← Back
CWE-352

9,308 CVEs • Abstraction: Compound • Likelihood of Exploit: Medium

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

JSON object

Loading...

CVEs (9,308)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2025-58849
-
-
Apr 23, 2026
Sep 5, 2025
N/A· v4
7.1 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Deepak S Hide Real Download Path hide-real-download-path allows Stored XSS.This issue affects Hide Real Download Path: from n/a through <= 1.6.
CVE-2025-58848
-
-
Apr 23, 2026
Sep 5, 2025
N/A· v4
7.1 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in aakash1911 WP likes wp-likes allows Reflected XSS.This issue affects WP likes: from n/a through <= 3.1.1.
CVE-2025-58847
-
-
Apr 23, 2026
Sep 5, 2025
N/A· v4
7.1 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Yaidier WN Flipbox Pro wn-flipbox-pro allows Reflected XSS.This issue affects WN Flipbox Pro: from n/a through <= 2.1.
CVE-2025-58846
-
-
Apr 23, 2026
Sep 5, 2025
N/A· v4
7.1 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Dejan Markovic WordPress Buffer – HYPESocial. Social Media Auto Post, Social Media Auto Publish and Schedule buffer-my-post allows Reflected XSS.This issue affects WordP...Show more
Cross-Site Request Forgery (CSRF) vulnerability in Dejan Markovic WordPress Buffer – HYPESocial. Social Media Auto Post, Social Media Auto Publish and Schedule buffer-my-post allows Reflected XSS.This issue affects WordPress Buffer – HYPESocial. Social Media Auto Post, Social Media Auto Publish and Schedule: from n/a through <= 2020.1.0.Show less
CVE-2025-58845
-
-
Apr 23, 2026
Sep 5, 2025
N/A· v4
7.1 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in ChrisHurst Bulk Watermark bulk-watermark allows Reflected XSS.This issue affects Bulk Watermark: from n/a through <= 1.6.10.
CVE-2025-58844
-
-
Apr 23, 2026
Sep 5, 2025
N/A· v4
7.1 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Subhash Kumar Database to Excel database-to-excel allows Stored XSS.This issue affects Database to Excel: from n/a through <= 1.0.
CVE-2025-58843
-
-
Apr 23, 2026
Sep 5, 2025
N/A· v4
7.1 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in David Merinas Auto Last Youtube Video auto-last-youtube-video allows Stored XSS.This issue affects Auto Last Youtube Video: from n/a through <= 1.0.7.
CVE-2025-58833
-
-
Apr 23, 2026
Sep 5, 2025
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in INVELITY Invelity MyGLS connect invelity-mygls-connect allows Object Injection.This issue affects Invelity MyGLS connect: from n/a through <= 1.1.1.
CVE-2025-58831
-
-
Apr 23, 2026
Sep 5, 2025
N/A· v4
4.3 MEDIUM· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in snagysandor Parallax Scrolling Enllax.js parallax-scrolling-enllax-js allows Cross Site Request Forgery.This issue affects Parallax Scrolling Enllax.js: from n/a through...Show more
Cross-Site Request Forgery (CSRF) vulnerability in snagysandor Parallax Scrolling Enllax.js parallax-scrolling-enllax-js allows Cross Site Request Forgery.This issue affects Parallax Scrolling Enllax.js: from n/a through <= 0.0.6.Show less
CVE-2025-58818
-
-
Apr 23, 2026
Sep 5, 2025
N/A· v4
5.4 MEDIUM· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in SwiftNinjaPro Developer Tools Blocker swiftninjapro-inspect-element-console-blocker allows Cross Site Request Forgery.This issue affects Developer Tools Blocker: from n/...Show more
Cross-Site Request Forgery (CSRF) vulnerability in SwiftNinjaPro Developer Tools Blocker swiftninjapro-inspect-element-console-blocker allows Cross Site Request Forgery.This issue affects Developer Tools Blocker: from n/a through <= 3.2.1.Show less
CVE-2025-58809
-
-
Apr 23, 2026
Sep 5, 2025
N/A· v4
7.1 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Nick Ciske To Lead For Salesforce salesforce-wordpress-to-lead allows Reflected XSS.This issue affects To Lead For Salesforce: from n/a through <= 2.7.3.9.
CVE-2025-58807
-
-
Apr 23, 2026
Sep 5, 2025
N/A· v4
7.1 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Dsingh Purge Varnish Cache purge-varnish allows Stored XSS.This issue affects Purge Varnish Cache: from n/a through <= 2.6.
CVE-2025-58806
-
-
Apr 23, 2026
Sep 5, 2025
N/A· v4
7.1 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Tom Longridge WordPress Error Monitoring by Bugsnag bugsnag allows Stored XSS.This issue affects WordPress Error Monitoring by Bugsnag: from n/a through <= 1.6.3.
CVE-2025-58804
-
-
Apr 23, 2026
Sep 5, 2025
N/A· v4
4.3 MEDIUM· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in brijrajs WooCommerce Single Page Checkout woo-single-page-checkout allows Cross Site Request Forgery.This issue affects WooCommerce Single Page Checkout: from n/a throug...Show more
Cross-Site Request Forgery (CSRF) vulnerability in brijrajs WooCommerce Single Page Checkout woo-single-page-checkout allows Cross Site Request Forgery.This issue affects WooCommerce Single Page Checkout: from n/a through <= 1.2.7.Show less
CVE-2025-58802
-
-
Apr 23, 2026
Sep 5, 2025
N/A· v4
4.3 MEDIUM· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in michalzagdan TrustMate.io – WooCommerce integration trustmate-io-integration-for-woocommerce allows Cross Site Request Forgery.This issue affects TrustMate.io – WooComme...Show more
Cross-Site Request Forgery (CSRF) vulnerability in michalzagdan TrustMate.io – WooCommerce integration trustmate-io-integration-for-woocommerce allows Cross Site Request Forgery.This issue affects TrustMate.io – WooCommerce integration: from n/a through <= 1.16.0.Show less
CVE-2025-58801
-
-
Apr 23, 2026
Sep 5, 2025
N/A· v4
5.4 MEDIUM· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in KCS Responder responder allows Cross Site Request Forgery.This issue affects Responder: from n/a through <= 4.3.8.
CVE-2025-58800
-
-
Apr 28, 2026
Sep 5, 2025
N/A· v4
4.3 MEDIUM· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Steve Truman WP Email Template wp-email-template allows Cross Site Request Forgery.This issue affects WP Email Template: from n/a through <= 2.8.5.
CVE-2025-58799
-
-
Apr 23, 2026
Sep 5, 2025
N/A· v4
4.3 MEDIUM· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in themelocation Custom WooCommerce Checkout Fields Editor add-fields-to-checkout-page-woocommerce allows Cross Site Request Forgery.This issue affects Custom WooCommerce C...Show more
Cross-Site Request Forgery (CSRF) vulnerability in themelocation Custom WooCommerce Checkout Fields Editor add-fields-to-checkout-page-woocommerce allows Cross Site Request Forgery.This issue affects Custom WooCommerce Checkout Fields Editor: from n/a through <= 1.3.4.Show less
CVE-2025-58798
-
-
Apr 23, 2026
Sep 5, 2025
N/A· v4
4.3 MEDIUM· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Bjorn Manintveld BCM Duplicate Menu bcm-duplicate-menu allows Cross Site Request Forgery.This issue affects BCM Duplicate Menu: from n/a through <= 1.1.3.
CVE-2025-58794
-
-
Apr 28, 2026
Sep 5, 2025
N/A· v4
4.3 MEDIUM· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in rainafarai Notification for Telegram notification-for-telegram allows Cross Site Request Forgery.This issue affects Notification for Telegram: from n/a through <= 3.5.