Weaknesses of type CWE-352
5,738 resultsCVE-2024-54172MEDIUMIBM Sterling B2B Integrator and IBM Sterling File Gateway cross-site request forgeryEPSS 0.1%CVE-2026-43877MEDIUMWWBN AVideo: CSRF in userSavePhoto.php Allows Cross-Origin Overwrite of Any Logged-in User's Profile Photo with Arbitrary BytesEPSS 0.1%CVE-2025-49865MEDIUMWordPress Advanced Settings plugin <= 3.0.1 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2025-53271HIGHWordPress Additional Order Filters for WooCommerce plugin <= 1.22 - Cross Site Request Forgery (CSRF) to Stored XSS VulnerabilityEPSS 0.1%CVE-2025-46495MEDIUMWordPress Drop Caps plugin <= 2.1 - CSRF to XSS vulnerabilityEPSS 0.1%CVE-2026-44548HIGHChurchCRM: CSRF via legacy GET-delete pages (FundRaiserDelete.php, PropertyTypeDelete.php, NoteDelete.php)EPSS 0.1%CVE-2026-48612HIGHImproper state verification in the OAuth implementation could allow an attacker to manipulate the authentication flow and cause a victim’s aEPSS 0.1%CVE-2025-53274HIGHWordPress WP Permalink Translator plugin <= 1.7.6 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2026-41194MEDIUMFreeScout's Mailbox OAuth disconnect uses a state-changing GET and is CSRFableEPSS 0.1%CVE-2026-22355HIGHWordPress Simple XML Sitemap plugin <= 1.3 - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2026-2723MEDIUMPost Snippits <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via Settings UpdateEPSS 0.1%CVE-2025-64499MEDIUMTuleap is missing CSRF protections for its planning management APIEPSS 0.1%CVE-2026-8910MEDIUMWP Emoticon Rating <= 1.0.1 - Cross-Site Request Forgery to Reflected Cross-Site Scripting via 'emo_settings' ParameterEPSS 0.1%CVE-2025-62061MEDIUMWordPress Product Catalog Simple plugin <= 1.8.4 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2026-7561MEDIUMTm – WordPress Redirection <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site ScriptingEPSS 0.1%CVE-2026-6702MEDIUMPublish 2 Ping.fm <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'wpPingPingKey' ParameterEPSS 0.1%CVE-2025-58272LOWCross-site request forgery vulnerability exists in Web Caster V130 versions 1.08 and earlier. If a logged-in user views a malicious page creEPSS 0.1%CVE-2025-54728MEDIUMWordPress CM On Demand Search And Replace Plugin <= 1.5.2 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2026-8907MEDIUMWP-Ultimate-Map <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'zoom-level' ParameterEPSS 0.1%CVE-2026-15080MEDIUMRay Enterprise Translation - Moderately critical - Cross site request forgery - SA-CONTRIB-2026-071EPSS 0.1%