Weaknesses of type CWE-352

5,733 results
CVE-2026-2494MEDIUMProfileGrid <= 5.9.8.2 - Cross-Site Request Forgery to Group Membership Request Approval/DenialEPSS 0.1%CVE-2026-9730MEDIUMRemove NoFollow Commenter URL <= 1.0 - Cross-Site Request Forgery to Settings UpdateEPSS 0.1%CVE-2025-60093MEDIUMWordPress Download Manager Plugin <= 3.3.24 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2025-31904HIGHWordPress Ebook Downloader plugin <= 1.0 - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2025-58792MEDIUMWordPress Authors List plugin <= 2.0.6.2 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-58014MEDIUMWordPress Quiz Maker Plugin <= 6.7.0.64 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2025-58914MEDIUMWordPress Di Themes Demo Site Importer plugin <= 1.2 - Cross Site Request Forgery (CSRF) to Plugin Activation vulnerabilityEPSS 0.1%CVE-2026-8415LOWConcrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/express/association/reorderEPSS 0.1%CVE-2025-64262MEDIUMWordPress Auto Prune Posts plugin <= 3.0.0 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2026-32816MEDIUMAdmidio has Missing CSRF Validation on Role Delete, Activate, and Deactivate ActionsEPSS 0.1%CVE-2025-46251HIGHWordPress VikRestaurants Table Reservations and Take-Away plugin <= 1.3.3 - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2026-8414LOWConcrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/event/duplicateEPSS 0.1%CVE-2025-62112MEDIUMWordPress Import into Easy Property Listings plugin <= 2.2.1 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2026-8412LOWConcrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/page/bulk/cacheEPSS 0.1%CVE-2025-13194MEDIUMSurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity <= 2.5.2 - Cross-Site Request Forgery to Survey RenamingEPSS 0.1%CVE-2018-25190MEDIUMEasyndexer 1.0 Cross-Site Request Forgery via createuser.phpEPSS 0.1%CVE-2026-57659HIGHWordPress Paid Memberships Pro - Add Member From Admin plugin <= 0.7.2 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-24749HIGHWordPress EZPZ SAML SP Single Sign On (SSO) plugin <= 1.2.5 - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2026-8411LOWConcrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/page/bulk/deleteEPSS 0.1%CVE-2026-8432LOWConcrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file star()EPSS 0.1%