Weaknesses of type CWE-352
5,714 resultsCVE-2026-52800HIGHGogs: CSRF Leading to Organization Owner TakeoverEPSS 0.2%CVE-2024-40455LOWAn arbitrary file deletion vulnerability in ThinkSAAS v3.7 allows attackers to delete arbitrary files via a crafted request.EPSS 0.2%CVE-2026-6455HIGHWP Contact Form 7 DB Handler <= 3.0 - Cross-Site Request Forgery to Arbitrary File Deletion via 'contact_form' ParameterEPSS 0.2%CVE-2022-45364MEDIUMWordPress Drag and Drop Multiple File Upload – Contact Form 7 Plugin <= 1.3.6.5 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.2%CVE-2023-25481MEDIUMWordPress Podlove Subscribe button Plugin <= 1.3.7 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.2%CVE-2023-34373MEDIUMWordPress Zephyr Project Manager Plugin <= 3.3.93 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.2%CVE-2023-25991MEDIUMWordPress RegistrationMagic Plugin <= 5.1.9.2 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.2%CVE-2023-23861MEDIUMWordPress GMAce Plugin <= 1.5.2 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.2%CVE-2023-25698MEDIUMWordPress Shoppable Images Lite Plugin <= 1.2.3 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.2%CVE-2022-46793MEDIUMWordPress Product Feed PRO for WooCommerce Plugin <= 12.4.4 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.2%CVE-2023-36690HIGHWordPress WPLMS Theme < 4.900 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.2%CVE-2023-48283MEDIUMWordPress Simple Testimonials Showcase Plugin <= 1.1.5 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.2%CVE-2024-28828HIGH1-Click compromize via CSRFEPSS 0.2%CVE-2023-28949MEDIUMIBM Engineering Requirements Management cross-site request forgeryEPSS 0.2%CVE-2025-6284MEDIUMPHPGurukul Car Rental Portal cross-site request forgeryEPSS 0.2%CVE-2024-36076HIGHCross-Site WebSocket Hijacking in SysReptor from version 2024.28 to version 2024.30 causes attackers to escalate privileges and obtain sensiEPSS 0.2%CVE-2024-34817MEDIUMWordPress Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2022-40180—A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), DEPSS 0.2%CVE-2023-48323MEDIUMWordPress Awesome Support Plugin <= 6.1.4 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.2%CVE-2022-32516HIGHA CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that could cause system’s configurations override and cause a reboot loop EPSS 0.2%