Weaknesses of type CWE-352
5,736 resultsCVE-2025-49373MEDIUMWordPress Evergreen Content Poster plugin <= 1.4.5 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-43835MEDIUMWordPress wp-cyr-cho plugin <= 0.1 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-48264MEDIUMWordPress Product Code for WooCommerce plugin <= 1.5.0 - CSRF to Database Update vulnerabilityEPSS 0.1%CVE-2026-9599MEDIUMTectite Forms <= 1.3 - Cross-Site Request Forgery to Settings UpdateEPSS 0.1%CVE-2026-9236MEDIUMCM Ad Changer <= 2.0.7 - Cross-Site Request Forgery to Campaign Deletion via Campaign ManagementEPSS 0.1%CVE-2025-39351MEDIUMWordPress Grand Restaurant WordPress theme <= 7.0 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-49445MEDIUMWordPress Interactive UK Regional Map plugin <= 2.0 - Cross Site Request Forgery (CSRF) to Settings Change vulnerabilityEPSS 0.1%CVE-2025-39375MEDIUMWordPress Easy Child Theme Creator plugin <= 1.3.1 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-39381HIGHWordPress KiotViet Sync plugin <= 1.8.4 - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2026-28281HIGHInstantCMS has Multiple CSRF VulnerabilitiesEPSS 0.1%CVE-2025-46450HIGHWordPress occupancyplan plugin <= 1.0.3.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerabilityEPSS 0.1%CVE-2025-58224MEDIUMWordPress Printeers Print & Ship Plugin <= 1.17.0 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2025-12406MEDIUMProject Honey Pot Spam Trap <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site ScriptingEPSS 0.1%CVE-2025-46504HIGHWordPress Vasaio QR Code plugin <= 1.2.5 - CSRF to XSS vulnerabilityEPSS 0.1%CVE-2025-46457HIGHWordPress Wp Custom CMS Block plugin <= 2.1 - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2025-46452HIGHWordPress Google News plugin <= 2.5.1 - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2025-46506HIGHWordPress WpZon – Amazon Affiliate Plugin plugin <= 1.3 - CSRF to XSS vulnerabilityEPSS 0.1%CVE-2025-67472MEDIUMWordPress Online Booking & Scheduling Calendar for WordPress by vcita plugin <= 4.5.5 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-47648HIGHWordPress Pays – WooCommerce Payment Gateway plugin <= 2.6 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2025-58818MEDIUMWordPress Developer Tools Blocker Plugin <= 3.2.1 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%