Weaknesses of type CWE-352

5,738 results
CVE-2026-34460MEDIUMNamelessMC: OAuth callback `state` is not validated, allowing login CSRF / session swappingEPSS 0.1%CVE-2025-62950MEDIUMWordPress Contest Gallery plugin <= 28.0.0 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-66064MEDIUMWordPress Giveaways and Contests by RafflePress plugin <= 1.12.20 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-65203HIGHKeePassXC-Browser thru 1.9.9.2 autofills or prompts to fill stored credentials into documents rendered under a browser-enforced CSP directivEPSS 0.1%CVE-2025-62945HIGHWordPress Did Prestashop Display plugin <= 1.0.30 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-52783HIGHWordPress Change Cart button Colors WooCommerce plugin <= 1.0 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2025-52793HIGHWordPress Esselink.nu Settings plugin <= 4.5 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-52792HIGHWordPress WP User Stylesheet Switcher plugin <= v2.2.0 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2022-47150MEDIUMWordPress WooCommerce Conversion Tracking plugin <= 2.0.10 - Cross-Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-52794HIGHWordPress Creative Contact Form plugin <= 1.0.0 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2025-52789HIGHWordPress Lewe ChordPress plugin <= 4.0.1 - Cross Site Request Forgery (CSRF) to Stored XSS VulnerabilityEPSS 0.1%CVE-2025-52784HIGHWordPress Bluff Post plugin <= 1.1.1 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2025-12452MEDIUMVisit Counter 1.0 - Cross-Site Request Forgery to Stored Cross-Site ScriptingEPSS 0.1%CVE-2025-58918MEDIUMWordPress Entrada theme <= 5.7.7 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2026-40929MEDIUMWWBN AVideo's missing CSRF protection in objects/commentDelete.json.php enables mass comment deletion against moderators and content creatorsEPSS 0.1%CVE-2026-35180MEDIUMWWBN AVideo affected by CSRF on Site Customization Endpoint Enables Logo Overwrite via Base64 File WriteEPSS 0.1%CVE-2026-41347LOWOpenClaw < 2026.3.31 - Cross-Site Request Forgery via Missing Browser-Origin Validation in HTTP Operator EndpointsEPSS 0.1%CVE-2025-62933HIGHWordPress Awesome Testimonials plugin <= 2.2.1 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-62934HIGHWordPress WP Business Hours plugin <= 1.4 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-48077HIGHWordPress Block Country plugin <= 1.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerabilityEPSS 0.1%