Weaknesses of type CWE-352

5,677 results
CVE-2022-2933MEDIUM0mk Shortener <= 0.2 - Cross-Site Request Forgery to Stored Cross-Site ScriptingEPSS 0.5%CVE-2023-3977MEDIUMInisev Plugins (Various Versions) - Cross-Site Request Forgery on handle_installation functionEPSS 0.5%CVE-2022-1672Insights from Google PageSpeed < 4.0.7 - Multiple CSRFEPSS 0.5%CVE-2022-0231MEDIUMCross-Site Request Forgery (CSRF) in livehelperchat/livehelperchatEPSS 0.5%CVE-2022-3536HIGHRole Based Pricing for WooCommerce < 1.6.3 - Subscriber+ PHAR DeserializationEPSS 0.5%CVE-2022-4265Replyable < 2.2.10 - Subscriber+ PHP Object InjectionEPSS 0.5%CVE-2021-25965HIGHCalibre-web - Admin Account Takeover via Cross-Site Request Forgery (CSRF)EPSS 0.5%CVE-2020-1977HIGHExpedition Migration Tool: Insufficient Cross Site Request Forgery protection.EPSS 0.5%CVE-2025-25101CRITICALWordPress Munk Sites plugin <= 1.0.7 - CSRF to Arbitrary Plugin Installation vulnerabilityEPSS 0.5%CVE-2021-24595WP Cookie Choice <= 1.1.0 - CSRF to Stored Cross-Site ScriptingEPSS 0.5%CVE-2022-2542HIGHuContext for Clickbank <= 3.9.1 - Cross-Site Request Forgery to Cross-Site ScriptingEPSS 0.5%CVE-2020-14368A flaw was found in Eclipse Che in versions prior to 7.14.0 that impacts CodeReady Workspaces. When configured with cookies authentication, EPSS 0.5%CVE-2021-4033MEDIUMCross-Site Request Forgery (CSRF) in kevinpapst/kimai2EPSS 0.5%CVE-2021-3993MEDIUMCross-Site Request Forgery (CSRF) in star7th/showdocEPSS 0.5%CVE-2021-41176MEDIUMlogout CSRF in Pterodactyl PanelEPSS 0.5%CVE-2022-1912HIGHButton Widget Smartsoft <= 1.0.1 - Cross-Site Request Forgery to Cross-Site ScriptingEPSS 0.5%CVE-2024-39090MEDIUMThe PHPGurukul Online Shopping Portal Project version 2.0 contains a vulnerability that allows Cross-Site Request Forgery (CSRF) to lead to EPSS 0.5%CVE-2022-1761Peter’s Collaboration E-mails <= 2.2.0 - Arbitrary Settings Update via CSRFEPSS 0.5%CVE-2024-24470HIGHCross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the update_post.php coEPSS 0.5%CVE-2023-32998HIGHA cross-site request forgery (CSRF) vulnerability in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers to connect to an attacker-EPSS 0.5%