Weaknesses of type CWE-352

5,740 results
CVE-2026-32328MEDIUMWordPress Lemmony theme < 1.7.1 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2026-1051MEDIUMNewsletter – Send awesome emails from WordPress <= 9.1.0 - Cross-Site Request Forgery to Newsletter UnsubscriptionEPSS 0.1%CVE-2026-40703MEDIUMBIG-IP Configuration utility CSRF vulnerabilityEPSS 0.1%CVE-2026-25322MEDIUMWordPress PublishPress Revisions plugin <= 3.7.22 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2026-39603MEDIUMWordPress Grand Photography theme <= 5.7.8 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2026-32420MEDIUMWordPress GamiPress plugin <= 7.6.6 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2026-35220MEDIUMJoomla! Core - [20260505] - CSRF in user activation endpointEPSS 0.1%CVE-2026-3903MEDIUMModular Connector <= 2.5.1 - Cross-Site Request Forgery via postConfirmOauthEPSS 0.1%CVE-2026-8340LOWConcrete CMS 9.5.0 and below is vulnerable to CSRF via Backend\File::approveVersionEPSS 0.1%CVE-2026-9721MEDIUMBook a Room Event Calendar <= 1.9 - Cross-Site Request Forgery to Settings UpdateEPSS 0.1%CVE-2025-62986HIGHWordPress FanBridge signup plugin <= 0.6 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-7841MEDIUMSertifier Certificate & Badge Maker for WordPress – Tutor LMS <= 1.19 - Cross-Site Request Forgery to Settings UpdateEPSS 0.1%CVE-2026-34721MEDIUMZammad has Cross-site request forgery (CSRF) in OAuth callback endpointsEPSS 0.1%CVE-2024-9592MEDIUMEasy PayPal Gift Certificate <= 1.2.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting via wpppgc_plugin_optionsEPSS 0.1%CVE-2025-67595MEDIUMWordPress Quiz Maker plugin <= 6.7.0.82 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2026-27758MEDIUMSODOLA SL902-SWTGW124AS <= 200.1.20 Missing CSRF ProtectionsEPSS 0.1%CVE-2025-14904MEDIUMNewsletter Email Subscribe <= 2.4 - Cross-Site Request Forgery to Plugin Settings UpdateEPSS 0.1%CVE-2026-58315MEDIUMCross-site request forgery vulnerability exists in SEIKO EPSON Web Config. If a user views a malicious page while logged into Web Config, unEPSS 0.1%CVE-2025-14389MEDIUMWPBlogSyn <= 1.0 - Cross-Site Request Forgery to Arbitrary Remote Sync Configuration UpdateEPSS 0.1%CVE-2026-27518MEDIUMBinardat 10G08-0800GSM Network Switch CSRFEPSS 0.1%