CWE-352 · Cross-Site Request Forgery (CSRF)

9354 CVEs classified under CWE-352 (Cross-Site Request Forgery (CSRF)). Browse by severity and year.

Top CVEs for CWE-352
CVESeverityScorePublishedSummary
CVE-2025-32642Critical10.02025-04-09Cross-Site Request Forgery (CSRF) vulnerability in appsbd Vite Coupon vite-coupon allows Remote Code Inclusion.This issue affects Vite Coupon: from n/a through…
CVE-2025-23922Critical10.02025-01-16Cross-Site Request Forgery (CSRF) vulnerability in Harsh iSpring Embedder embed-ispring allows Upload a Web Shell to a Web Server.This issue affects iSpring Em…
CVE-2023-45128Critical10.02023-10-16Fiber is an express inspired web framework written in Go. A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the application, which allow…
CVE-2017-5145Critical10.02017-02-13An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. Successful exploitation of thi…
CVE-2019-25729Critical9.82026-06-04PDF Signer 3.0 contains a server-side template injection vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP command…
CVE-2026-30793Critical9.82026-03-05Cross-Site Request Forgery (CSRF) vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Flutter URI scheme h…
CVE-2025-48340Critical9.82025-05-19Cross-Site Request Forgery (CSRF) vulnerability in Danny Vink User Profile Meta Manager user-profile-meta allows Privilege Escalation.This issue affects User P…
CVE-2025-2907Critical9.82025-04-26The Order Delivery Date WordPress plugin before 12.3.1 does not have authorization and CSRF checks when importing settings. Furthermore it also lacks proper ch…
CVE-2025-31033Critical9.82025-04-09Cross-Site Request Forgery (CSRF) vulnerability in Adam Nowak Buddypress Humanity buddypress-humanity allows Cross Site Request Forgery.This issue affects Budd…
CVE-2025-23797Critical9.82025-01-16Cross-Site Request Forgery (CSRF) vulnerability in Mike Selander WP Options Editor wp-options-editor allows Privilege Escalation.This issue affects WP Options…
CVE-2024-56012Critical9.82024-12-16Cross-Site Request Forgery (CSRF) vulnerability in lizeipe Flash News / Post (Responsive) flashnews-fading-effect-pearlbells allows Privilege Escalation.This i…
CVE-2024-44677Critical9.82024-09-10eladmin v2.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an attacker to execute arbitrary code via the DatabaseController.java…
CVE-2024-34502Critical9.82024-05-05An issue was discovered in WikibaseLexeme in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. Loading Special:MergeLexemes will (attemp…
CVE-2024-33449Critical9.82024-04-29An SSRF issue in the PDFMyURL service allows a remote attacker to obtain sensitive information and execute arbitrary code via a POST request in the url paramet…
CVE-2024-29684Critical9.82024-03-26DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /src/dede/makehtml_homepage.php allowing a remote attacker to exec…
CVE-2023-4659Critical9.82023-10-02Cross-Site Request Forgery vulnerability, whose exploitation could allow an attacker to perform different actions on the platform as an administrator, simply b…
CVE-2022-20861Critical9.82022-07-21Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to execute arbitrary commands, read or upload container image…
CVE-2022-1574Critical9.82022-06-27The HTML2WP WordPress plugin through 1.0.0 does not have authorisation and CSRF checks when importing files, and does not validate them, as a result, unauthent…
CVE-2022-1020Critical9.82022-04-18The Product Table for WooCommerce (wooproducttable) WordPress plugin before 3.1.2 does not have authorisation and CSRF checks in the wpt_admin_update_notice_op…
CVE-2021-25032Critical9.82022-01-10The PublishPress Capabilities WordPress plugin before 2.3.1, PublishPress Capabilities Pro WordPress plugin before 2.3.1 does not have authorisation and CSRF c…