CWE-352— Cross-Site Request Forgery (CSRF)
8,729 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-352page 100 of 175
- CVE-2023-49446HIGHCVSS 8.8EG 8.82023-12-05
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/nav/save.
- CVE-2023-49447HIGHCVSS 8.8EG 8.82023-12-05
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/nav/update.
- CVE-2023-49448HIGHCVSS 8.8EG 8.82023-12-05
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via admin/nav/delete.
- CVE-2023-4959MEDIUMCVSS 6.5EG 6.52023-09-15
A flaw was found in Quay. Cross-site request forgery (CSRF) attacks force a user to perform unwanted actions in an application. During the pentest, it was detected that the config-editor page is vulnerable to CSRF. The config-editor page i…
- CVE-2023-49655HIGHCVSS 8.8EG 8.82023-11-29
A cross-site request forgery (CSRF) vulnerability in Jenkins MATLAB Plugin 2.11.0 and earlier allows attackers to have Jenkins parse an XML file from the Jenkins controller file system.
- CVE-2023-49673HIGHCVSS 8.8EG 8.82023-11-29
A cross-site request forgery (CSRF) vulnerability in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password.
- CVE-2023-49744MEDIUMCVSS 5.4EG 5.42023-12-15
Cross-Site Request Forgery (CSRF) vulnerability in Gift Up Gift Up Gift Cards for WordPress and WooCommerce.This issue affects Gift Up Gift Cards for WordPress and WooCommerce: from n/a through 2.21.3.
- CVE-2023-49749MEDIUMCVSS 4.3EG 4.32023-12-15
Cross-Site Request Forgery (CSRF) vulnerability in SureTriggers SureTriggers – Connect All Your Plugins, Apps, Tools & Automate Everything!.This issue affects SureTriggers – Connect All Your Plugins, Apps, Tools & Automate Everything!:…
- CVE-2023-4975MEDIUMCVSS 4.3EG 4.32023-10-20
The Website Builder by SeedProd plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.15.13.1. This is due to missing or incorrect nonce validation on functionality in the builder.php file. Th…
- CVE-2023-49751MEDIUMCVSS 4.3EG 4.32023-12-17
Cross-Site Request Forgery (CSRF) vulnerability in Ciprian Popescu Block for Font Awesome.This issue affects Block for Font Awesome: from n/a through 1.4.0.
- CVE-2023-49759MEDIUMCVSS 5.4EG 5.42023-12-18
Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team WooDiscuz – WooCommerce Comments.This issue affects WooDiscuz – WooCommerce Comments: from n/a through 2.3.0.
- CVE-2023-49760MEDIUMCVSS 5.4EG 5.42023-12-18
Cross-Site Request Forgery (CSRF) vulnerability in Giannopoulos Kostas WPsoonOnlinePage.This issue affects WPsoonOnlinePage: from n/a through 1.9.
- CVE-2023-49761MEDIUMCVSS 5.4EG 5.42023-12-18
Cross-Site Request Forgery (CSRF) vulnerability in Gravity Master Product Enquiry for WooCommerce.This issue affects Product Enquiry for WooCommerce: from n/a through 3.0.
- CVE-2023-49763MEDIUMCVSS 4.3EG 4.32023-12-18
Cross-Site Request Forgery (CSRF) vulnerability in Creatomatic Ltd CSprite.This issue affects CSprite: from n/a through 1.1.
- CVE-2023-49769MEDIUMCVSS 4.3EG 4.32023-12-17
Cross-Site Request Forgery (CSRF) vulnerability in SoftLab Integrate Google Drive.This issue affects Integrate Google Drive: from n/a through 1.3.4.
- CVE-2023-49775MEDIUMCVSS 4.3EG 4.32023-12-17
Cross-Site Request Forgery (CSRF) vulnerability in Denis Kobozev CSV Importer.This issue affects CSV Importer: from n/a through 0.3.8.
- CVE-2023-49816MEDIUMCVSS 4.3EG 4.32023-12-17
Cross-Site Request Forgery (CSRF) vulnerability in Innovative Solutions Fix My Feed RSS Repair.This issue affects Fix My Feed RSS Repair: from n/a through 1.4.
