Weaknesses of type CWE-352
5,738 resultsCVE-2025-48357MEDIUMWordPress Century ToolKit plugin <= 1.2.1 - Cross Site Request Forgery (CSRF) to Arbitrary Plugin Activation vulnerabilityEPSS 0.1%CVE-2026-24554MEDIUMWordPress WPSubscription plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-12072MEDIUMDisable Content Editor For Specific Template <= 2.0 - Cross-Site Request Forgery to Template Configuration UpdateEPSS 0.1%CVE-2025-12188MEDIUMPosts Navigation Links for Sections and Headings - Free by WP Masters <= 1.0.1 - Cross-Site Request Forgery to Settings UpdateEPSS 0.1%CVE-2021-41074MEDIUMA CSRF issue in index.php in QloApps hotel eCommerce 1.5.1 allows an attacker to change the admin's email address via a crafted HTML documenEPSS 0.1%CVE-2025-12132MEDIUMWP Custom Admin Login Page Logo <= 1.4.8.4 - Cross-Site Request Forgery to Settings UpdateEPSS 0.1%CVE-2026-8417HIGHConcrete CMS 9.5.0 and below is vulnerable to CSRF in do_update() in the package update controllerEPSS 0.1%CVE-2026-24597MEDIUMWordPress Organization chart plugin <= 1.7.5 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2026-34896HIGHWordPress Under Construction, Coming Soon & Maintenance Mode plugin <= 2.1.1 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-46257MEDIUMWordPress Element Pack Pro Plugin < 8.0.0 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-49856MEDIUMWordPress Responsive Plus plugin <= 3.2.2 - Cross Site Request Forgery (CSRF) to Settings Change vulnerabilityEPSS 0.1%CVE-2025-49069MEDIUMWordPress Contact Forms by Cimatti plugin <= 1.9.8 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-10930MEDIUMCurrency - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-110EPSS 0.1%CVE-2025-52711MEDIUMWordPress Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin <= 1.27.8 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2026-43877MEDIUMWWBN AVideo: CSRF in userSavePhoto.php Allows Cross-Origin Overwrite of Any Logged-in User's Profile Photo with Arbitrary BytesEPSS 0.1%CVE-2025-53568MEDIUMWordPress Radio Station plugin <= 2.5.12 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2025-10188MEDIUMThe Hack Repair Guy's Plugin Archiver <= 2.0.4 - Cross-Site Request Forgery to Arbitrary Directory Deletion in /wp-contentEPSS 0.1%CVE-2025-53569MEDIUMWordPress Trust Payments Gateway for WooCommerce (JavaScript Library) plugin <= 1.3.6 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2024-54172MEDIUMIBM Sterling B2B Integrator and IBM Sterling File Gateway cross-site request forgeryEPSS 0.1%CVE-2025-49865MEDIUMWordPress Advanced Settings plugin <= 3.0.1 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%