Weaknesses of type CWE-352
5,733 resultsCVE-2025-49510MEDIUMWordPress Min Max Step Quantity Limits Manager for WooCommerce plugin <= 5.1.0 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-59845HIGHApollo Embedded Sandbox and Explorer vulnerable to CSRF via window.postMessage origin-validation bypassEPSS 0.1%CVE-2024-38776HIGHWordPress WP GoToWebinar plugin <= 15.7 - CSRF to XSS vulnerabilityEPSS 0.1%CVE-2025-57930MEDIUMWordPress Double the Donation Plugin <= 2.0.0 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2025-22669MEDIUMWordPress Awesome Event Booking plugin <= 2.7.5 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2026-32755MEDIUMAdmidio is Missing CSRF Protection on Role Membership Date ChangesEPSS 0.1%CVE-2025-9884MEDIUMMobile Site Redirect <= 1.2.1 - Cross-Site Request Forgery to Stored Cross-Site ScriptingEPSS 0.1%CVE-2024-56232HIGHWordPress WP Nice Loader plugin <= 0.1.0.4 - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2024-57611LOW07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/doAdminAction.php?act=editShop&shopId.EPSS 0.1%CVE-2025-57915MEDIUMWordPress TOCHAT.BE Plugin <= 1.3.4 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2025-26926MEDIUMWordPress Booknetic plugin <= 4.0.9 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2024-57159LOW07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via /erp.07fly.net:80/oa/OaWorkReport/add.html.EPSS 0.1%CVE-2025-57934MEDIUMWordPress LWS Affiliation Plugin <= 2.3.6 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2025-9632MEDIUMPhpList Subber <= 1.1 - Cross-Site Request ForgeryEPSS 0.1%CVE-2024-46872MEDIUMClient-Side Path Traversal Leading to CSRF in PlaybooksEPSS 0.1%CVE-2025-12070MEDIUMViaAds <= 2.1.2 - Cross-Site Request Forgery to API Key UpdateEPSS 0.1%CVE-2025-31572MEDIUMWordPress Multi Days Events and Multi Events in One Day Calendar plugin <= 1.1.3 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-57933MEDIUMWordPress Piotnet Forms Plugin <= 1.0.30 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2025-13990MEDIUMMamurjor Employee Info <= 1.0.0 - Cross-Site Request Forgery to Arbitrary Employee and Related Data ManipulationEPSS 0.1%CVE-2025-57927MEDIUMWordPress Dashboard Notepad Plugin <= 1.42 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%