Weaknesses of type CWE-352

5,735 results
CVE-2024-13436MEDIUMAppsero Helper <= 1.3.2 - Cross-Site Request Forgery to Stored Cross-Site ScriptingEPSS 0.1%CVE-2025-23980HIGHWordPress Full Circle plugin <= 0.5.7.8 - CSRF to Stored Cross Site Scripting (XSS) vulnerabilityEPSS 0.1%CVE-2025-62958MEDIUMWordPress Simple Content Templates for Blog Posts & Pages plugin <= 2.2.61 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-23978HIGHWordPress FlashCounter plugin <= 1.1.8 - CSRF to Stored Cross Site Scripting (XSS) vulnerabilityEPSS 0.1%CVE-2025-54969MEDIUMAn issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service does not implement CSRF protections. An attacker wEPSS 0.1%CVE-2025-13360MEDIUMQuantic Social Image Hover <= 1.0.8 - Cross-Site Request Forgery to Settings UpdateEPSS 0.1%CVE-2025-14616MEDIUMRecooty <= 1.0.6 - Cross-Site Request Forgery to Settings UpdateEPSS 0.1%CVE-2025-54035MEDIUMWordPress Newsletters plugin <= 4.10 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2025-54030MEDIUMWordPress WooCommerce Google Sheet Connector plugin <= 1.3.20 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2026-8708MEDIUMGenzel breadcrumbs <= 1.2 - Cross-Site Request Forgery to Settings Update via Plugin Settings PageEPSS 0.1%CVE-2025-54041MEDIUMWordPress Wallet System for WooCommerce plugin <= 2.6.7 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2025-55044HIGHThe Trash Restore CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to restore deleted content from the trash to unauthorized lEPSS 0.1%CVE-2026-57305MEDIUMA cross-site request forgery (CSRF) vulnerability in Jenkins Assembla Plugin 1.4 and earlier allows attackers to connect to an attacker-specEPSS 0.1%CVE-2024-40685MEDIUMIBM Operations Analytics - Log Analysis is affected by CSRF Token Replay AttackEPSS 0.1%CVE-2025-32281MEDIUMWordPress DarkMySite plugin <= 1.2.8 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2024-44293MEDIUMA privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.1. A user may beEPSS 0.1%CVE-2025-49373MEDIUMWordPress Evergreen Content Poster plugin <= 1.4.5 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-48115MEDIUMWordPress ValidateCertify plugin <= 1.6.4 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-49439MEDIUMWordPress Atelier Create CV plugin <= 1.1.5 - Cross Site Request Forgery (CSRF) to Settings Change vulnerabilityEPSS 0.1%CVE-2025-39375MEDIUMWordPress Easy Child Theme Creator plugin <= 1.3.1 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%