Weaknesses of type CWE-352

5,730 results
CVE-2025-32616HIGHWordPress Nimbata Call Tracking plugin <= 1.7.4 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-39547HIGHWordPress Internal Link Optimiser plugin <= 5.1.3 - CSRF to XSS vulnerabilityEPSS 0.2%CVE-2025-32597HIGHWordPress WordPress Events Calendar Plugin – connectDaily plugin <= 1.5.4 - CSRF to Cross-Site Scripting vulnerabilityEPSS 0.2%CVE-2025-32502HIGHWordPress ePaper Lister for Yumpu plugin <= 1.4.0 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2026-40925HIGHWWBN AVideo has CSRF in configurationUpdate.json.php Enables Full Site Configuration Takeover Including Encoder URL and SMTP CredentialsEPSS 0.2%CVE-2025-32584HIGHWordPress Chat2 plugin <= 4.0 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-32500HIGHWordPress Codescar Radio Widget plugin <= 0.4.2 - CSRF to Stored Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2025-29722MEDIUMA CSRF vulnerability in Commercify v1.0 allows remote attackers to perform unauthorized actions on behalf of authenticated users. The issue EPSS 0.2%CVE-2025-32623HIGHWordPress PlainInventory plugin <= 3.1.9 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2023-50932HIGHAn issue was discovered in savignano S/Notify before 4.0.2 for Confluence. While an administrative user is logged on, the configuration settEPSS 0.2%CVE-2025-32498HIGHWordPress VKontakte Cross-Post plugin <= 0.3.2 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2026-3193LOWChia Blockchain send_transaction cross-site request forgeryEPSS 0.2%CVE-2023-50931HIGHAn issue was discovered in savignano S/Notify before 2.0.1 for Bitbucket. While an administrative user is logged on, the configuration settiEPSS 0.2%CVE-2025-70062MEDIUMPHPGurukul Hospital Management System v4.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the 'Add Doctor' module. The applicEPSS 0.2%CVE-2025-21576MEDIUMVulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Dynamo Personalization Server). Supported versions thaEPSS 0.2%CVE-2025-32617HIGHWordPress Multiple Location Google Map plugin <= 1.1 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-32619HIGHWordPress KeyCAPTCHA plugin <= 2.5.1 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-32575HIGHWordPress WP w3all phpBB Plugin <= 2.9.9 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-13413MEDIUMCountry Blocker for AdSense <= 1.0 - Cross-Site Request Forgery to Settings UpdateEPSS 0.2%CVE-2025-32484HIGHWordPress WP-Planification – WP-Planning plugin <= 2.3.1 - CSRF to Stored XSS vulnerabilityEPSS 0.2%