Weaknesses of type CWE-352

5,692 results
CVE-2023-26839MEDIUMA cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 allows attackers to edit information for existing people on the site.EPSS 0.3%CVE-2022-3632MEDIUMOAuth Client by DigitialPixies <= 1.1.0 - CSRFEPSS 0.3%CVE-2024-5676MEDIUMParadox IP150 Internet Module Cross-Site Request ForgeryEPSS 0.3%CVE-2023-31235MEDIUMWordPress Participants Database Plugin <= 2.4.9 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.3%CVE-2021-24730Logo Showcase with Slick Slider < 1.2.5 - Subscriber+ Arbitrary Media Title/Description/Alt Text/URL UpdateEPSS 0.3%CVE-2022-3208Simple File List < 4.4.13 - Page Creation via CSRFEPSS 0.3%CVE-2022-47373MEDIUMReflected Cross Site Scripting in Search Functionality of Module LibraryEPSS 0.3%CVE-2025-62593CRITICALRay is vulnerable to RCE via Safari & Firefox Browsers through DNS Rebinding AttackEPSS 0.3%CVE-2023-32579MEDIUMWordPress Forget About Shortcode Buttons Plugin <= 2.1.2 is vulnerable to Broken Access ControlEPSS 0.3%CVE-2023-34030MEDIUMWordPress Complianz and Complianz Premium plugins - Cross Site Request Forgery (CSRF)EPSS 0.3%CVE-2023-2277MEDIUMWP Directory Kit <= 1.1.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting via wdk_resultitemEPSS 0.3%CVE-2023-6196HIGHAudio Merchant <= 5.0.4 - Cross-Site Request Forgery to Arbitrary File UploadEPSS 0.3%CVE-2022-2762MEDIUMAdminPad < 2.2 - Note Update via CSRFEPSS 0.3%CVE-2024-4929MEDIUMSourceCodester Simple Online Bidding System cross-site request forgeryEPSS 0.3%CVE-2022-3154Multiple Plugins from Viszt Peter - Multiple CSRFEPSS 0.3%CVE-2020-36065HIGHCross Site Request Forgery (CSRF) vulnerability in FlyCms 1.0 allows attackers to add arbitrary administrator accounts via system/admin/admiEPSS 0.3%CVE-2024-7065MEDIUMSpina CMS cross-site request forgeryEPSS 0.3%CVE-2022-45130MEDIUMPlesk Obsidian allows a CSRF attack, e.g., via the /api/v2/cli/commands REST API to change an Admin password. NOTE: Obsidian is a specific vEPSS 0.3%CVE-2024-8490HIGHPropertyHive <= 2.0.19 - Cross-Site Request Forgery via save_account_detailsEPSS 0.3%CVE-2022-29430MEDIUMWordPress PNG to JPG plugin <= 4.0 - Cross-Site Request Forgery (CSRF) leading to Persistent Cross-Site Scripting (XSS) vulnerabilityEPSS 0.3%