Weaknesses of type CWE-352

5,733 results
CVE-2025-22703HIGHWordPress Forge – Front-End Page Builder plugin <= 1.4.6 - CSRF to Stored Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2024-47635MEDIUMWordPress TinyPNG plugin <= 3.4.3 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-36576LOWDell Wyse Management Suite, versions prior to WMS 5.2, contain a Cross-Site Request Forgery (CSRF) vulnerability. A high privileged attackerEPSS 0.2%CVE-2025-26211LOWGibbon before 29.0.00 allows CSRF.EPSS 0.2%CVE-2024-57160MEDIUM07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via /erp.07fly.net:80/oa/OaTask/edit.html.EPSS 0.2%CVE-2024-12206MEDIUMWordpress Header Builder Plugin <= 1.3.8 - Cross-Site Request Forgery to Header DeletionEPSS 0.2%CVE-2024-13317MEDIUMShipWorks Connector for Woocommerce <= 5.2.5 - Cross-Site Request Forgery to Service Password/Username UpdateEPSS 0.2%CVE-2024-57161MEDIUM07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via /erp.07fly.net:80/oa/OaWorkReport/edit.htmlEPSS 0.2%CVE-2026-4070MEDIUMAlfie <= 1.2.1 - Cross-Site Request Forgery to Feed Deletion via 'delete' ParameterEPSS 0.2%CVE-2025-25873MEDIUMCross Site Request Forgery vulnerability in Open Panel OpenAdmin v.0.3.4 allows a remote attacker to escalate privileges via the Change RootEPSS 0.2%CVE-2024-49304MEDIUMWordPress Pinpoint Booking System plugin <= 2.9.9.5.7 - CSRF to Stored Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2025-30919HIGHWordPress Store Locator Widget plugin <= 2025r2 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-24982MEDIUMCross-site request forgery vulnerability exists in Activity Log WinterLock versions prior to 1.2.5. If a user views a malicious page while lEPSS 0.2%CVE-2024-38778MEDIUMWordPress WP Fast Total Search <= 1.69.234 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2018-25337MEDIUMJoomla JoomOCShop 1.0 Cross-Site Request ForgeryEPSS 0.2%CVE-2025-57960MEDIUMWordPress Travel Map Plugin <= 1.0.3 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.2%CVE-2024-40601MEDIUMAn issue was discovered in the MediaWikiChat extension for MediaWiki through 1.42.1. CSRF can occur in API modules.EPSS 0.2%CVE-2024-47914MEDIUMVaeMendis - CWE-352: Cross-Site Request Forgery (CSRF)EPSS 0.2%CVE-2024-4839MEDIUMCSRF in Servers Configurations in parisneo/lollms-webuiEPSS 0.2%CVE-2026-6400MEDIUMChild Height Predictor by Ostheimer <= 1.3 - Cross-Site Request Forgery to Settings Update via Plugin Settings FormEPSS 0.2%