← Back
CWE-352

9,308 CVEs • Abstraction: Compound • Likelihood of Exploit: Medium

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

JSON object

Loading...

CVEs (9,308)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2025-62101
-
-
Apr 23, 2026
Dec 31, 2025
N/A· v4
4.3 MEDIUM· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Omid Shamloo Pardakht Delkhah pardakht-delkhah allows Cross Site Request Forgery.This issue affects Pardakht Delkhah: from n/a through <= 3.0.0.
CVE-2025-63040
-
-
Apr 23, 2026
Dec 31, 2025
N/A· v4
4.3 MEDIUM· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Saad Iqbal Post Snippets post-snippets allows Cross Site Request Forgery.This issue affects Post Snippets: from n/a through <= 4.0.11.
CVE-2025-63014
-
-
Apr 23, 2026
Dec 31, 2025
N/A· v4
4.3 MEDIUM· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Serhii Pasyuk Gmedia Photo Gallery grand-media allows Cross Site Request Forgery.This issue affects Gmedia Photo Gallery: from n/a through <= 1.25.0.
CVE-2025-62148
-
-
Apr 23, 2026
Dec 31, 2025
N/A· v4
4.3 MEDIUM· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Eugen Bobrowski Robots.txt rewrite robotstxt-rewrite allows Cross Site Request Forgery.This issue affects Robots.txt rewrite: from n/a through <= 1.6.1.
CVE-2025-62133
-
-
Apr 23, 2026
Dec 31, 2025
N/A· v4
4.3 MEDIUM· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in manidoraisamy FormFacade formfacade allows Cross Site Request Forgery.This issue affects FormFacade: from n/a through <= 1.4.1.
CVE-2025-62089
-
-
Apr 23, 2026
Dec 31, 2025
N/A· v4
4.3 MEDIUM· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in MERGADO Mergado Pack mergado-marketing-pack allows Cross Site Request Forgery.This issue affects Mergado Pack: from n/a through <= 4.2.1.
CVE-2025-62084
-
-
Apr 23, 2026
Dec 31, 2025
N/A· v4
4.3 MEDIUM· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Imdad Next Web iNext Woo Pincode Checker inext-woo-pincode-checker allows Cross Site Request Forgery.This issue affects iNext Woo Pincode Checker: from n/a through <= 2....Show more
Cross-Site Request Forgery (CSRF) vulnerability in Imdad Next Web iNext Woo Pincode Checker inext-woo-pincode-checker allows Cross Site Request Forgery.This issue affects iNext Woo Pincode Checker: from n/a through <= 2.3.1.Show less
CVE-2025-62080
-
-
Apr 28, 2026
Dec 31, 2025
N/A· v4
4.3 MEDIUM· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Channelize.io Team Live Shopping & Shoppable Videos For WooCommerce live-shopping-video-streams allows Cross Site Request Forgery.This issue affects Live Shopping & Shop...Show more
Cross-Site Request Forgery (CSRF) vulnerability in Channelize.io Team Live Shopping & Shoppable Videos For WooCommerce live-shopping-video-streams allows Cross Site Request Forgery.This issue affects Live Shopping & Shoppable Videos For WooCommerce: from n/a through <= 2.2.0.Show less
CVE-2025-59130
-
-
Apr 23, 2026
Dec 31, 2025
N/A· v4
4.3 MEDIUM· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in appointify Appointify appointify allows Cross Site Request Forgery.This issue affects Appointify: from n/a through <= 1.0.8.
CVE-2025-62134
-
-
Apr 23, 2026
Dec 31, 2025
N/A· v4
5.4 MEDIUM· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Contact Form Widget new-contact-form-widget allows Cross Site Request Forgery.This issue affects Contact Form Widget: from n/a through <= 1.5.1.
CVE-2025-62120
-
-
Apr 23, 2026
Dec 31, 2025
N/A· v4
5.4 MEDIUM· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Rick Beckman OpenHook thesis-openhook allows Cross Site Request Forgery.This issue affects OpenHook: from n/a through <= 4.3.1.
CVE-2025-62117
-
-
Apr 23, 2026
Dec 31, 2025
N/A· v4
5.4 MEDIUM· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Jayce53 EasyIndex easyindex allows Cross Site Request Forgery.This issue affects EasyIndex: from n/a through <= 1.1.1704.
CVE-2025-62992
1Everestthemes
1Everest Backup
Apr 23, 2026
Dec 31, 2025
N/A· v4
8.1 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in everestthemes Everest Backup everest-backup allows Path Traversal.This issue affects Everest Backup: from n/a through <= 2.3.11.
CVE-2025-49028
-
-
Apr 23, 2026
Dec 31, 2025
N/A· v4
7.1 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Zoho Mail Zoho ZeptoMail transmail allows Stored XSS.This issue affects Zoho ZeptoMail: from n/a through <= 3.3.1.
CVE-2025-68885
-
-
Apr 23, 2026
Dec 31, 2025
N/A· v4
7.1 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in page-carbajal Custom Post Status custom-post-status allows Stored XSS.This issue affects Custom Post Status: from n/a through <= 1.1.0.
CVE-2025-49354
-
-
Apr 23, 2026
Dec 31, 2025
N/A· v4
7.1 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Mindstien Technologies Recent Posts From Each Category recent-posts-from-each-category allows Stored XSS.This issue affects Recent Posts From Each Category: from n/a thr...Show more
Cross-Site Request Forgery (CSRF) vulnerability in Mindstien Technologies Recent Posts From Each Category recent-posts-from-each-category allows Stored XSS.This issue affects Recent Posts From Each Category: from n/a through <= 1.4.Show less
CVE-2025-49353
-
-
Apr 23, 2026
Dec 31, 2025
N/A· v4
7.1 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Marcin Kijak Noindex by Path noindex-by-path allows Stored XSS.This issue affects Noindex by Path: from n/a through <= 1.0.
CVE-2025-49345
-
-
Apr 23, 2026
Dec 31, 2025
N/A· v4
7.1 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in mg12 WP-EasyArchives wp-easyarchives allows Stored XSS.This issue affects WP-EasyArchives: from n/a through <= 3.1.2.
CVE-2025-49344
-
-
Apr 23, 2026
Dec 31, 2025
N/A· v4
7.1 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in reneade SensitiveTagCloud sensitive-tag-cloud allows Stored XSS.This issue affects SensitiveTagCloud: from n/a through <= 1.4.1.
CVE-2025-49343
-
-
Apr 23, 2026
Dec 31, 2025
N/A· v4
7.1 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in socialprofilr Social Profilr social-profilr-display-social-network-profile allows Stored XSS.This issue affects Social Profilr: from n/a through <= 1.0.