Weaknesses of type CWE-352
5,740 resultsCVE-2025-68573MEDIUMWordPress Simple Keyword to Link plugin <= 1.5 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-12128MEDIUMHide Categories Or Products On Shop Page <= 1.0.7 - Cross-Site Request Forgery to Settings UpdateEPSS 0.1%CVE-2025-68529MEDIUMWordPress WP Email Capture plugin <= 3.12.5 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2026-53663LOWReact Router: `handleDocumentRequest` CSRF check covers `POST` only; PUT/PATCH/DELETE bypassEPSS 0.1%CVE-2025-58991HIGHWordPress WooCommerce Booking Bundle Hours Plugin <= 0.7.4 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2025-58217HIGHWordPress Instant Breaking News Plugin <= 1.0 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2025-64271MEDIUMWordPress WP Plugin Manager plugin <= 1.4.7 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2026-5365MEDIUMLatePoint <= 5.3.2 - Cross-Site Request Forgery via 'customer_cabinet__request_cancellation' AJAX RouteEPSS 0.1%CVE-2026-53736MEDIUMEasy Twitter Feeds before 1.2.13 Cross-Site Request Forgery via duplicate_post ActionEPSS 0.1%CVE-2026-35220MEDIUMJoomla! Core - [20260505] - CSRF in user activation endpointEPSS 0.1%CVE-2026-57690MEDIUMWordPress Werkstatt theme <= 4.7.2 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-10684MEDIUMConstruction Light < 1.6.8 - Subscriber+ Arbitrary Plugin ActivationEPSS 0.1%CVE-2025-66061MEDIUMWordPress Seriously Simple Podcasting plugin <= 3.13.0 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2026-53739MEDIUMYoast Duplicate Post through 4.6 Cross-Site Request Forgery via duplicate_post_dismiss_noticeEPSS 0.1%CVE-2026-40703MEDIUMBIG-IP Configuration utility CSRF vulnerabilityEPSS 0.1%CVE-2025-64237MEDIUMWordPress Quick Interest Slider plugin <= 3.1.5 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2026-39634MEDIUMWordPress Grand Portfolio theme <= 3.3 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-14399MEDIUMDownload Plugins and Themes from Dashboard <= 1.9.6 - Cross-Site Request Forgery to Bulk Plugin/Theme ArchivalEPSS 0.1%CVE-2026-25337MEDIUMWordPress Coachify theme <= 1.1.5 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2026-32328MEDIUMWordPress Lemmony theme < 1.7.1 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%