- CVE-2023-49821MEDIUMCVSS 5.4EG 5.42023-12-18
Cross-Site Request Forgery (CSRF) vulnerability in LiveChat LiveChat – WP live chat plugin for WordPress.This issue affects LiveChat – WP live chat plugin for WordPress: from n/a through 4.5.15.
- CVE-2023-49824MEDIUMCVSS 5.4EG 5.42023-12-17
Cross-Site Request Forgery (CSRF) vulnerability in PixelYourSite Product Catalog Feed by PixelYourSite.This issue affects Product Catalog Feed by PixelYourSite: from n/a through 2.1.1.
- CVE-2023-49834MEDIUMCVSS 5.4EG 5.42023-12-17
Cross-Site Request Forgery (CSRF) vulnerability in realmag777 FOX – Currency Switcher Professional for WooCommerce.This issue affects FOX – Currency Switcher Professional for WooCommerce: from n/a through 1.4.1.4.
- CVE-2023-49838MEDIUMCVSS 4.3EG 4.32024-03-26
Cross-Site Request Forgery (CSRF) vulnerability in KlbTheme Clotya theme, KlbTheme Cosmetsy theme, KlbTheme Furnob theme, KlbTheme Bacola theme, KlbTheme Partdo theme, KlbTheme Medibazar theme, KlbTheme Machic theme.This issue affects Clot…
- CVE-2023-49840MEDIUMCVSS 4.3EG 4.32023-12-18
Cross-Site Request Forgery (CSRF) vulnerability in Palscode Multi Currency For WooCommerce.This issue affects Multi Currency For WooCommerce: from n/a through 1.5.5.
- CVE-2023-49843MEDIUMCVSS 5.4EG 5.42023-12-18
Cross-Site Request Forgery (CSRF) vulnerability in QuanticEdge First Order Discount Woocommerce.This issue affects First Order Discount Woocommerce: from n/a through 1.21.
- CVE-2023-49844MEDIUMCVSS 4.3EG 4.32023-12-18
Cross-Site Request Forgery (CSRF) vulnerability in Kevin Ohashi WPPerformanceTester.This issue affects WPPerformanceTester: from n/a through 2.0.0.
- CVE-2023-49853MEDIUMCVSS 5.4EG 5.42023-12-18
Cross-Site Request Forgery (CSRF) vulnerability in PayTR Ödeme ve Elektronik Para Kuruluşu A.Ş. PayTR Taksit Tablosu – WooCommerce.This issue affects PayTR Taksit Tablosu – WooCommerce: from n/a through 1.3.1.
- CVE-2023-49854MEDIUMCVSS 5.4EG 8.82023-12-18
Cross-Site Request Forgery (CSRF) vulnerability in Tribe Interactive Caddy – Smart Side Cart for WooCommerce.This issue affects Caddy – Smart Side Cart for WooCommerce: from n/a through 1.9.7.
- CVE-2023-49855MEDIUMCVSS 6.5EG 8.82023-12-18
Cross-Site Request Forgery (CSRF) vulnerability in BinaryCarpenter Menu Bar Cart Icon For WooCommerce By Binary Carpenter.This issue affects Menu Bar Cart Icon For WooCommerce By Binary Carpenter: from n/a through 1.49.3.
- CVE-2023-49920MEDIUMCVSS 6.5EG 6.52023-12-21
Apache Airflow, version 2.7.0 through 2.7.3, has a vulnerability that allows an attacker to trigger a DAG in a GET request without CSRF validation. As a result, it was possible for a malicious website opened in the same browser - by the u…
- CVE-2023-49965MEDIUMCVSS 6.8EG 6.82024-04-05
SpaceX Starlink Wi-Fi router Gen 2 before 2023.48.0 allows XSS via the ssid and password parameters on the Setup Page.
- CVE-2023-50017HIGHCVSS 8.8EG 8.82023-12-14
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/database/backup
- CVE-2023-5006MEDIUMCVSS 6.5EG 6.52024-01-17
The WP Discord Invite WordPress plugin before 2.5.1 does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to perform actions on their behalf by tricking a logged in administrator to submit a crafte…
- CVE-2023-50349MEDIUMCVSS 5.9EG 5.92024-02-09
Sametime is impacted by a Cross Site Request Forgery (CSRF) vulnerability. Some REST APIs in the Sametime Proxy application can allow an attacker to perform malicious actions on the application.
