Weaknesses of type CWE-352
5,725 resultsCVE-2024-27968HIGHWordPress Super Page Cache for Cloudflare plugin <= 4.7.5 - Cross Site Request Forgery (CSRF) to XSS vulnerabilityEPSS 0.2%CVE-2025-60208HIGHWordPress Advanced Custom Fields : CPT Options Pages plugin <= 2.0.9 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-30568MEDIUMWordPress Super Static Cache plugin <= 3.3.5 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.2%CVE-2024-49274MEDIUMWordPress VOD Infomaniak plugin <= 1.5.7 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-30805MEDIUMWordPress Flexible Cookies plugin <= 1.1.8 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-2368MEDIUMMollie Forms <= 2.6.13 - Cross-Site Request Forgery to Arbitrary Post DuplicationEPSS 0.2%CVE-2024-12218MEDIUMWoocommerce check pincode/zipcode for shipping <= 2.0.4 - Cross-Site Request Forgery to Reflected Cross-Site ScriptingEPSS 0.2%CVE-2024-45527MEDIUMREDCap 14.7.0 allows HTML injection via the project title of a New Project action. This can lead to resultant logout CSRF via index.php?logoEPSS 0.2%CVE-2025-12535MEDIUMSureForms <= 1.13.1 - Cross-Site Request Forgery Protection Bypass via Improper Nonce DistributionEPSS 0.2%CVE-2022-47424MEDIUMWordPress ARMember plugin <= 4.0.5 - Cross Site Request Forgery (CSRF)EPSS 0.2%CVE-2026-44364CRITICALmisp-modules website - Missing CSRF protection in the website home blueprintEPSS 0.2%CVE-2024-21202MEDIUMVulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions thEPSS 0.2%CVE-2024-35684MEDIUMWordPress ElasticPress plugin <= 5.1.1 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-7422MEDIUMTheme My Login <= 7.1.7 - Cross-Site Request Forgery to Settings UpdateEPSS 0.2%CVE-2024-39657MEDIUMWordPress Sender plugin <= 2.6.18 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-4409MEDIUMWP-ViperGB <= 1.6.1 - Cross-Site Request ForgeryEPSS 0.2%CVE-2024-35561MEDIUMidccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ca_deal.php?mudi=add&nohrefStr=close.EPSS 0.2%CVE-2024-39641MEDIUMWordPress LearnPress plugin <= 4.2.6.8.2 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-22562MEDIUMWordPress Title Experiments Free plugin <= 9.0.4 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-38729MEDIUMWordPress MBE eShip plugin <= 2.1.2 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%