CWE-352— Cross-Site Request Forgery (CSRF)
8,729 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-352page 99 of 175
- CVE-2023-4869MEDIUMCVSS 4.3EG 4.32023-09-10
A vulnerability was found in SourceCodester Contact Manager App 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file update.php. The manipulation leads to cross-site request forgery. The a…
- CVE-2023-48744MEDIUMCVSS 5.4EG 5.42023-11-30
Cross-Site Request Forgery (CSRF) vulnerability in Offshore Web Master Availability Calendar allows Cross Site Request Forgery.This issue affects Availability Calendar: from n/a through 1.2.6.
- CVE-2023-48751MEDIUMCVSS 4.3EG 4.32023-12-19
Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau webdesign Participants Database allows Accessing Functionality Not Properly Constrained by ACLs, Cross Site Request Forgery.This issue affects Pa…
- CVE-2023-48754MEDIUMCVSS 5.4EG 5.42023-11-30
Cross-Site Request Forgery (CSRF) vulnerability in Wap Nepal Delete Post Revisions In WordPress allows Cross Site Request Forgery.This issue affects Delete Post Revisions In WordPress: from n/a through 4.6.
- CVE-2023-48755MEDIUMCVSS 4.3EG 4.32023-12-18
Cross-Site Request Forgery (CSRF) vulnerability in Michael Winkler teachPress.This issue affects teachPress: from n/a through 9.0.4.
- CVE-2023-48762MEDIUMCVSS 6.3EG 6.32023-12-18
Cross-Site Request Forgery (CSRF) vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13.
- CVE-2023-48766MEDIUMCVSS 4.3EG 4.32023-12-18
Cross-Site Request Forgery (CSRF) vulnerability in SVGator SVGator – Add Animated SVG Easily.This issue affects SVGator – Add Animated SVG Easily: from n/a through 1.2.4.
- CVE-2023-48768MEDIUMCVSS 4.3EG 4.32023-12-18
Cross-Site Request Forgery (CSRF) vulnerability in CodeAstrology Team Quantity Plus Minus Button for WooCommerce by CodeAstrology.This issue affects Quantity Plus Minus Button for WooCommerce by CodeAstrology: from n/a through 1.1.9.
- CVE-2023-48769MEDIUMCVSS 4.3EG 4.32023-12-18
Cross-Site Request Forgery (CSRF) vulnerability in Blue Coral Chat Bubble – Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back.This issue affects Chat Bubble – Floating Chat with Contact Chat Icons, Mes…
- CVE-2023-48772MEDIUMCVSS 5.4EG 5.42023-12-18
Cross-Site Request Forgery (CSRF) vulnerability in Arul Prasad J Prevent Landscape Rotation.This issue affects Prevent Landscape Rotation: from n/a through 2.0.
- CVE-2023-48773MEDIUMCVSS 5.4EG 5.42023-12-18
Cross-Site Request Forgery (CSRF) vulnerability in WP Doctor WooCommerce Login Redirect.This issue affects WooCommerce Login Redirect: from n/a through 2.2.4.
- CVE-2023-48778MEDIUMCVSS 5.4EG 5.42023-12-18
Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Product Size Chart For WooCommerce.This issue affects Product Size Chart For WooCommerce: from n/a through 1.1.5.
- CVE-2023-48781MEDIUMCVSS 4.3EG 4.32023-12-18
Cross-Site Request Forgery (CSRF) vulnerability in Marketing Rapel MkRapel Regiones y Ciudades de Chile para WC.This issue affects MkRapel Regiones y Ciudades de Chile para WC: from n/a through 4.3.0.
- CVE-2023-48790HIGHCVSS 7.5EG 7.52025-03-11
A cross site request forgery vulnerability [CWE-352] in Fortinet FortiNDR version 7.4.0, 7.2.0 through 7.2.1 and 7.1.0 through 7.1.1 and before 7.0.5 may allow a remote unauthenticated attacker to execute unauthorized actions via crafted H…
- CVE-2023-48912HIGHCVSS 8.8EG 8.82023-11-30
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/edit.
- CVE-2023-48913HIGHCVSS 8.8EG 8.82023-11-30
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/delete.
- CVE-2023-48914HIGHCVSS 8.8EG 8.82023-11-30
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/add.
- CVE-2023-49006MEDIUMCVSS 6.5EG 6.52023-12-19
Cross Site Request Forgery (CSRF) vulnerability in Phpsysinfo version 3.4.3 allows a remote attacker to obtain sensitive information via a crafted page in the XML.php file.
