Weaknesses of type CWE-352

5,729 results
CVE-2026-6391MEDIUMSentence To SEO (keywords, description and tags) <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via Settings Page ParametersEPSS 0.2%CVE-2024-54357MEDIUMWordPress Avada theme <= 7.11.10 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-1320MEDIUMteachPress <= 9.0.9 - Cross-Site Request Forgery to Import DeleteEPSS 0.2%CVE-2026-13944LOWInappropriate implementation in DataTransfer in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who convinced a user tEPSS 0.2%CVE-2023-1604MEDIUMShort URL <= 1.6.8 - Cross-Site Request Forgery via configuration_pageEPSS 0.2%CVE-2024-38732MEDIUMWordPress Patricia Blog theme <= 1.2 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-31068MEDIUMWordPress Seven Stars <= 1.4.4 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.2%CVE-2024-43336MEDIUMWordPress WP User Manager – User Profile Builder & Membership plugin <= 2.9.10 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2019-25233MEDIUMAVE DOMINAplus 1.10.x Cross-Site Request Forgery and XSS VulnerabilitiesEPSS 0.2%CVE-2025-2168MEDIUMUltimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider <= 2.4.1 - Cross-Site Request Forgery to Limited User Meta UpdateEPSS 0.2%CVE-2024-37931MEDIUMWordPress Point theme <= 1.1 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-53751MEDIUMWordPress Build App Online plugin <= 1.0.23 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2026-27146HIGHGetSimple CMS: Cross-Site Request Forgery (CSRF) in File Upload Allows Arbitrary UploadsEPSS 0.2%CVE-2025-39512MEDIUMWordPress Bulk Term Editor plugin <= 1.1.4 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.2%CVE-2024-38764MEDIUMWordPress i-transform theme <= 3.0.9 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-62992MEDIUMWordPress Everest Backup plugin <= 2.3.11 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2026-40925HIGHWWBN AVideo has CSRF in configurationUpdate.json.php Enables Full Site Configuration Takeover Including Encoder URL and SMTP CredentialsEPSS 0.2%CVE-2025-39547HIGHWordPress Internal Link Optimiser plugin <= 5.1.3 - CSRF to XSS vulnerabilityEPSS 0.2%CVE-2025-32481HIGHWordPress Nino Social Connect plugin <= 2.0 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-32621HIGHWordPress WP Map Route Planner plugin <= 1.0.0 - CSRF to Stored XSS vulnerabilityEPSS 0.2%