Weaknesses of type CWE-352
5,721 resultsCVE-2024-54421HIGHWordPress Floating Video Player plugin <= 1.0 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2024-54413HIGHWordPress Display Future Posts plugin <= 0.2.3 - CSRF to Stored Cross-Site Scripting vulnerabilityEPSS 0.2%CVE-2024-54427HIGHWordPress Category of Posts plugin <= 1.0 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2024-54416HIGHWordPress Wp Login with Ajax plugin <= 0.6 - CSRF to Stored Cross-Site Scripting vulnerabilityEPSS 0.2%CVE-2024-54414HIGHWordPress Geoportail Shortcode plugin <= 2.4.4 - CSRF to Stored Cross-Site Scripting vulnerabilityEPSS 0.2%CVE-2024-54433HIGHWordPress Simple Booking – Widget plugin <= 1.1 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2024-54332HIGHWordPress WP Currency Exchange Rates plugin <= 1.2.0 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2024-54440HIGHWordPress WP-Ban-User plugin <= 1.0 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2024-54439HIGHWordPress Amazon Product Price plugin <= 1.1 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2026-34613MEDIUMAVideo: CSRF on Plugin Enable/Disable Endpoint Allows Disabling Security PluginsEPSS 0.2%CVE-2025-61930HIGHEmlog Pro has CSRF issue that Enables Admin Password ResetEPSS 0.2%CVE-2024-42603MEDIUMPligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=clearallEPSS 0.2%CVE-2023-26248MEDIUMThe Kademlia DHT (go-libp2p-kad-dht 0.20.0 and earlier) used in IPFS (0.18.1 and earlier) assigns routing information for content (i.e., infEPSS 0.2%CVE-2026-13952MEDIUMInappropriate implementation in PerformanceAPIs in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data EPSS 0.2%CVE-2024-42606MEDIUMPligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_log.php?clear=1EPSS 0.2%CVE-2024-33677MEDIUMWordPress Contact Form 7 Extension For Mailchimp plugin <= 0.5.70 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2023-41684MEDIUMWordPress SIS Handball Plugin <= 1.0.45 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.2%CVE-2024-27974MEDIUMCross-site request forgery vulnerability in FUJIFILM printers which implement CentreWare Internet Services or Internet Services allows a remEPSS 0.2%CVE-2024-33691MEDIUMWordPress Popup Builder by OptinMonster plugin <= 2.15.3 - Cross Site Request Forgery (CSRF) Notice Dismissal vulnerabilityEPSS 0.2%CVE-2026-13946MEDIUMInappropriate implementation in ScriptInjections in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to leak cross-origEPSS 0.2%