Weaknesses of type CWE-352
5,733 resultsCVE-2025-53314CRITICALWordPress WP Optimizer plugin <= 2.5.0 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-46249MEDIUMWordPress Simple calendar for Elementor plugin <= 1.6.4 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2026-43985HIGHTaultulli has CSRF in /configUpdate via missing anti-CSRF and method restriction that allows admin credential takeoverEPSS 0.1%CVE-2025-46243MEDIUMWordPress Recover abandoned cart for WooCommerce plugin <= 2.2 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2025-22589HIGHWordPress Quote Tweet plugin <= 0.7 - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2025-22342HIGHWordPress WP Simple Sitemap plugin <= 0.2 - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2025-22343HIGHWordPress wpSOL plugin <= 1.2.0 - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2025-42908MEDIUMCross-Site Request Forgery (CSRF) vulnerability in SAP NetWeaver Application Server for ABAPEPSS 0.1%CVE-2016-20053MEDIUMRedaxo CMS 5.2 Cross-Site Request Forgery via users endpointEPSS 0.1%CVE-2025-9946MEDIUMLockerPress – WordPress Security Plugin <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site ScriptingEPSS 0.1%CVE-2025-22582HIGHWordPress Uptime Robot plugin <= 0.1.3 - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2025-22336HIGHWordPress Wizhi Multi Filters by Wenprise plugin <= 1.8.6 - CSRF to Stored Cross Site Scripting (XSS) vulnerabilityEPSS 0.1%CVE-2026-34171HIGHCoolify: Account takeover via CSRF-able GET endpoint that resets password to attacker-known valueEPSS 0.1%CVE-2025-46245MEDIUMWordPress CM Ad Changer plugin <= 2.0.5 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2025-22325HIGHWordPress Autocompleter plugin <= 1.3.5.2 - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2025-12589MEDIUMWP-Walla <= 0.5.3.5 - Cross-Site Request Forgery to Stored Cross-Site ScriptingEPSS 0.1%CVE-2025-24289HIGHA Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) vulnerability in the UCRM Client Signup Plugin (v1.3.4 and earlierEPSS 0.1%CVE-2019-25259MEDIUMLeica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 Cross-Site Request ForgeryEPSS 0.1%CVE-2025-46246MEDIUMWordPress CM Answers plugin <= 3.3.3 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2026-10552MEDIUMBlue Captcha <= 2.0.1 - Cross-Site Request Forgery via 'blcap_action' ParameterEPSS 0.1%