Weaknesses of type CWE-352
5,687 resultsCVE-2022-23975MEDIUMWordPress Access Demo Importer plugin <= 1.0.7 - Cross-Site Request Forgery (CSRF) vulnerability leading to Arbitrary Plugin ActivationEPSS 0.5%CVE-2021-23026—BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x and EPSS 0.5%CVE-2019-13930—A vulnerability has been identified in XHQ (All versions < V6.0.0.2). The web interface could allow a Cross-Site Request Forgery (CSRF) attaEPSS 0.5%CVE-2024-9665MEDIUMZimbra GraphQL Cross-Site Request Forgery Information Disclosure VulnerabilityEPSS 0.5%CVE-2023-0988MEDIUMSourceCodester Online Pizza Ordering System cross-site request forgeryEPSS 0.5%CVE-2020-20502MEDIUMCross Site Request Forgery found in yzCMS v.2.0 allows a remote attacker to execute arbitrary code via the token check function.EPSS 0.5%CVE-2022-0328—Simple Membership < 4.0.9 - Arbitrary Member Deletion via CSRFEPSS 0.5%CVE-2021-4389MEDIUMWP Travel <= 4.4.6 - Cross-Site Request Forgery BypassEPSS 0.5%CVE-2021-24913—Logo Showcase with Slick Slider < 2.0.1 - Arbitrary Media Title/Description/Alt Text/URL Update via CSRFEPSS 0.5%CVE-2022-0313—Float Menu < 4.3.1 - Arbitrary Menu Deletion via CSRFEPSS 0.5%CVE-2022-0199—Coming soon and Maintenance mode < 3.6.8 - Arbitrary Email Sending to Subscribed Users via CSRFEPSS 0.5%CVE-2021-4130MEDIUMCross-Site Request Forgery (CSRF) in snipe/snipe-itEPSS 0.5%CVE-2024-57523MEDIUMCross Site Request Forgery (CSRF) in Users.php in SourceCodester Packers and Movers Management System 1.0 allows attackers to create unauthoEPSS 0.5%CVE-2022-35228—SAP BusinessObjects CMC allows an unauthenticated attacker to retrieve token information over the network which would otherwise be restricteEPSS 0.5%CVE-2025-1306HIGHNewscrunch <= 1.8.4 - Cross-Site Request Forgery to Arbitrary File UploadEPSS 0.5%CVE-2021-21407HIGHPortal : the CSRF token isn't validatedEPSS 0.5%CVE-2022-0707—Easy Digital Downloads < 2.11.6 - Arbitrary Payment Note Insertion via CSRFEPSS 0.5%CVE-2022-0141—Visual Form Builder < 3.0.8 - Entries Deletion/Restoration via CSRFEPSS 0.5%CVE-2021-24166—Ninja Forms < 3.4.34 - CSRF to OAuth Service DisconnectionEPSS 0.5%CVE-2020-36707HIGHComing Soon & Maintenance Mode Page <= 1.57 - Cross-Site Request ForgeryEPSS 0.5%