Weaknesses of type CWE-352

5,738 results
CVE-2025-43840HIGHWordPress CheckBot plugin <= 1.05 - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2025-46512HIGHWordPress Custom Functions Plugin plugin <= 1.1 - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2026-7882LOWConcrete CMS 9.5.0 and below is vulnerable to CSRF via the DeleteFile controllerEPSS 0.1%CVE-2025-14462MEDIUMLucky Draw Contests <= 4.2 - Cross-Site Request Forgery to Plugin Settings UpdateEPSS 0.1%CVE-2025-49425HIGHWordPress Konami Easter Egg plugin <= v0.4 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2025-60075HIGHWordPress hpb seo plugin for WordPress plugin <= 3.0.1 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-46522HIGHWordPress Tabs plugin <= 4.0.3 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerabilityEPSS 0.1%CVE-2025-60132HIGHWordPress Video Blogster Lite Plugin <= 1.2 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2025-60168HIGHWordPress HotelRunner Booking Widget Plugin <= 1.6 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2025-52781HIGHWordPress TinyNav plugin <= 1.4 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2025-48304HIGHWordPress Google XML News Sitemap plugin plugin <= 0.02 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerabilityEPSS 0.1%CVE-2026-40928MEDIUMAVideo: Missing CSRF Protection on State-Changing JSON Endpoints Enables Forced Comment Creation, Vote Manipulation, and Category Asset DeletionEPSS 0.1%CVE-2026-35266HIGHVulnerability in Oracle REST Data Services (component: Core). Supported versions that are affected are 24.2.0-26.1.0. Difficult to exploit EPSS 0.1%CVE-2026-8435LOWConcrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file approveVersion()EPSS 0.1%CVE-2025-48311HIGHWordPress Invisible Optin plugin <= 1.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerabilityEPSS 0.1%CVE-2026-48147MEDIUMBudibase: Unanchored Regex in `matchers.ts` Allows CSRF Bypass via Query String Injection in Budibase WorkerEPSS 0.1%CVE-2025-48308HIGHWordPress Newsletter subscription optin module plugin <= 1.2.9 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerabilityEPSS 0.1%CVE-2025-13519MEDIUMSVG Map Plugin <= 1.0.0 - Cross-Site Request Forgery to Settings Update and Stored Cross-Site ScriptingEPSS 0.1%CVE-2025-48309HIGHWordPress BetPress plugin <= 1.0.1 Lite - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2025-48306HIGHWordPress Savyour Affiliate Partner plugin <= 2.1.4 - CSRF to Stored XSS vulnerabilityEPSS 0.1%