Weaknesses of type CWE-352
5,730 resultsCVE-2025-32500HIGHWordPress Codescar Radio Widget plugin <= 0.4.2 - CSRF to Stored Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2025-14037HIGHInvelity Products Feeds <= 1.2.6 - Cross-Site Request Forgery to Arbitrary File DeletionEPSS 0.2%CVE-2025-39548HIGHWordPress Right Click Disable OR Ban plugin <= 1.1.17 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2026-40925HIGHWWBN AVideo has CSRF in configurationUpdate.json.php Enables Full Site Configuration Takeover Including Encoder URL and SMTP CredentialsEPSS 0.2%CVE-2025-32482HIGHWordPress Custom Smilies plugin <= 1.2 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2024-42768MEDIUMA Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Hotel Management System v1.0 via /admin/delete_room.php.EPSS 0.2%CVE-2025-32616HIGHWordPress Nimbata Call Tracking plugin <= 1.7.4 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-32501HIGHWordPress RentSyst plugin <= 2.0.92 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-32563HIGHWordPress WP Calais Auto Tagger plugin <= 2.0 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-32597HIGHWordPress WordPress Events Calendar Plugin – connectDaily plugin <= 1.5.4 - CSRF to Cross-Site Scripting vulnerabilityEPSS 0.2%CVE-2025-39530HIGHWordPress Site Search 360 plugin <= 2.1.8 - Cross Site Request Forgery (CSRF) to stored XSS vulnerabilityEPSS 0.2%CVE-2025-32498HIGHWordPress VKontakte Cross-Post plugin <= 0.3.2 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-32481HIGHWordPress Nino Social Connect plugin <= 2.0 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-39547HIGHWordPress Internal Link Optimiser plugin <= 5.1.3 - CSRF to XSS vulnerabilityEPSS 0.2%CVE-2023-50932HIGHAn issue was discovered in savignano S/Notify before 4.0.2 for Confluence. While an administrative user is logged on, the configuration settEPSS 0.2%CVE-2025-32575HIGHWordPress WP w3all phpBB Plugin <= 2.9.9 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-32559HIGHWordPress REVE Chat plugin <= 6.4.4 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2026-33649HIGHAVideo's GET-Based CSRF in setPermission.json.php Enables Privilege Escalation via Arbitrary Permission ModificationEPSS 0.2%CVE-2024-41811LOWipl/web susceptible to Cross-Site Request Forgery (CSRF)EPSS 0.2%CVE-2024-43337MEDIUMWordPress Brave plugin <= 0.7.0 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%