Weaknesses of type CWE-352

5,717 results
CVE-2024-35772MEDIUMWordPress Hueman theme <= 3.7.24 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2023-35778MEDIUMWordPress Recent Posts Slider Plugin <= 1.1 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.2%CVE-2024-43927MEDIUMWordPress Email Address Encoder plugin <= 1.0.23 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-57310HIGHA Cross-Site Request Forgery (CSRF) vulnerability in Salmen2/Simple-Faucet-Script v1.07 via crafted POST request to admin.php?p=ads&c=1 alloEPSS 0.2%CVE-2024-26445MEDIUMflusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_place.phpEPSS 0.2%CVE-2024-24843HIGHWordPress PowerPack Pro for Elementor Plugin < 2.10.8 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.2%CVE-2023-25706MEDIUMWordPress Robots.txt optimization plugin <= 1.4.5 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.2%CVE-2024-31113MEDIUMWordPress Easy Digital Downloads plugin <= 3.2.11 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-37503MEDIUMWordPress Lawyer Landing Page theme <= 1.2.4 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2019-20460HIGHAn issue was discovered on Epson Expression Home XP255 20.08.FM10I8 devices. POST requests don't require (anti-)CSRF tokens or other mechaniEPSS 0.2%CVE-2024-12774MEDIUMAltra Side Menu <= 2.0 - Abitrary Menu Deletion via CSRFEPSS 0.2%CVE-2023-47550HIGHWordPress Donations Made Easy – Smart Donations Plugin <= 4.0.12 is vulnerable to Cross Site Scripting (XSS)EPSS 0.2%CVE-2024-4218MEDIUMAffiEasy <= 1.1.6 - Cross-Site Request Forgery to Various ActionsEPSS 0.2%CVE-2024-35771MEDIUMWordPress Customizr theme <= 4.4.21 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-49674CRITICALWordPress EKC Tournament Manager plugin <= 2.2.1 - CSRF to Arbitrary File Upload vulnerabilityEPSS 0.2%CVE-2024-37937MEDIUMWordPress Rara Business theme <= 1.2.5 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-1503MEDIUMTutor LMS – eLearning and online course solution <= 2.6.1 - Cross-Site Request Forgery to Plugin Deactivation and Data EraseEPSS 0.2%CVE-2022-45228LOWDragino Lora LG01 18ed40 IoT v4.3.4 was discovered to contain a Cross-Site Request Forgery in the logout page.EPSS 0.2%CVE-2022-30705MEDIUMWordPress WordPress Ping Optimizer Plugin <= 2.35.1.2.3 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.2%CVE-2023-34185MEDIUMWordPress NextGen GalleryView Plugin <= 0.5.5 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.2%