Weaknesses of type CWE-352
5,733 resultsCVE-2025-25168HIGHWordPress BookPress – For Book Authors Plugin <= 1.2.7 - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2026-28201HIGHSurrealDB Injection on Open NotebookEPSS 0.1%CVE-2025-22814HIGHWordPress Zephyr Admin Theme Plugin <= 1.4.1 - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2025-63717MEDIUMThe change password functionality at /pet_grooming/admin/change_pass.php in SourceCodester Pet Grooming Management Software 1.0 is vulnerablEPSS 0.1%CVE-2025-23990HIGHWordPress Scroll Styler plugin <= 1.1 - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2025-30968MEDIUMWordPress Advanced Post List plugin <= 0.5.6.2 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2025-53329HIGHWordPress Społecznościowa 6 PL 2013 plugin <= 2.0.6 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2026-30807HIGHCross-Site Request Forgery on Extension PagesEPSS 0.1%CVE-2025-30632MEDIUMWordPress Global Translator plugin <= 2.0.2 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2025-22768HIGHWordPress Rocket Media Library Mime Type plugin <= 2.1.0 - CSRF to Stored Cross Site Scripting (XSS) vulnerabilityEPSS 0.1%CVE-2025-70899MEDIUMPHPgurukul Online Course Registration v3.1 lacks Cross-Site Request Forgery (CSRF) protection on all administrative forms. An attacker can pEPSS 0.1%CVE-2026-39620CRITICALWordPress Appointment theme <= 3.5.5 - Cross Site Request Forgery (CSRF) to Arbitrary File Upload vulnerabilityEPSS 0.1%CVE-2025-23446HIGHWordPress WP SpaceContent plugin <= 0.4.5 - CSRF to Stored Cross Site Scripting (XSS) vulnerabilityEPSS 0.1%CVE-2024-53755HIGHWordPress Third Party Cookie Eraser plugin <= 1.0.2 - CSRF to Cross Site Scripting (XSS) vulnerabilityEPSS 0.1%CVE-2026-39621HIGHWordPress SpicePress theme <= 2.3.2.5 - CSRF to Arbitrary Plugin Installation vulnerabilityEPSS 0.1%CVE-2026-30868MEDIUMCross-Site Request Forgery (CSRF) in opnsense/coreEPSS 0.1%CVE-2026-40883MEDIUMgoshs: CSRF in state-changing GET routes enables authenticated file deletion and directory creationEPSS 0.1%CVE-2025-49895MEDIUMWordPress ServerBuddy by PluginBuddy.com plugin <= 1.0.5 - CSRF to PHP Object Injection vulnerabilityEPSS 0.1%CVE-2026-39617CRITICALWordPress Bluestreet theme <= 1.7.3 - Cross Site Request Forgery (CSRF) to Arbitrary Plugin Installation vulnerabilityEPSS 0.1%CVE-2025-9892MEDIUMRestrict User Registration <= 1.0.1 - Cross-Site Request Forgery to Settings UpdateEPSS 0.1%