Weaknesses of type CWE-352

5,724 results
CVE-2024-12280MEDIUMWP Customer Area <= 8.2.4 - Event Log Deletion via CSRFEPSS 0.2%CVE-2024-43116MEDIUMWordPress Simple Local Avatars plugin <= 2.7.10 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-39157LOWidccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ipRecord_deal.php?mudi=del&dataType=&datEPSS 0.2%CVE-2024-43287MEDIUMWordPress Brevo plugin <= 3.1.82 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-26351MEDIUMflusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/update_place.phpEPSS 0.2%CVE-2023-4301MEDIUMCSRF vulnerability in Fortify Plugin allow capturing credentialsEPSS 0.2%CVE-2023-6984MEDIUMPowerPack Addons for Elementor (Free Widgets, Extensions and Templates) <= 2.7.13 - Cross-Site Request ForgeryEPSS 0.2%CVE-2024-35550MEDIUMidccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoWeb_deal.php?mudi=rev.EPSS 0.2%CVE-2026-46785CRITICALVulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). The supported version that EPSS 0.2%CVE-2024-11813MEDIUMPulsating Chat Button <= 1.4.1 - Cross-Site Request Forgery to Stored Cross-Site ScriptingEPSS 0.2%CVE-2024-43325MEDIUMWordPress Dark Mode for WP Dashboard plugin <= 1.2.3 - Cross Site Request Forgery vulnerabilityEPSS 0.2%CVE-2023-50858MEDIUMWordPress Anti Hacker Plugin <= 4.34 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.2%CVE-2025-49896MEDIUMWordPress WP Discord Post Plus – Supports Unlimited Channels plugin <= 1.0.2 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-39156LOWidccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/keyWord_deal.php?mudi=add.EPSS 0.2%CVE-2024-50466MEDIUMWordPress DarkMySite – Advanced Dark Mode Plugin for WordPress plugin <= 1.2.8 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-6670HIGHCross-Site Request Forgery (CSRF) in Multiple WSO2 Products via HTTP GET in Admin ServicesEPSS 0.2%CVE-2025-23801HIGHWordPress Style Admin Plugin <= 1.4.3 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-23533HIGHWordPress WP Lyrics plugin <= 0.4.1 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-20195MEDIUMA vulnerability in the web-based management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a EPSS 0.2%CVE-2015-20117MEDIUMRealtyScript 4.0.2 Cross-Site Request Forgery Unauthorized User CreationEPSS 0.2%