Weaknesses of type CWE-352
5,692 resultsCVE-2026-33507HIGHAVideo Affected by CSRF on Plugin Import Endpoint Enables Unauthenticated Remote Code Execution via Malicious Plugin UploadEPSS 0.4%CVE-2025-9890HIGHTheme Editor <= 3.0 - Cross-Site Request Forgery to Remote Code ExecutionEPSS 0.4%CVE-2022-29413MEDIUMWordPress Hermit 音乐播放器 plugin <= 3.1.6 - Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) vulnerabilityEPSS 0.4%CVE-2022-27860MEDIUMWordPress Footer Text plugin <= 2.0.3 - Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) vulnerabilityEPSS 0.4%CVE-2021-4399MEDIUMEdwiser Bridge <= 2.0.6 - Cross-Site Request Forgery BypassEPSS 0.4%CVE-2021-36891MEDIUMWordPress Photo Gallery by Supsystic plugin <= 1.15.5 - Cross-Site Request Forgery (CSRF) leading to Plugin Settings ChangeEPSS 0.4%CVE-2024-7645MEDIUMSourceCodester Clinics Patient Management System User Page users.php cross-site request forgeryEPSS 0.4%CVE-2023-48293HIGHXWiki Admin Tools Application CSRF with QueryOnXWiki allows arbitrary database queriesEPSS 0.4%CVE-2017-20062MEDIUMElefant CMS cross-site request forgeryEPSS 0.4%CVE-2024-30965HIGHDedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /src/dede/member_scores.php.EPSS 0.4%CVE-2023-38885HIGHOpenSIS Classic Community Edition version 9.0 lacks cross-site request forgery (CSRF) protection throughout the whole app. This may allow anEPSS 0.4%CVE-2023-47677HIGHA cross-site request forgery (csrf) vulnerability exists in the boa CSRF protection functionality of Realtek rtl819x Jungle SDK v3.4.11. A sEPSS 0.4%CVE-2021-34358MEDIUMCSRF Vulnerability in QmailAgentEPSS 0.4%CVE-2023-48058HIGHDreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/task/runEPSS 0.4%CVE-2022-3119HIGHOAuth client Single Sign On for WordPress < 3.0.4 - Unauthenticated Settings Update to Authentication BypassEPSS 0.4%CVE-2023-22375HIGHCross-site request forgery (CSRF) vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a remote unautheEPSS 0.4%CVE-2021-32991—Delta Electronics DIAEnergie Version 1.7.5 and prior is vulnerable to cross-site request forgery, which may allow an attacker to cause a useEPSS 0.4%CVE-2023-2608LOWMultiple Page Generator Plugin <= 3.3.17 - Cross-Site Request Forgery to SQL InjectionEPSS 0.4%CVE-2023-1722CRITICALYoga Class Registration System 1.0 - ATOEPSS 0.4%CVE-2022-3274HIGHCross-Site Request Forgery (CSRF) on user's settings in GitHub repository ikus060/rdiffweb prior to 2.4.6. in ikus060/rdiffwebEPSS 0.4%