Weaknesses of type CWE-352
5,733 resultsCVE-2025-61604HIGHWeGIA: Cross-Site Request Forgery (CSRF) Vulnerability in `control.php` EndpointEPSS 0.2%CVE-2026-36956HIGHA Cross-Site Request Forgery (CSRF) vulnerability exists in the web management interface of the Dbit N300 T1 Pro wireless router V1.0.0. TheEPSS 0.2%CVE-2025-53456MEDIUMWordPress SEO Backlink Monitor plugin <= 1.8.0 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-50090MEDIUMVulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Personalization). Supported versions thatEPSS 0.2%CVE-2025-55040HIGHThe import form CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to upload and install malicious form definitions through a CSEPSS 0.2%CVE-2026-52784HIGHOpenProject: CSRF on TARGET through /users/:id via POST parameter "user[admin]"EPSS 0.2%CVE-2026-6400MEDIUMChild Height Predictor by Ostheimer <= 1.3 - Cross-Site Request Forgery to Settings Update via Plugin Settings FormEPSS 0.2%CVE-2024-40601MEDIUMAn issue was discovered in the MediaWikiChat extension for MediaWiki through 1.42.1. CSRF can occur in API modules.EPSS 0.2%CVE-2025-57942MEDIUMWordPress Emergency Password Reset plugin <= 9.3 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-51647HIGHWordPress Featured Posts Scroll plugin <= 1.25 - CSRF to Stored Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2024-47914MEDIUMVaeMendis - CWE-352: Cross-Site Request Forgery (CSRF)EPSS 0.2%CVE-2024-4839MEDIUMCSRF in Servers Configurations in parisneo/lollms-webuiEPSS 0.2%CVE-2025-57960MEDIUMWordPress Travel Map Plugin <= 1.0.3 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.2%CVE-2026-4002MEDIUMPetje.af <= 2.1.8 - Cross-Site Request Forgery to Account Deletion via 'petjeaf_disconnect' AJAX ActionEPSS 0.2%CVE-2025-57905MEDIUMWordPress AgreeMe Checkboxes For WooCommerce Plugin <= 1.1.3 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.2%CVE-2026-8418MEDIUMGames Catalog <= 1.2.0 - Cross-Site Request Forgery to Arbitrary Game/Post DeletionEPSS 0.2%CVE-2024-20944MEDIUMVulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affecEPSS 0.2%CVE-2026-13537MEDIUMCodeAstro Human Resource Management System cross-site request forgeryEPSS 0.2%CVE-2025-6214MEDIUMOmnishop <= 1.0.9 - Cross-Site Request Forgery to Arbitrary User Deletion via /users/delete REST EndpointEPSS 0.2%CVE-2026-27841HIGHSenseLive X3050 Cross-Site request forgeryEPSS 0.2%