Weaknesses of type CWE-352

5,731 results
CVE-2025-30577HIGHWordPress Browser Address Bar Color plugin <= 3.3 - Cross Site Request Forgery (CSRF) to Stored XSS VulnerabilityEPSS 0.2%CVE-2024-32538MEDIUMWordPress Easy CountDowner plugin <= 1.0.8 - CSRF to XSS vulnerabilityEPSS 0.2%CVE-2025-26899MEDIUMWordPress Recapture for WooCommerce Plugin <= 1.0.43 - CSRF to Settings Change vulnerabilityEPSS 0.2%CVE-2024-20934MEDIUMVulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Engineering Change Order). Supported versions thaEPSS 0.2%CVE-2025-22559HIGHWordPress TubePress.NET Plugin <= 4.0.1 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-22555HIGHWordPress Smoothness Slider Shortcode plugin <= v1.2.2 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2026-38566HIGHHireFlow v1.2 does not implement CSRF token validation on any state-changing POST endpoint. All forms (password change at /profile, candidatEPSS 0.2%CVE-2024-6405MEDIUMFloating Social Buttons <= 1.5 - Cross-Site Request ForgeryEPSS 0.2%CVE-2026-3772HIGHWP Editor <= 1.2.9.2 - Cross-Site Request Forgery to Remote Code Execution via Plugin and Theme File EditorEPSS 0.2%CVE-2024-20933MEDIUMVulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Engineering Change Order). Supported versions thaEPSS 0.2%CVE-2025-22556HIGHWordPress Norse Rune Oracle plugin <= 1.4.2 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-22590HIGHWordPress Prayer Times Anywhere plugin <= 2.0.1 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-22557HIGHWordPress News Publisher Autopilot plugin <= 2.1.4 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2024-20942MEDIUMVulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle Supply Chain (component: LOV). Supported versions tEPSS 0.2%CVE-2025-30522HIGHWordPress Contact Form 7 Material Design plugin <= 1.0.0 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2026-6405MEDIUMAnomify AI <= 0.3.6 - Cross-Site Request ForgeryEPSS 0.2%CVE-2026-46894HIGHVulnerability in the Oracle iSupplier Portal product of Oracle E-Business Suite (component: Home Page). Supported versions that are affecteEPSS 0.2%CVE-2025-49382HIGHWordPress JobZilla - Job Board WordPress Theme Theme <= 2.0 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.2%CVE-2024-49340MEDIUMIBM Watson Studio Local cross-site request forgeryEPSS 0.2%CVE-2025-20321MEDIUMMembership State Change in Splunk Search Head Cluster through a Cross-Site Request Forgery (CSRF) in Splunk EnterpriseEPSS 0.2%