Weaknesses of type CWE-352
5,733 resultsCVE-2025-14158MEDIUMCoding Blocks <= 1.1.0 - Cross-Site Request Forgery to Settings UpdateEPSS 0.1%CVE-2026-24596MEDIUMWordPress Related Posts Thumbnails plugin for WordPress plugin <= 4.3.2 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-4337MEDIUMAHAthat Plugin <= 1.6 - Cross-Site Request Forgery to AHA Page DeletionEPSS 0.1%CVE-2026-44347MEDIUMWarpgate: SSO CSRF -- State Token Not Validated on ReturnEPSS 0.1%CVE-2025-14160MEDIUMUpcoming for Calendly <= 1.2.4 - Cross-Site Request Forgery to Settings UpdateEPSS 0.1%CVE-2025-14163MEDIUMPremium Addons for Elementor <= 4.11.53 - Cross-Site Request Forgery via 'insert_inner_template'EPSS 0.1%CVE-2026-28477MEDIUMOpenClaw < 2026.2.14 - OAuth State Validation Bypass in Manual Chutes Login FlowEPSS 0.1%CVE-2025-13684MEDIUMARK Related Posts <= 2.19 - Cross-Site Request Forgery to Settings UpdateEPSS 0.1%CVE-2025-23972MEDIUMWordPress Contact Form 7 reCAPTCHA plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2018-25343MEDIUMSmartshop 1 Cross-Site Request Forgery via editprofile.phpEPSS 0.1%CVE-2026-8428HIGHCSRF token is not validated in the core CMS update controller for Concrete CMS 9.5.0 and belowEPSS 0.1%CVE-2026-7047MEDIUMFrontend User Notes <= 2.1.1 - Cross-Site Request Forgery to Note Content Modification via 'confirmEdit' ActionEPSS 0.1%CVE-2025-53270MEDIUMWordPress CTA plugin <= 1.7.0 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2025-31457MEDIUMWordPress LWS SMS plugin <= 2.4.1 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2026-6932MEDIUMWoo Commerce Minimum Weight <= 3.0.1 - Cross-Site Request Forgery via Settings Update FormEPSS 0.1%CVE-2025-49965MEDIUMWordPress PixelBeds Channel Manager and Hotel Booking Engine plugin <= 1.0 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2025-49975MEDIUMWordPress JobWP plugin <= 2.4.0 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2025-14615HIGHDASHBOARD BUILDER <= 1.5.7 - Cross-Site Request Forgery to SQL InjectionEPSS 0.1%CVE-2025-9945MEDIUMOptimize More! – CSS <= 1.0.3 - Cross-Site Request Forgery to Plugin Settings ResetEPSS 0.1%CVE-2026-8422MEDIUMRemove meta boxes per user role <= 1.01 - Cross-Site Request Forgery to Settings UpdateEPSS 0.1%