Weaknesses of type CWE-352
5,721 resultsCVE-2023-46092HIGHWordPress Webmaster Tools Plugin <= 2.0 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.2%CVE-2024-1592MEDIUMComplianz – GDPR/CCPA Cookie Consent <= 6.5.6 - Cross-Site Request Forgery to Data Request DeletionEPSS 0.2%CVE-2023-22942MEDIUMCross-Site Request Forgery in the ‘ssg/kvstore_client’ REST Endpoint in Splunk EnterpriseEPSS 0.2%CVE-2024-33678MEDIUMWordPress ClickCease Click Fraud Protection plugin <= 3.2.7 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-33689MEDIUMWordPress Radio Station plugin <= 2.5.7 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-1764HIGHLoginPress <= 3.3.1 - Cross-Site Request Forgery to Arbitrary Options UpdateEPSS 0.2%CVE-2026-25221LOWPolarLearn has Multiple Login CSRFs via Missing OAuth state Parameter (GitHub & Google)EPSS 0.2%CVE-2020-37054MEDIUMNavigate CMS 2.8.7 - Cross-Site Request ForgeryEPSS 0.2%CVE-2024-31376MEDIUMWordPress Dashboard To-Do List plugin <= 1.3.1 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2026-11265HIGHInappropriate implementation in Autofill in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a cEPSS 0.2%CVE-2023-31230HIGHWordPress Baidu Tongji generator Plugin <= 1.0.2 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.2%CVE-2024-12414MEDIUMThemify Store Locator <= 1.1.9 - Cross-Site Request ForgeryEPSS 0.2%CVE-2024-20986MEDIUMVulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected areEPSS 0.2%CVE-2024-37102MEDIUMWordPress Vilva theme <= 1.2.2 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2023-3589MEDIUMCross-Site Request Forgery (CSRF) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022xEPSS 0.2%CVE-2024-31433MEDIUMWordPress The Events Calendar plugin <= 6.3.0 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-35560MEDIUMidccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ca_deal.php?mudi=del&dataType=&dataTypeCEPSS 0.2%CVE-2024-31612MEDIUMEmlog pro2.3 is vulnerable to Cross Site Request Forgery (CSRF) via twitter.php which can be used with a XSS vulnerability to access adminisEPSS 0.2%CVE-2026-23622HIGHCSRF Protection Bypass: Sensitive endpoints accept GET requests, enabling admin account takeoverEPSS 0.2%CVE-2025-46721MEDIUMnosurf vulnerable to CSRF due to non-functional same-origin request checksEPSS 0.2%