Weaknesses of type CWE-352
5,729 resultsCVE-2025-25769HIGHWangmarket v4.10 to v5.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /controller/UserController.java.EPSS 0.2%CVE-2024-51659HIGHWordPress Twitter @Anywhere Plus plugin <= 2.0 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2024-53710HIGHWordPress ITERAS plugin <= 1.8.0 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2024-49294MEDIUMWordPress WpBusTicketly plugin <= 5.4.3 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-11014MEDIUMCross-site request forgery (CSRF) vulnerability in NEC Corporation UNIVERGE IX from Ver9.2 to Ver10.10.21, for Ver10.8 up to Ver10.8.27 and EPSS 0.2%CVE-2024-53714HIGHWordPress Continue Shopping From Cart plugin <= 1.3 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2024-53711HIGHWordPress Hotlink2Watermark plugin <= 0.3.2 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2024-3593HIGHUberMenu <= 3.8.3 - Cross-Site Request Forgery to Settings ResetEPSS 0.2%CVE-2024-51658HIGHWordPress WP Course Manager plugin <= 1.3 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2024-53713HIGHWordPress Silverlight Video Player plugin <= 1.0 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2026-55744HIGHCotonti CSRF in PFS allows forced arbitrary file uploadEPSS 0.2%CVE-2024-53712HIGHWordPress Kevin's plugin <= 2.0.0 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2024-22287HIGHWordPress Better Anchor Links Plugin <= 1.7.5 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.2%CVE-2026-11134MEDIUMInappropriate implementation in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafEPSS 0.2%CVE-2026-11129MEDIUMInappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via aEPSS 0.2%CVE-2025-60111HIGHWordPress Javo Core Plugin <= 3.0.0.266 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.2%CVE-2024-11142HIGHCSRF in Gosoft Software's Proticaret E-CommerceEPSS 0.2%CVE-2024-30617MEDIUMA Cross-Site Request Forgery (CSRF) vulnerability in Chamilo LMS 1.11.26 "/main/social/home.php," allows attackers to initiate a request thaEPSS 0.2%CVE-2026-11084MEDIUMInappropriate implementation in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin dataEPSS 0.2%CVE-2024-12526MEDIUMArena.IM – Live Blogging for real-time events <= 0.4.1 - Cross-Site Request Forgery to Settings UpdateEPSS 0.2%