CWE-352 · Cross-Site Request Forgery (CSRF)
9354 CVEs classified under CWE-352 (Cross-Site Request Forgery (CSRF)). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-32642 | Critical | 10.0 | 2025-04-09 | Cross-Site Request Forgery (CSRF) vulnerability in appsbd Vite Coupon vite-coupon allows Remote Code Inclusion.This issue affects Vite Coupon: from n/a through… |
CVE-2025-23922 | Critical | 10.0 | 2025-01-16 | Cross-Site Request Forgery (CSRF) vulnerability in Harsh iSpring Embedder embed-ispring allows Upload a Web Shell to a Web Server.This issue affects iSpring Em… |
CVE-2023-45128 | Critical | 10.0 | 2023-10-16 | Fiber is an express inspired web framework written in Go. A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the application, which allow… |
CVE-2017-5145 | Critical | 10.0 | 2017-02-13 | An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. Successful exploitation of thi… |
CVE-2019-25729 | Critical | 9.8 | 2026-06-04 | PDF Signer 3.0 contains a server-side template injection vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP command… |
CVE-2026-30793 | Critical | 9.8 | 2026-03-05 | Cross-Site Request Forgery (CSRF) vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Flutter URI scheme h… |
CVE-2025-48340 | Critical | 9.8 | 2025-05-19 | Cross-Site Request Forgery (CSRF) vulnerability in Danny Vink User Profile Meta Manager user-profile-meta allows Privilege Escalation.This issue affects User P… |
CVE-2025-2907 | Critical | 9.8 | 2025-04-26 | The Order Delivery Date WordPress plugin before 12.3.1 does not have authorization and CSRF checks when importing settings. Furthermore it also lacks proper ch… |
CVE-2025-31033 | Critical | 9.8 | 2025-04-09 | Cross-Site Request Forgery (CSRF) vulnerability in Adam Nowak Buddypress Humanity buddypress-humanity allows Cross Site Request Forgery.This issue affects Budd… |
CVE-2025-23797 | Critical | 9.8 | 2025-01-16 | Cross-Site Request Forgery (CSRF) vulnerability in Mike Selander WP Options Editor wp-options-editor allows Privilege Escalation.This issue affects WP Options… |
CVE-2024-56012 | Critical | 9.8 | 2024-12-16 | Cross-Site Request Forgery (CSRF) vulnerability in lizeipe Flash News / Post (Responsive) flashnews-fading-effect-pearlbells allows Privilege Escalation.This i… |
CVE-2024-44677 | Critical | 9.8 | 2024-09-10 | eladmin v2.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an attacker to execute arbitrary code via the DatabaseController.java… |
CVE-2024-34502 | Critical | 9.8 | 2024-05-05 | An issue was discovered in WikibaseLexeme in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. Loading Special:MergeLexemes will (attemp… |
CVE-2024-33449 | Critical | 9.8 | 2024-04-29 | An SSRF issue in the PDFMyURL service allows a remote attacker to obtain sensitive information and execute arbitrary code via a POST request in the url paramet… |
CVE-2024-29684 | Critical | 9.8 | 2024-03-26 | DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /src/dede/makehtml_homepage.php allowing a remote attacker to exec… |
CVE-2023-4659 | Critical | 9.8 | 2023-10-02 | Cross-Site Request Forgery vulnerability, whose exploitation could allow an attacker to perform different actions on the platform as an administrator, simply b… |
CVE-2022-20861 | Critical | 9.8 | 2022-07-21 | Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to execute arbitrary commands, read or upload container image… |
CVE-2022-1574 | Critical | 9.8 | 2022-06-27 | The HTML2WP WordPress plugin through 1.0.0 does not have authorisation and CSRF checks when importing files, and does not validate them, as a result, unauthent… |
CVE-2022-1020 | Critical | 9.8 | 2022-04-18 | The Product Table for WooCommerce (wooproducttable) WordPress plugin before 3.1.2 does not have authorisation and CSRF checks in the wpt_admin_update_notice_op… |
CVE-2021-25032 | Critical | 9.8 | 2022-01-10 | The PublishPress Capabilities WordPress plugin before 2.3.1, PublishPress Capabilities Pro WordPress plugin before 2.3.1 does not have authorisation and CSRF c… |