows unauthenticated attackers to trick authenticated users into e...
Feb 23, 2023A cross-site request forgery (CSRF) vulnerability in Jenkins Azure Credentials Plugin allows attackers to trick authenticated users into connecting Je...
Feb 15, 2023CVE-2022-29557 is a Cross-Site Request Forgery (CSRF) vulnerability in LexisNexis Firco Compliance Link 3.7 that allows attackers to trick authenticat...
Feb 15, 2023This CSRF vulnerability in Planex CS-WMV02G network cameras allows attackers to trick authenticated users into performing unauthorized actions by view...
Feb 14, 2023CVE-2022-34448 is a Cross-Site Request Forgery (CSRF) vulnerability in Dell PowerPath Management Appliance that allows unauthenticated users to trick ...
Feb 11, 2023The ImageMagick Engine WordPress plugin up to version 1.7.5 contains a deserialization vulnerability in the 'cli_path' parameter. Unauthenticated atta...
Feb 10, 2023This CSRF vulnerability in FUEL-CMS allows attackers to trick authenticated administrators into executing unauthorized actions, specifically deleting ...
Feb 3, 2023This Cross-Site Request Forgery (CSRF) vulnerability in imcat 5.4 allows attackers to trick authenticated users into performing unintended actions, po...
Feb 3, 2023This CSRF vulnerability in Academy LMS allows attackers to add unauthorized administrator accounts by tricking authenticated administrators into click...
Feb 3, 2023This CSRF vulnerability in Jenkins Coverity Plugin allows attackers to trick authenticated users into connecting Jenkins to attacker-controlled URLs u...
Jul 27, 2022This CSRF vulnerability in Jenkins Git Plugin allows attackers to trigger unauthorized builds of jobs configured with Git repositories. Attackers can ...
Jul 27, 2022IBM Security Verify Information Queue 10.0.2 contains a cross-site request forgery (CSRF) vulnerability that allows attackers to trick authenticated u...
Jul 26, 2022The AnyMind Widget WordPress plugin up to version 1.1 is vulnerable to Cross-Site Request Forgery (CSRF) due to missing nonce protection in the create...
Jul 18, 2022CVE-2022-35228 is a cross-site request forgery (CSRF) vulnerability in SAP BusinessObjects Central Management Console (CMC) that allows an unauthentic...
Jul 12, 2022CVE-2022-34134 is a Cross-Site Request Forgery vulnerability in Benjamin BALET Jorani v1.0 that allows attackers to trick authenticated users into per...
Jun 28, 2022This CSRF vulnerability in Jenkins Convertigo Mobile Platform Plugin allows attackers to trick authenticated users into making unintended requests to ...
Jun 23, 2022This CSRF vulnerability in Jenkins EasyQA Plugin allows attackers to trick authenticated users into making unintended requests to attacker-controlled ...
Jun 23, 2022About Cross-Site Request Forgery (CSRF) (CWE-352)
The web application does not sufficiently verify that a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
Our database tracks 2,376 CVEs classified as CWE-352, with 63 rated critical and 1,299 rated high severity. The average CVSS score for Cross-Site Request Forgery (CSRF) vulnerabilities is 6.7.
External reference: View CWE-352 on MITRE CWE →
Monitor Cross-Site Request Forgery (CSRF) Vulnerabilities
Get alerted when new Cross-Site Request Forgery (CSRF) CVEs affect your infrastructure.
Start Monitoring Free