Weaknesses of type CWE-352

5,733 results
CVE-2025-22325HIGHWordPress Autocompleter plugin <= 1.3.5.2 - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2025-31588MEDIUMWordPress Elfsight Testimonials Slider plugin <= 1.0.1 - Cross Site Request Forgery (CSRF) to Settings Change vulnerabilityEPSS 0.1%CVE-2018-25133MEDIUMSynaccess netBooter NP-0801DU 7.4 Cross-Site Request Forgery via Admin InterfaceEPSS 0.1%CVE-2025-32264MEDIUMWordPress UltraAddons – Elementor Addons plugin <= 2.0.2 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-27339MEDIUMWordPress Minimum Password Strength Plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2026-1503MEDIUMlogin_register <= 1.2.0 - Cross-Site Request Forgery to Stored Cross-Site ScriptingEPSS 0.1%CVE-2025-30908HIGHWordPress Web Directory Free plugin <= 1.7.6 - CSRF to Cross Site Scripting (XSS) vulnerabilityEPSS 0.1%CVE-2025-31888MEDIUMWordPress WP Multi Store Locator Plugin <= 2.5.2 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2018-25334MEDIUMZechat 1.5 Cross-Site Request Forgery (CSRF) via hashtag parameterEPSS 0.1%CVE-2025-32278MEDIUMWordPress Table Block by RioVizual plugin <= 2.3.1 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-32276MEDIUMWordPress Administrator Z plugin <= 2026.03.02 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-27342MEDIUMWordPress WooCommerce Recargo de Equivalencia Plugin <= 1.6.24 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-27328MEDIUMWordPress WP-PostRatings Cheater Plugin <= 1.5 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2026-8911MEDIUMWP AutoBuzz <= 1.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'googleAccount' ParameterEPSS 0.1%CVE-2025-5019MEDIUMHive Support <= 1.2.5 - Cross-Site Request Forgery via hs_update_ai_chat_settings FunctionEPSS 0.1%CVE-2019-25234MEDIUMCarlo Gavazzi SmartHouse Webapp 6.5.33 Cross-Site Request Forgery and XSSEPSS 0.1%CVE-2019-25238MEDIUMV-SOL GPON/EPON OLT Platform 2.03 Cross-Site Request Forgery VulnerabilityEPSS 0.1%CVE-2026-9724MEDIUMMotorDesk <= 1.1.2 - Cross-Site Request Forgery to Settings UpdateEPSS 0.1%CVE-2025-63716MEDIUMThe SourceCodester Leads Manager Tool v1.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks that allow unauthorized state-changingEPSS 0.1%CVE-2025-27344MEDIUMWordPress Phee's LinkPreview Plugin <= 1.6.7 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%