Weaknesses of type CWE-352

5,725 results
CVE-2025-64138MEDIUMA cross-site request forgery (CSRF) vulnerability in Jenkins Start Windocks Containers Plugin 1.4 and earlier allows attackers to connect toEPSS 0.2%CVE-2025-64141MEDIUMA cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers to connect to an atEPSS 0.2%CVE-2024-54404HIGHWordPress MDC Comment Toolbar plugin <= 1.1 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2024-54407HIGHWordPress CK and SyntaxHighlighter plugin <= 3.4.2 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2024-39628MEDIUMWordPress Ninja Forms plugin <= 3.8.6 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-54400HIGHWordPress AppMaps plugin <= 1.1 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2024-35109MEDIUMidccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /homePro_deal.php?mudi=add&nohrefStr=close.EPSS 0.2%CVE-2024-54410HIGHWordPress SOPA Blackout plugin <= 1.4 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2024-54397HIGHWordPress Go Animate plugin <= 1.0 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2024-54399HIGHWordPress CRUDLab Google Plus Button plugin <= 1.0.2 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-59901HIGHauthenticated reflected XSS vulnerability in Sync Breeze Enterprise ServerEPSS 0.2%CVE-2025-39517MEDIUMWordPress Basic Interactive World Map plugin <= 2.7 - Cross Site Request Forgery (CSRF) to Settings Change vulnerabilityEPSS 0.2%CVE-2024-54391HIGHWordPress WordPress Filter plugin <= 1.4.1 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-32494MEDIUMWordPress reCAPTCHA Jetpack plugin <= 0.2.2 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.2%CVE-2024-7862MEDIUMBlog Introduction <= 0.3.0 - Settings Update via CSRFEPSS 0.2%CVE-2024-54392HIGHWordPress WP微信机器人 plugin <= 5.3.5 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2024-12288MEDIUMSimple add pages or posts <= 2.0.0 - Cross-Site Request Forgery to Reflected Cross-Site ScriptingEPSS 0.2%CVE-2026-14016MEDIUMInappropriate implementation in SVG in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafteEPSS 0.2%CVE-2024-54438HIGHWordPress Gaxx Keywords plugin <= 0.2 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-48885MEDIUMapplication-urlshortener users can create arbitrary pages as long as they have view access to themEPSS 0.2%