- CVE-2023-5036HIGHCVSS 8.8EG 8.82023-09-18
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.15.1.
- CVE-2023-50372MEDIUMCVSS 4.3EG 8.82023-12-18
Cross-Site Request Forgery (CSRF) vulnerability in Hiroaki Miyashita Custom Post Type Page Template.This issue affects Custom Post Type Page Template: from n/a through 1.1.
- CVE-2023-50722CRITICALCVSS 9.6EG 9.62023-12-15
XWiki Platform is a generic wiki platform. Starting in 2.3 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, there is a reflected XSS or also direct remote code execution vulnerability in the code for displaying configurable admin sec…
- CVE-2023-50766HIGHCVSS 8.8EG 8.82023-12-13
A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML.
- CVE-2023-50768HIGHCVSS 8.8EG 8.82023-12-13
A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another met…
- CVE-2023-50774HIGHCVSS 8.1EG 8.12023-12-13
A cross-site request forgery (CSRF) vulnerability in Jenkins HTMLResource Plugin 1.02 and earlier allows attackers to delete arbitrary files on the Jenkins controller file system.
- CVE-2023-50775MEDIUMCVSS 4.3EG 4.32023-12-13
A cross-site request forgery (CSRF) vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to copy jobs.
- CVE-2023-50778HIGHCVSS 8.8EG 4.32023-12-13
A cross-site request forgery (CSRF) vulnerability in Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier allows attackers to connect to an attacker-specified URL using an attacker-specified token.
- CVE-2023-50835MEDIUMCVSS 5.4EG 5.42023-12-19
Cross-Site Request Forgery (CSRF) vulnerability in Praveen Goswami Advanced Category Template.This issue affects Advanced Category Template: from n/a through 0.1.
- CVE-2023-50858MEDIUMCVSS 5.4EG 5.42023-12-28
Cross-Site Request Forgery (CSRF) vulnerability in Bill Minozzi Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan.This issue affects Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enu…
- CVE-2023-50861MEDIUMCVSS 4.3EG 4.32024-03-15
Cross-Site Request Forgery (CSRF) vulnerability in realmag777 HUSKY – Products Filter for WooCommerce (formerly WOOF).This issue affects HUSKY – Products Filter for WooCommerce (formerly WOOF): from n/a through 1.3.4.3.
- CVE-2023-50870MEDIUMCVSS 4.3EG 4.32023-12-15
In JetBrains TeamCity before 2023.11.1 a CSRF on login was possible
- CVE-2023-50873MEDIUMCVSS 4.3EG 4.32023-12-28
Cross-Site Request Forgery (CSRF) vulnerability in Marios Alexandrou Add Any Extension to Pages.This issue affects Add Any Extension to Pages: from n/a through 1.4.
- CVE-2023-50878MEDIUMCVSS 5.4EG 5.42023-12-29
Cross-Site Request Forgery (CSRF) vulnerability in InspireUI MStore API.This issue affects MStore API: from n/a through 4.10.1.
- CVE-2023-50886MEDIUMCVSS 4.3EG 4.32024-03-15
Cross-Site Request Forgery (CSRF), Incorrect Authorization vulnerability in wpWax Legal Pages.This issue affects Legal Pages: from n/a through 1.3.7.
- CVE-2023-50900MEDIUMCVSS 4.3EG 4.32024-06-19
Cross-Site Request Forgery (CSRF) vulnerability in Averta Master Slider.This issue affects Master Slider: from n/a through 3.9.10.
- CVE-2023-50902MEDIUMCVSS 4.3EG 4.32023-12-29
Cross-Site Request Forgery (CSRF) vulnerability in WPExpertsio New User Approve.This issue affects New User Approve: from n/a through 2.5.1.
- CVE-2023-50923MEDIUMCVSS 4.3EG 4.32024-02-21
In QUIC in RFC 9000, the Latency Spin Bit specification (section 17.4) does not strictly constrain the bit value when the feature is disabled, which might allow remote attackers to construct a covert channel with data represented as change…
Map vulnerabilities like CWE-352 to your infrastructure
EchelonGraph correlates every CVE — across CWE-352 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →