Weaknesses of type CWE-352

5,725 results
CVE-2024-31943MEDIUMWordPress USPS Shipping for WooCommerce plugin <= 1.9.2 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-24622MEDIUMWordPress Job Board Manager plugin <= 2.1.59 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-29766MEDIUMTuleap has missing CSRF protections on artifact submission & edition from the tracker viewEPSS 0.2%CVE-2024-54337HIGHWordPress DX Dark Site plugin <= 1.0.1 - CSRF to Stored Cross-Site Scripting vulnerabilityEPSS 0.2%CVE-2024-55923MEDIUMCross-Site Request Forgery in Indexed Search Module in TYPO3EPSS 0.2%CVE-2025-24647MEDIUMWordPress WooCommerce Cloak Affiliate Links plugin <= 1.0.35 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2026-34228HIGHEmlog: CSRF in Backend Upgrade Interface Leading to Arbitrary Remote SQL Execution and Arbitrary File WriteEPSS 0.2%CVE-2024-54226HIGHWordPress Country Blocker plugin <= 3.2 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2024-13518MEDIUMSimple:Press <= 6.10.12 - Cross-Site Request Forgery to Unauthorized Post EditingEPSS 0.2%CVE-2024-22721MEDIUMCross Site Request Forgery (CSRF) vulnerability in Form Tools 3.1.1 allows attackers to manipulate sensitive user data via crafted link.EPSS 0.2%CVE-2024-34957MEDIUMidccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/sysImages_deal.php?mudi=infoSet.EPSS 0.2%CVE-2024-54351HIGHWordPress Fancy Roller Scroller plugin <= 1.4.0 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-1506MEDIUMWp Social Login and Register Social Counter <= 3.1.0 - Cross-Site Request Forgery to Settings UpdateEPSS 0.2%CVE-2025-21507MEDIUMVulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are EPSS 0.2%CVE-2026-6401MEDIUMBottom Bar <= 0.1.7 - Cross-Site Request Forgery to Settings UpdateEPSS 0.2%CVE-2026-11270MEDIUMInappropriate implementation in UI in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data viEPSS 0.2%CVE-2023-4000MEDIUMWaiting: One-click countdowns <= 0.6.2 - Cross-Site Request ForgeryEPSS 0.2%CVE-2023-3409MEDIUMBricks <= 1.8.1 - Cross-Site Request Forgery via reset_settingsEPSS 0.2%CVE-2025-57902MEDIUMWordPress RIS Version Switcher – Downgrade or Upgrade WP Versions Easily Plugin <= 1.0 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.2%CVE-2024-26450MEDIUMAn issue exists within Piwigo before v.14.2.0 allowing a malicious user to take over the application. This exploit involves chaining a CrossEPSS 0.2%