- CVE-2023-49076MEDIUMCVSS 4.3EG 4.32023-11-30
Customer-data-framework allows management of customer data within Pimcore. There are no tokens or headers to prevent CSRF attacks from occurring, therefore an attacker could abuse this vulnerability to create new customers. This issue has …
- CVE-2023-49148MEDIUMCVSS 5.4EG 5.42023-12-18
Cross-Site Request Forgery (CSRF) vulnerability in Kulwant Nagi Affiliate Booster – Pros & Cons, Notice, and CTA Blocks for Affiliates.This issue affects Affiliate Booster – Pros & Cons, Notice, and CTA Blocks for Affiliates: from n/a …
- CVE-2023-49153MEDIUMCVSS 4.3EG 4.32023-12-18
Cross-Site Request Forgery (CSRF) vulnerability in Saiful Islam Add to Cart Text Changer and Customize Button, Add Custom Icon.This issue affects Add to Cart Text Changer and Customize Button, Add Custom Icon: from n/a through 2.0.
- CVE-2023-49155MEDIUMCVSS 4.3EG 4.32023-12-18
Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Button Generator – easily Button Builder.This issue affects Button Generator – easily Button Builder: from n/a through 2.3.8.
- CVE-2023-4916HIGHCVSS 8.8EG 8.82023-09-13
The Login with phone number plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.6. This is due to missing nonce validation on the 'lwp_update_password_action' function. This makes it possi…
- CVE-2023-49163MEDIUMCVSS 5.4EG 5.42023-12-18
Cross-Site Request Forgery (CSRF) vulnerability in Michael Winkler teachPress.This issue affects teachPress: from n/a through 9.0.5.
- CVE-2023-49164MEDIUMCVSS 5.4EG 5.42023-12-19
Cross-Site Request Forgery (CSRF) vulnerability in OceanWP Ocean Extra.This issue affects Ocean Extra: from n/a through 2.2.2.
- CVE-2023-49197MEDIUMCVSS 4.3EG 4.32023-12-15
Cross-Site Request Forgery (CSRF) vulnerability in Apasionados, Apasionados del Marketing, NetConsulting DoFollow Case by Case.This issue affects DoFollow Case by Case: from n/a through 3.4.2.
- CVE-2023-4920MEDIUMCVSS 4.3EG 4.32023-10-20
The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_save_options function. This makes it possible for unauthenticat…
- CVE-2023-4923MEDIUMCVSS 5.4EG 5.42023-10-20
The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_delete function. This makes it possible for unau…
- CVE-2023-4924MEDIUMCVSS 5.4EG 5.42023-10-20
The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to missing capability checks on the woobe_bulkoperations_delete function. This makes it possible for authenticated attacke…
- CVE-2023-4926MEDIUMCVSS 5.4EG 5.42023-10-20
The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulk_delete_products function. This makes it possible for unaut…
- CVE-2023-4935MEDIUMCVSS 4.3EG 4.32023-10-20
The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the create_profile function. This makes it possible for unauthenticated a…
- CVE-2023-4937MEDIUMCVSS 4.3EG 4.32023-10-20
The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_apply_default_combination function. This makes i…
- CVE-2023-49372HIGHCVSS 8.8EG 8.82023-12-05
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/slide/save.
- CVE-2023-49373HIGHCVSS 8.8EG 8.82023-12-05
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/slide/delete.
- CVE-2023-49374HIGHCVSS 8.8EG 8.82023-12-05
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/slide/update.
- CVE-2023-49375HIGHCVSS 8.8EG 8.82023-12-05
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/friend_link/update.
- CVE-2023-49376HIGHCVSS 8.8EG 8.82023-12-05
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/delete.
- CVE-2023-49377HIGHCVSS 8.8EG 8.82023-12-05
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/update.
- CVE-2023-49378HIGHCVSS 8.8EG 8.82023-12-05
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/form/save.
- CVE-2023-49379HIGHCVSS 8.8EG 8.82023-12-05
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /admin/friend_link/save.
- CVE-2023-49380HIGHCVSS 8.8EG 8.82023-12-05
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/friend_link/delete.
- CVE-2023-49381HIGHCVSS 8.8EG 8.82023-12-05
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/div/update.
- CVE-2023-49382HIGHCVSS 8.8EG 8.82023-12-05
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/div/delete.
- CVE-2023-49383HIGHCVSS 8.8EG 8.82023-12-05
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/save.
- CVE-2023-49395HIGHCVSS 8.8EG 8.82023-12-05
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/update.
- CVE-2023-49396HIGHCVSS 8.8EG 8.82023-12-05
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/save.
- CVE-2023-49397HIGHCVSS 8.8EG 8.82023-12-05
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/updateStatus.
- CVE-2023-49398HIGHCVSS 8.8EG 8.82023-12-05
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/delete.
- CVE-2023-4940MEDIUMCVSS 4.3EG 4.32023-10-20
The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_swap function. This makes it possible for unauth…
- CVE-2023-4942MEDIUMCVSS 4.3EG 4.32023-10-20
The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_visibility function. This makes it possible for …
Map vulnerabilities like CWE-352 to your infrastructure
EchelonGraph correlates every CVE — across CWE-352 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →