← Back
CWE-352

9,313 CVEs • Abstraction: Compound • Likelihood of Exploit: Medium

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

JSON object

Loading...

CVEs (9,313)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2025-32555
-
-
Apr 23, 2026
Apr 9, 2025
N/A· v4
7.1 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Edamam SEO, Nutrition and Print for Recipes by Edamam seo-nutrition-and-print-for-recipes-by-edamam allows Stored XSS.This issue affects SEO, Nutrition and Print for Rec...Show more
Cross-Site Request Forgery (CSRF) vulnerability in Edamam SEO, Nutrition and Print for Recipes by Edamam seo-nutrition-and-print-for-recipes-by-edamam allows Stored XSS.This issue affects SEO, Nutrition and Print for Recipes by Edamam: from n/a through <= 3.3.Show less
CVE-2025-32547
-
-
Apr 23, 2026
Apr 9, 2025
N/A· v4
8.2 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in gtlwpdev All push notification for WP all-push-notification allows Blind SQL Injection.This issue affects All push notification for WP: from n/a through <= 1.5.3.
CVE-2025-32518
-
-
Apr 23, 2026
Apr 9, 2025
N/A· v4
7.1 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in hossainawlad ALD Login Page ald-login-page allows Stored XSS.This issue affects ALD Login Page: from n/a through <= 1.1.
CVE-2025-32505
-
-
Apr 23, 2026
Apr 9, 2025
N/A· v4
7.1 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in SCAND MultiMailer scand-multi-mailer allows Stored XSS.This issue affects MultiMailer: from n/a through <= 1.0.3.
CVE-2025-32502
-
-
Apr 23, 2026
Apr 9, 2025
N/A· v4
7.1 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in lemmentwickler ePaper Lister for Yumpu magazine-lister-for-yumpu allows Stored XSS.This issue affects ePaper Lister for Yumpu: from n/a through <= 1.4.0.
CVE-2025-32501
-
-
Apr 23, 2026
Apr 9, 2025
N/A· v4
7.1 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in dimafreund Rentsyst rentsyst allows Stored XSS.This issue affects Rentsyst: from n/a through <= 2.0.92.
CVE-2025-32500
-
-
Apr 23, 2026
Apr 9, 2025
N/A· v4
7.1 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Sudavar Codescar Radio Widget codescar-radio-widget allows Stored XSS.This issue affects Codescar Radio Widget: from n/a through <= 0.4.2.
CVE-2025-32498
-
-
Apr 23, 2026
Apr 9, 2025
N/A· v4
7.1 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in oleglark VKontakte Cross-Post vkontakte-cross-post allows Stored XSS.This issue affects VKontakte Cross-Post: from n/a through <= 0.3.2.
CVE-2025-32497
-
-
Apr 23, 2026
Apr 9, 2025
N/A· v4
7.1 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in squiter Spoiler Block spoiler-block allows Stored XSS.This issue affects Spoiler Block: from n/a through <= 1.7.
CVE-2025-32496
-
-
Apr 23, 2026
Apr 9, 2025
N/A· v4
9.6 CRITICAL· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Uncodethemes Ultra Demo Importer ut-demo-importer allows Upload a Web Shell to a Web Server.This issue affects Ultra Demo Importer: from n/a through <= 1.0.5.
CVE-2025-32494
-
-
Apr 23, 2026
Apr 9, 2025
N/A· v4
4.3 MEDIUM· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in bozdoz reCAPTCHA Jetpack recaptcha-jetpack allows Cross Site Request Forgery.This issue affects reCAPTCHA Jetpack: from n/a through <= 0.2.2.
CVE-2025-32485
-
-
Apr 23, 2026
Apr 9, 2025
N/A· v4
4.3 MEDIUM· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Bjoern WP Performance Pack wp-performance-pack allows Cross Site Request Forgery.This issue affects WP Performance Pack: from n/a through <= 2.5.4.
CVE-2025-32484
-
-
Apr 23, 2026
Apr 9, 2025
N/A· v4
7.1 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Mathieu Chartier WP-Planification wp-planification allows Stored XSS.This issue affects WP-Planification: from n/a through <= 2.3.1.
CVE-2025-32482
-
-
Apr 23, 2026
Apr 9, 2025
N/A· v4
7.1 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in quanganhdo Custom Smilies custom-smilies allows Stored XSS.This issue affects Custom Smilies: from n/a through <= 1.2.
CVE-2025-32481
-
-
Apr 23, 2026
Apr 9, 2025
N/A· v4
7.1 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in ninotheme Nino Social Connect nino-social-connect allows Stored XSS.This issue affects Nino Social Connect: from n/a through <= 2.0.
CVE-2025-32480
-
-
Apr 23, 2026
Apr 9, 2025
N/A· v4
7.1 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in dalziel Windows Live Writer windows-live-writer allows Stored XSS.This issue affects Windows Live Writer: from n/a through <= 0.1.
CVE-2025-32479
-
-
Apr 23, 2026
Apr 9, 2025
N/A· v4
7.1 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in ab-tools Flags Widget flags-widget allows Stored XSS.This issue affects Flags Widget: from n/a through <= 1.0.7.
CVE-2025-32478
-
-
Apr 23, 2026
Apr 9, 2025
N/A· v4
7.1 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Mario Aguiar WP SexyLightBox wp-sexylightbox allows Stored XSS.This issue affects WP SexyLightBox: from n/a through <= 0.5.3.
CVE-2025-32477
-
-
Apr 23, 2026
Apr 9, 2025
N/A· v4
7.1 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Jordi Salord WP-Easy Menu wp-easy-menu allows Stored XSS.This issue affects WP-Easy Menu: from n/a through <= 0.41.
CVE-2025-32476
-
-
Apr 23, 2026
Apr 9, 2025
N/A· v4
7.1 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in blueinstyle Advanced Tag Lists advanced-tag-list allows Stored XSS.This issue affects Advanced Tag Lists: from n/a through <= 1.2.