← Back
CWE-352

9,384 CVEs • Abstraction: Compound • Likelihood of Exploit: Medium

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

JSON object

Loading...

CVEs (9,384)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
1Info D 74
1Open Street Map
Jun 17, 2026
Oct 16, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in InfoD74 WP Open Street Map plugin <= 1.25 versions.
1Anuragdeshmukh
1Cpt Shortcode Generator
Jun 17, 2026
Oct 16, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Anurag Deshmukh CPT Shortcode Generator plugin <= 1.0 versions.
1Coresol
1Snap Pixel
Jun 17, 2026
Oct 16, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Hassan Ali Snap Pixel plugin <= 1.5.7 versions.
1Ca Ret
1Country Access Limit
Jun 17, 2026
Oct 16, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Caret Inc. Caret Country Access Limit plugin <= 1.0.2 versions.
1Phpdeveloper
1Sort Searchresult By Title
Jun 17, 2026
Oct 16, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Codex-m Sort SearchResult By Title plugin <= 10.0 versions.
1Kevinweber
1Lazy Load For Videos
Jun 17, 2026
Oct 16, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Kevin Weber Lazy Load for Videos plugin <= 2.18.2 versions.
1Pixelgrade
1Pixfields
Jun 17, 2026
Oct 16, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in PixelGrade PixFields plugin <= 0.7.0 versions.
1Pixelgrade
1Comments Rating
Jun 17, 2026
Oct 16, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade Comments Ratings plugin <= 1.1.7 versions.
1Galaxyweblinks
1Video Playlist For Youtube
Jun 17, 2026
Oct 16, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Galaxy Weblinks Video Playlist For YouTube plugin <= 6.0 versions.
1Marcomilesi
1Wp Attachments
Jun 17, 2026
Oct 16, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi WP Attachments allows Cross Site Request Forgery.This issue affects WP Attachments: from n/a through 5.0.11.
1Fla Shop
1Html5 Maps
Jun 17, 2026
Oct 16, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Fla-shop.Com HTML5 Maps plugin <= 1.7.1.4 versions.
1Eupago
1Eupago Gateway Woocommerce
Jun 17, 2026
Oct 16, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in euPago Eupago Gateway For Woocommerce plugin <= 3.1.9 versions.
1Wpdevart
1Gallery Image And Video Gallery With Thumbnails
Jun 17, 2026
Oct 16, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in wpdevart Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.3 versions.
1Getlasso
1Simple Urls
Jun 17, 2026
Oct 16, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Lasso Simple URLs plugin <= 120 versions.
1Feed Statistics Project
1Feed Statistics
Jun 17, 2026
Oct 16, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Christopher Finke Feed Statistics plugin <= 4.1 versions.
1Sendpulse
1Free Web Push
Jun 17, 2026
Oct 16, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in SendPulse SendPulse Free Web Push plugin <= 1.3.1 versions.
1Mattmckenny
1Stout Google Calendar
Jun 17, 2026
Oct 16, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Matt McKenny Stout Google Calendar plugin <= 1.2.3 versions.
1Automatededitor
1Automated Editor
Jun 17, 2026
Oct 13, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in automatededitor.Com Automated Editor plugin <= 1.3 versions.
1Pinpoint
1Pinpoint Booking System
Jun 17, 2026
Oct 13, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in PINPOINT.WORLD Pinpoint Booking System plugin <= 2.9.9.4.0 versions.
1Coleds
1Simple Seo
Jun 17, 2026
Oct 13, 2023
N/A· v4
5.4 MEDIUM· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple SEO plugin <= 2.0.25 versions.