Weaknesses of type CWE-352

5,730 results
CVE-2024-35632MEDIUMWordPress Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.1.5 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-35636MEDIUMWordPress Uploadcare File Uploader and Adaptive Delivery plugin <= 3.0.11 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2026-12740HIGHPlack::Middleware::OAuth versions through 0.10 for Perl do not support the OAuth 2.0 state parameterEPSS 0.2%CVE-2026-48518MEDIUMMultiJuicer: Login CSRF allows attacker to force victims into their teamEPSS 0.2%CVE-2024-43269MEDIUMWordPress Backup and Restore WordPress plugin <= 1.50 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-43295MEDIUMWordPress WP Data Access plugin <= 5.5.7 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-43340MEDIUMWordPress AFI – The Easiest Integration Plugin plugin <= 1.89.4 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-43337MEDIUMWordPress Brave plugin <= 0.7.0 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2023-47845MEDIUMWordPress Grab & Save plugin <= 1.0.4 - Cross-Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-0801MEDIUMRateMyAgent Official <= 1.4.0 - Cross-Site Request Forgery to API Key UpdateEPSS 0.2%CVE-2025-53897MEDIUMKiteworks MFT has a Cross-Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-43947MEDIUMWordPress WP Armour Extended plugin <= 1.26 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2026-33649HIGHAVideo's GET-Based CSRF in setPermission.json.php Enables Privilege Escalation via Arbitrary Permission ModificationEPSS 0.2%CVE-2024-43356MEDIUMWordPress oik plugin <= 4.12.0 - Arbitrary File Deletion vulnerabilityEPSS 0.2%CVE-2025-36728MEDIUMSimpleHelp Cross Site Request ForgeryEPSS 0.2%CVE-2024-37925MEDIUMWordPress BuddyBoss Theme theme <= 2.4.61 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-47701HIGHRestrict route by IP - Critical - Cross Site Request Forgery - SA-CONTRIB-2025-047EPSS 0.2%CVE-2026-8421HIGHConcrete CMS 9.5.0 and below is vulnerable to CSRF on install_package() with conditional token bypass leading to RCEEPSS 0.2%CVE-2025-52835CRITICALWordPress WING WordPress Migrator plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-43299MEDIUMWordPress SpeedyCache plugin <= 1.1.8 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%