Weaknesses of type CWE-352
5,719 resultsCVE-2025-31034MEDIUMWordPress Customize Login Page plugin <= 1.1 - Cross Site Request Forgery (CSRF) to Settings Change vulnerabilityEPSS 0.2%CVE-2026-4091MEDIUMOPEN-BRAIN <= 0.5.0 - Cross-Site Request ForgeryEPSS 0.2%CVE-2024-2959MEDIUMSVS Pricing Tables <= 1.0.4 - Cross-Site Request Forgery to Pricing Table Edit/CreationEPSS 0.2%CVE-2025-25907HIGHtianti v2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /user/ajax/save. This vulnerability allows attacEPSS 0.2%CVE-2023-7048LOWMy Sticky Bar <= 2.6.6 - Cross-Site Request Forgery to Sensitive Information ExposureEPSS 0.2%CVE-2024-33638MEDIUMWordPress Smart Maintenance Mode plugin <= 1.4.4 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-2960MEDIUMSVS Pricing Tables <= 1.0.4 - Cross-Site Request Forgery to Pricing Table DeletionEPSS 0.2%CVE-2024-35551MEDIUMidccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoWeb_deal.php?mudi=add.EPSS 0.2%CVE-2020-10734—A vulnerability was found in keycloak in the way that the OIDC logout endpoint does not have CSRF protection. Versions shipped with Red Hat EPSS 0.2%CVE-2025-11087HIGHZegen Core <= 2.0.1 - Cross-Site Request Forgery to Arbitrary File UploadEPSS 0.2%CVE-2024-1335MEDIUMImageRecycle pdf & image compression <= 3.1.13 - Cross-Site Request Forgery to Settings Update in disableOptimizationEPSS 0.2%CVE-2022-41263MEDIUMDue to a missing authentication check, SAP Business Objects Business Intelligence Platform (Web Intelligence) - versions 420, 430, allows anEPSS 0.2%CVE-2023-46067MEDIUMWordPress Rocket Font Plugin <= 1.2.3 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.2%CVE-2025-3997MEDIUMdazhouda lecms Personal Information Page index.php cross-site request forgeryEPSS 0.2%CVE-2023-45058MEDIUMWordPress Short URL Plugin <= 1.6.8 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.2%CVE-2023-46777MEDIUMWordPress Feather Login Page Plugin <= 1.1.3 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.2%CVE-2024-37212HIGHWordPress AliExpress Dropshipping with AliNext Lite plugin <= 3.3.5 - CSRF to PHP Object Injection vulnerabilityEPSS 0.2%CVE-2023-4628MEDIUMLadiApp <= 4.4 - Cross-Site Request Forgery via ladiflow_save_hook()EPSS 0.2%CVE-2023-37990MEDIUMWordPress Perelink Pro Plugin <= 2.1.4 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.2%CVE-2024-1943MEDIUMYuki <= 1.3.14 - Cross-Site Request Forgery to Theme Setting ResetEPSS 0.2%