Weaknesses of type CWE-352
5,689 resultsCVE-2021-24535—Light Messages <= 1.0 - CSRF to Stored XSSEPSS 0.4%CVE-2022-1603—Mail Subscribe List < 2.1.4 - Arbitrary Subscribed User Deletion via CSRFEPSS 0.4%CVE-2022-1844—WP Sentry <= 1.0 - Arbitrary Settings Update to Stored XSS via CSRFEPSS 0.4%CVE-2022-1960—MyCSS <= 1.1 - Arbitrary Settings Update via CSRFEPSS 0.4%CVE-2023-28780MEDIUMWordPress Yoast SEO: Local Plugin <= 14.8 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.4%CVE-2024-51144HIGHCross Site Request Forgery (CSRF) vulnerability exists in the 'pvmsg.php?action=add_message', pvmsg.php?action=confirm_delete , and ajax.serEPSS 0.4%CVE-2023-0820HIGHUser Role by BestWebSoft < 1.6.7 - Privilege Escalation via CSRFEPSS 0.4%CVE-2023-2195MEDIUMCSRF vulnerability and missing permission checks in Code Dx Plugin EPSS 0.4%CVE-2021-24172—VM Backups <= 1.0 - CSRF to Database Backup DownloadEPSS 0.4%CVE-2025-27624MEDIUMA cross-site request forgery (CSRF) vulnerability in Jenkins 2.499 and earlier, LTS 2.492.1 and earlier allows attackers to have users togglEPSS 0.4%CVE-2024-55500HIGHCross-Site Request Forgery (CSRF) in Avenwu Whistle v.2.9.90 and before allows attackers to perform malicious API calls, resulting in the exEPSS 0.4%CVE-2023-28335HIGHMoodle: csrf risk in resetting all templates of a database activityEPSS 0.4%CVE-2024-34502CRITICALAn issue was discovered in WikibaseLexeme in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. Loading Special:MergeLEPSS 0.4%CVE-2024-2215MEDIUMA cross-site request forgery (CSRF) vulnerability in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers to connect to an attEPSS 0.4%CVE-2020-36669HIGHJetBackup – WP Backup, Migrate & Restore <= 1.3.9 - Cross-Site Request Forgery to Arbitrary File UploadEPSS 0.4%CVE-2022-2518HIGHStockists Manager for Woocommerce <= 1.0.2.1 - Cross-Site Request Forgery to Stored Cross-Site ScriptingEPSS 0.4%CVE-2022-20961HIGHA vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attackeEPSS 0.4%CVE-2022-47131MEDIUMA Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows an attacker to arbitrarily create a page.EPSS 0.4%CVE-2022-2350—Disable User Login <= 1.0.1 - Unauthenticated Settings UpdateEPSS 0.4%CVE-2020-36740MEDIUMRadio Buttons for Taxonomies <= 2.0.5 - Cross-Site Request Forgery BypassEPSS 0.4%