Weaknesses of type CWE-352

5,730 results
CVE-2025-47708HIGHEnterprise MFA - TFA for Drupal - Critical - Cross Site Request Forgery - SA-CONTRIB-2025-054EPSS 0.2%CVE-2025-47701HIGHRestrict route by IP - Critical - Cross Site Request Forgery - SA-CONTRIB-2025-047EPSS 0.2%CVE-2026-8426HIGHConcrete CMS 9.5.0 and below is vulnerable to CSRF on prepare_remote_upgrade() leading to one-request RCE via package overwriteEPSS 0.2%CVE-2025-36728MEDIUMSimpleHelp Cross Site Request ForgeryEPSS 0.2%CVE-2024-37925MEDIUMWordPress BuddyBoss Theme theme <= 2.4.61 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-51157MEDIUM07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component http://erp.07fly.net:80/oa/OaSchedule/add.htEPSS 0.2%CVE-2025-54390MEDIUMA Cross-Site Request Forgery (CSRF) vulnerability exists in the ResetPasswordRequest operation of Zimbra Collaboration (ZCS) when the zimbraEPSS 0.2%CVE-2025-30598MEDIUMWordPress OSS Upload plugin <= 4.8.9 Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.2%CVE-2021-47723MEDIUMSTVS ProVision Cross-Site Request Forgery (Add Admin)EPSS 0.2%CVE-2025-54010CRITICALWordPress FluentSnippets plugin <= 10.50 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.2%CVE-2026-3565MEDIUMTaqnix <= 1.0.3 - Cross-Site Request Forgery to Account Deletion via 'taqnix_delete_my_account' AJAX ActionEPSS 0.2%CVE-2020-37079MEDIUMWing FTP Server < 6.2.7 - Cross-site Request ForgeryEPSS 0.2%CVE-2025-25093MEDIUMWordPress Child Themes Helper plugin <= 2.2.7 - CSRF to Arbitrary File Deletion vulnerabilityEPSS 0.2%CVE-2025-52825HIGHWordPress Real Estate Manager plugin <= 7.3 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.2%CVE-2025-23675HIGHWordPress Import Users to MailChimp plugin <= 1.0 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2024-48291MEDIUMdingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/doAdminAction.php?act=editAdmin&id=17EPSS 0.2%CVE-2025-23673HIGHWordPress Email on Publish plugin <= 1.5 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2024-37417MEDIUMWordPress Coachify theme <= 1.0.7 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-30617MEDIUMWordPress Rewrite plugin <= 0.2.1 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.2%CVE-2025-30601MEDIUMWordPress Flipdish Ordering System plugin <= 1.5.2 - Cross Site Request Forgery (CSRF) to Settings Change vulnerabilityEPSS 0.2%