Weaknesses of type CWE-352

5,733 results
CVE-2025-26926MEDIUMWordPress Booknetic plugin <= 4.0.9 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-61547MEDIUMCross-Site Request Forgery (CSRF) is present on all functions in edu Business Solutions Print Shop Pro WebDesk version 18.34 (fixed in 19.76EPSS 0.1%CVE-2026-4590LOWkalcaddle kodbox loginSubmit API index.class.php cross-site request forgeryEPSS 0.1%CVE-2025-22705HIGHWordPress Disqus Popular Posts plugin <= 2.1.1 - CSRF to Reflected Cross Site Scripting (XSS) vulnerabilityEPSS 0.1%CVE-2025-70811MEDIUMCross Site Request Forgery vulnerability in Phpbb phbb3 v.3.3.15 allows a local attacker to execute arbitrary code via the Admin Control PanEPSS 0.1%CVE-2025-9880MEDIUMSide Slide Responsive Menu <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site ScriptingEPSS 0.1%CVE-2025-27357MEDIUMWordPress Önceki Yazı Link Plugin <= 1.3 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-46547MEDIUMIn Sherpa Orchestrator 141851, the web application lacks protection against CSRF attacks, with resultant effects of an attacker conducting XEPSS 0.1%CVE-2025-54528MEDIUMIn JetBrains TeamCity before 2025.07 a CSRF was possible in GitHub App connection flowEPSS 0.1%CVE-2025-60645MEDIUMA Cross-Site Request Forgery (CSRF) in xxl-api v1.3.0 allows attackers to arbitrarily add users to the management module via a crafted GET rEPSS 0.1%CVE-2024-56218MEDIUMWordPress Contact Form 7 - Dynamic Text Extension plugin <= 5.0.1 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-54536MEDIUMIn JetBrains TeamCity before 2025.07 a CSRF was possible on GraphQL endpointEPSS 0.1%CVE-2025-12588MEDIUMUSB Qr Code Scanner For Woocommerce <= 1.0.0 - Cross-Site Request Forgery to Settings UpdateEPSS 0.1%CVE-2025-10588MEDIUMPixelYourSite <= 11.1.2 – Cross-Site Request Forgery to GDPR Options ModificationEPSS 0.1%CVE-2024-23736HIGHCross Site Request Forgery (CSRF) vulnerability in savignano S/Notify before 4.0.2 for Confluence allows attackers to manipulate a user's S/EPSS 0.1%CVE-2025-50179MEDIUMTuleap missing CSRF protection on tracker reports manipulationEPSS 0.1%CVE-2025-48991MEDIUMTuleap missing CSRF protection on tracker canned responses administrationEPSS 0.1%CVE-2025-54033MEDIUMWordPress Theme Builder For Elementor plugin <= 1.2.3 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2025-24289HIGHA Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) vulnerability in the UCRM Client Signup Plugin (v1.3.4 and earlierEPSS 0.1%CVE-2025-22336HIGHWordPress Wizhi Multi Filters by Wenprise plugin <= 1.8.6 - CSRF to Stored Cross Site Scripting (XSS) vulnerabilityEPSS 0.1%