Weaknesses of type CWE-352

5,724 results
CVE-2025-32477HIGHWordPress WP-Easy Menu plugin <= 0.41 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-31032HIGHWordPress Pagopar – WooCommerce Gateway plugin <= 2.7.1 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-32476HIGHWordPress Advanced Tag Lists plugin <= 1.2 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2023-40212MEDIUMWordPress WooCommerce Product Attachment Plugin <= 2.1.8 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.2%CVE-2023-37391MEDIUMWordPress WordPress Mobile Pack Plugin <= 3.4.1 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.2%CVE-2025-31393HIGHWordPress Social Bookmarking RELOADED plugin <= 3.18 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2024-38751MEDIUMWordPress AdsforWP plugin <= 1.9.28 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-38766MEDIUMWordPress Matomo Analytics plugin <= 5.1.1 - Cross Site Request Forgery (CSRF) leading to Notice Dismissal vulnerabilityEPSS 0.2%CVE-2023-25697MEDIUMWordPress GamiPress plugin <= 2.5.6 - CSRF Leading to Settings Change VulnerabilityEPSS 0.2%CVE-2024-37518MEDIUMWordPress The Events Calendar plugin <= 6.5.1.4 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-31401HIGHWordPress MMX – Make Me Christmas plugin <= 1.0.0 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2024-48057MEDIUMlocalai <=2.20.1 is vulnerable to Cross Site Scripting (XSS). When calling the delete model API and passing inappropriate parameters, it canEPSS 0.2%CVE-2024-37540MEDIUMWordPress Leaky Paywall plugin <= 4.21.2 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-12279MEDIUMWP Social AutoConnect <= 4.6.2 - Cross-Site Request Forgery to Reflected Cross-Site ScriptingEPSS 0.2%CVE-2025-32479HIGHWordPress Flags Widget plugin <= 1.0.7 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2024-37467MEDIUMWordPress Hestia theme <= 3.1.2 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-31026HIGHWordPress Comment Validation Reloaded plugin <= 0.5 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2024-37508MEDIUMWordPress Construction Landing Page theme <= 1.3.5 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-31404HIGHWordPress AF Tell a Friend plugin <= 1.4 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-31402HIGHWordPress NewsBoard Post and RSS Scroller plugin <= 1.2.12 - CSRF to Stored XSS vulnerabilityEPSS 0.2%