Weaknesses of type CWE-352

5,733 results
CVE-2025-12373MEDIUMTorod – The smart shipping and delivery portal for e-shops and retailers <= 1.9 - Cross-Site Request Forgery To Plugin's Settings ModificationEPSS 0.1%CVE-2019-25708MEDIUMHeatmiser Wifi Thermostat 1.7 Cross-Site Request ForgeryEPSS 0.1%CVE-2025-23976HIGHWordPress Issuu Panel plugin <= 2.1.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerabilityEPSS 0.1%CVE-2025-14161MEDIUMTruefy Embed <= 1.1.0 - Cross-Site Request Forgery to 'truefy_embed_options_update' Settings UpdateEPSS 0.1%CVE-2025-25166HIGHWordPress InLocation plugin <= 1.8 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.1%CVE-2025-26569HIGHWordPress Post Thumbs Plugin <= 1.5 - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2025-13924MEDIUMAdvanced Product Fields (Product Addons) for WooCommerce <= 1.6.17 - Cross-Site Request Forgery to Product Field Group Duplication and PublicationEPSS 0.1%CVE-2025-26562HIGHWordPress RSS FIlter Plugin <= 1.2 - CSRF to Stored Cross Site Scripting (XSS) vulnerabilityEPSS 0.1%CVE-2025-13737MEDIUMNextend Social Login and Register <= 3.1.21 - Cross-Site Request Forgery to Unlink User Social LoginEPSS 0.1%CVE-2025-13366MEDIUMRabbit Hole <= 1.1 - Cross-Site Request Forgery to Settings ResetEPSS 0.1%CVE-2025-26571HIGHWordPress Wibiya Toolbar plugin <= 2.0 - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2025-26570HIGHWordPress Glance That plugin <= 4.9 - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2025-12190MEDIUMImage Optimizer by wps.sk <= 1.2.0 - Cross-Site Request Forgery to Bulk Image OptimizationEPSS 0.1%CVE-2025-23980HIGHWordPress Full Circle plugin <= 0.5.7.8 - CSRF to Stored Cross Site Scripting (XSS) vulnerabilityEPSS 0.1%CVE-2025-13360MEDIUMQuantic Social Image Hover <= 1.0.8 - Cross-Site Request Forgery to Settings UpdateEPSS 0.1%CVE-2025-14162MEDIUMBMLT WordPress Plugin <= 3.11.4 - Cross-Site Request Forgery to Settings Creation and DeletionEPSS 0.1%CVE-2026-22483MEDIUMWordPress teachPress plugin <= 9.0.12 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2026-34749MEDIUMPayload has a CSRF Protection Bypass in Authentication FlowEPSS 0.1%CVE-2025-13140MEDIUMSurveyJS: Drag & Drop WordPress Form Builder <= 1.12.20 - Cross-Site Request Forgery to Survey DeletionEPSS 0.1%CVE-2025-54969MEDIUMAn issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service does not implement CSRF protections. An attacker wEPSS 0.1%