Weaknesses of type CWE-352

5,724 results
CVE-2023-25697MEDIUMWordPress GamiPress plugin <= 2.5.6 - CSRF Leading to Settings Change VulnerabilityEPSS 0.2%CVE-2025-32480HIGHWordPress Windows Live Writer plugin <= 0.1 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2024-37540MEDIUMWordPress Leaky Paywall plugin <= 4.21.2 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-32250MEDIUMWordPress Rollbar plugin <= 2.7.1 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-37467MEDIUMWordPress Hestia theme <= 3.1.2 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-31388HIGHWordPress The World plugin <= 0.4 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-31026HIGHWordPress Comment Validation Reloaded plugin <= 0.5 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2024-7820MEDIUMILC Thickbox <= 1.0 - Settings update via CSRFEPSS 0.2%CVE-2024-54393HIGHWordPress WP Fiddle plugin <= 1.0 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2024-54399HIGHWordPress CRUDLab Google Plus Button plugin <= 1.0.2 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2024-54394HIGHWordPress Mandrill WP plugin <= 1.0.5 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2024-54404HIGHWordPress MDC Comment Toolbar plugin <= 1.1 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2024-54392HIGHWordPress WP微信机器人 plugin <= 5.3.5 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2024-13555MEDIUM1 Click WordPress Migration Plugin – 100% FREE for a limited time <= 2.2 - Cross-Site Request Forgery to Backup Process CancellationEPSS 0.2%CVE-2024-54409HIGHWordPress XPD Reduce Image Filesize plugin <= 1.0 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2024-54400HIGHWordPress AppMaps plugin <= 1.1 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-39546MEDIUMWordPress ElementsReady Addons for Elementor plugin <= 6.6.2 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.2%CVE-2026-11195MEDIUMInappropriate implementation in MHTML in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in spEPSS 0.2%CVE-2024-35109MEDIUMidccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /homePro_deal.php?mudi=add&nohrefStr=close.EPSS 0.2%CVE-2025-59901HIGHauthenticated reflected XSS vulnerability in Sync Breeze Enterprise ServerEPSS 0.2%