Weaknesses of type CWE-352

5,740 results
CVE-2026-39170MEDIUMSemCms 5.0 is vulnerable to Cross Site Request Forgery (CSRF) via crafted POST request to /admin/semcms_user.php.EPSS 0.1%CVE-2026-32343MEDIUMWordPress Easy Table of Contents plugin <= 2.0.80 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2026-39618MEDIUMWordPress NewsExo theme <= 7.1 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2026-25319MEDIUMWordPress Zita Elementor Site Library plugin <= 1.6.6 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2026-24966MEDIUMWordPress Copyscape Premium plugin <= 1.4.1 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2026-32330MEDIUMWordPress Photo Gallery by 10Web plugin <= 1.8.37 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2026-24942MEDIUMWordPress WpEvently plugin <= 5.1.1 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-15635MEDIUMWordPress Smart Online Order for Clover plugin <= 1.6.0 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-63030HIGHWordPress New User Approve plugin <= 3.2.3 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-68567MEDIUMWordPress My auctions allegro plugin <= 3.6.33 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-14391MEDIUMSimple Theme Changer <= 1.0 - Cross-Site Request Forgery to Arbitrary Theme Switcher Configuration UpdateEPSS 0.1%CVE-2025-14394MEDIUMPopover Windows <= 1.2 - Cross-Site Request Forgery to Arbitrary Popover Configuration UpdateEPSS 0.1%CVE-2025-12407MEDIUMEvents Manager – Calendar, Bookings, Tickets, and more! <= 7.2.2.2 - Cross-Site Request Forgery to Location DeletionEPSS 0.1%CVE-2025-12358MEDIUMShopEngine <= 4.8.5 - Cross-Site Request Forgery to Wishlist ManipulationEPSS 0.1%CVE-2025-12130MEDIUMWC Vendors – WooCommerce Multivendor, WooCommerce Marketplace, Product Vendors <= 2.6.4 - Cross-Site Request Forgery to Vendor Product DeletionEPSS 0.1%CVE-2025-12128MEDIUMHide Categories Or Products On Shop Page <= 1.0.7 - Cross-Site Request Forgery to Settings UpdateEPSS 0.1%CVE-2016-20074MEDIUMWordPress Lazy Content Slider Plugin 3.4 CSRFEPSS 0.1%CVE-2025-12578MEDIUMReuters Direct <= 3.0.0 - Cross-Site Request Forgery to Settings ResetEPSS 0.1%CVE-2026-53663LOWReact Router: `handleDocumentRequest` CSRF check covers `POST` only; PUT/PATCH/DELETE bypassEPSS 0.1%CVE-2025-11759MEDIUMBackup, Restore and Migrate your sites with XCloner <= 4.8.2 - Cross-Site Request Forgery in Xcloner_Remote_Storage:save()EPSS 0.1%