Weaknesses of type CWE-352

5,715 results
CVE-2022-26309LOWCross-Site Request en Bulk operation (User operation)EPSS 0.2%CVE-2021-36915MEDIUMWordPress Profile Builder plugin <= 3.6.0 - Cross-Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-6864MEDIUMSeaCMS admin_type.php cross-site request forgeryEPSS 0.2%CVE-2025-32576CRITICALWordPress WP shop plugin <= 2.6.1 - CSRF to Arbitrary File Upload vulnerabilityEPSS 0.2%CVE-2025-32496CRITICALWordPress Ultra Demo Importer plugin <= 1.0.5 - CSRF to RCE vulnerabilityEPSS 0.2%CVE-2024-56310HIGHREDCap through 14.9.6 has a security flaw in the Project Dashboards name, exposing users to a Cross-Site Request Forgery (CSRF) attack. An aEPSS 0.2%CVE-2023-44161LOWSensitive information manipulation due to cross-site request forgery. The following products are affected: Acronis Cyber Protect 15 (Linux, EPSS 0.2%CVE-2024-27265MEDIUMIBM Integration Bus for z/OS cross-site request forgeryEPSS 0.2%CVE-2024-1489MEDIUMSMS Alert Order Notifications – WooCommerce <= 3.6.9 - Cross-Site Request ForgeryEPSS 0.2%CVE-2024-7859MEDIUMVisual Sound <= 1.03 - Settings Update via CSRFEPSS 0.2%CVE-2025-23044MEDIUMCross-Site Request Forgery (CSRF) allows creating admin account with POST requestEPSS 0.2%CVE-2023-44160LOWSensitive information manipulation due to cross-site request forgery. The following products are affected: Acronis Cyber Protect 15 (Linux, EPSS 0.2%CVE-2022-44627MEDIUMWordPress Simple SEO plugin <= 1.8.12 - Cross-Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-27694HIGHFlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the /system/share/ztree_category_edit.EPSS 0.2%CVE-2023-45317HIGHSielco Radio Link and Analog FM Transmitters Cross-Site Request ForgeryEPSS 0.2%CVE-2023-5498MEDIUMCross-Site Request Forgery (CSRF) in chiefonboarding/chiefonboardingEPSS 0.2%CVE-2025-5988MEDIUMAap-gateway: csrf origin checking is disabledEPSS 0.2%CVE-2022-36417MEDIUMWordPress 3D Tag Cloud plugin <= 3.8 - Multiple Stored Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2023-47757MEDIUMWordPress AWeber Plugin <= 7.3.9 is vulnerable to Broken Access ControlEPSS 0.2%CVE-2023-35120HIGHPiiGAB M-Bus Cross-Site Request ForgeryEPSS 0.2%