Weaknesses of type CWE-352
5,720 resultsCVE-2024-9649MEDIUMWP ULike <= 4.7.4 - Cross-Site Request Forgery to Statistic DeletionEPSS 0.2%CVE-2024-13684HIGHReset <= 1.6 - Cross-Site Request Forgery to Database ResetEPSS 0.2%CVE-2024-37435MEDIUMWordPress Perfect Portfolio theme <= 1.2.0 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2023-47790HIGHWordPress Pz-LinkCard Plugin <= 2.4.8 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.2%CVE-2025-53095CRITICALSunshine application-wide CSRF in the UI leads to command injection as AdministratorEPSS 0.2%CVE-2023-2919MEDIUMTutor LMS <= 2.7.4 - Cross-Site Request Forgery via 'addon_enable_disable'EPSS 0.2%CVE-2024-28948HIGHAdvantech ADAM-5630 Cross-Site Request ForgeryEPSS 0.2%CVE-2024-37093MEDIUMWordPress MasterStudy LMS plugin <= 3.2.1 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2026-1148MEDIUMSourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System cross-site request forgeryEPSS 0.2%CVE-2025-21528MEDIUMVulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web AccEPSS 0.2%CVE-2023-5534MEDIUMAI ChatBot <= 4.8.9 and 4.9.2 - Cross-Site Request Forgery on AJAX actionsEPSS 0.2%CVE-2024-51656HIGHWordPress Flash Show And Hide Box plugin <= 1.6 - CSRF to Stored Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2024-51641HIGHWordPress Advanced PDF Generator plugin <= 0.4.0 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-14117MEDIUMfit2cloud Halo cross-site request forgeryEPSS 0.2%CVE-2024-51654HIGHWordPress APK Downloader plugin <= 1.0.0 - CSRF to Stored Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2024-54418MEDIUMWordPress DTC Documents plugin <= 1.1.05 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-51653HIGHWordPress UPDATE NOTIFICATIONS plugin <= 0.3.4 - CSRF to Stored Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2024-54139HIGHCombodo iTop vulnerable to XSS leading to CSRF breach on _table_id parameterEPSS 0.2%CVE-2024-51649HIGHWordPress Mobilize plugin <= 3.0.7 - CSRF to Stored Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2023-52555MEDIUMIn mongo-express 1.0.2, /admin allows CSRF, as demonstrated by deletion of a Collection.EPSS 0.2%