Weaknesses of type CWE-352
5,731 resultsCVE-2026-22202MEDIUMwpDiscuz before 7.6.47 - Destructive GET Action Deletes All Comments by EmailEPSS 0.2%CVE-2024-11341MEDIUMSimple Redirection <= 1.5 - Cross-Site Request Forgery to Arbitrary Site RedirectEPSS 0.2%CVE-2024-53725HIGHWordPress Post Hits Counter plugin <= 2.8.23 - CSRF to Reflected Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2024-53728HIGHWordPress Protect Your Content plugin <= 1.0.2 - CSRF to Stored Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2024-53720HIGHWordPress WP-ISPConfig 3 plugin <= 1.5.6 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2026-27589MEDIUMCaddy vulnerable to cross-origin config application via local admin API /load (caddy)EPSS 0.2%CVE-2025-2935MEDIUMAnti-Spam: Spam Protection | Block Spam Users, Comments, Forms <= 2024.7 - Cross-Site Request Forgery to Multiple Administrative ActionsEPSS 0.2%CVE-2024-10789MEDIUMWP User Profile Avatar <= 1.0.5 - Cross-Site Request Forgery to Settings UpdateEPSS 0.2%CVE-2024-53726HIGHWordPress RealtyCandy IDX Broker Extended plugin <= 1.5.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2024-53732HIGHWordPress Footer Flyout Widget plugin <= 1.1 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-54256HIGHDreamweaver Desktop | Cross-Site Request Forgery (CSRF) (CWE-352)EPSS 0.2%CVE-2025-50036MEDIUMWordPress Mailing Group Listserv plugin <= 3.0.5 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.2%CVE-2025-7369MEDIUMShortcodes Ultimate <= 7.4.2 - Cross-Site Request Forgery to Arbitrary Shortcode ExecutionEPSS 0.2%CVE-2024-6751MEDIUMSocial Auto Poster <= 5.3.14 - Cross-Site Request Forgery via Multiple FunctionsEPSS 0.2%CVE-2024-53723HIGHWordPress Google Plus Share and +1 Button plugin <= 1.0 - CSRF to Stored Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2026-41317MEDIUMFrappe Press has an unsafe HTTP method / CSRF-adjacent issue on API secret generationEPSS 0.2%CVE-2026-42091MEDIUMgoshs has Cross-Origin Arbitrary File Write via Missing CSRF on PUT and Wildcard CORSEPSS 0.2%CVE-2024-56474MEDIUMIBM TXSeries for Multiplatforms cross-site request forgeryEPSS 0.2%CVE-2024-31613MEDIUMBOSSCMS v3.10 is vulnerable to Cross Site Request Forgery (CSRF) in name="head_code" or name="foot_code."EPSS 0.2%CVE-2021-47702MEDIUMOpenBMCS Cross Site Request Forgery (CSRF) via sendFeedback.phpEPSS 0.2%