Weaknesses of type CWE-352

5,703 results
CVE-2023-26514MEDIUMWordPress XML Sitemap Generator for Google Plugin <= 1.3.3 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.3%CVE-2023-28167MEDIUMWordPress CF7 Invisible reCAPTCHA Plugin <= 1.3.3 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.3%CVE-2023-28420MEDIUMWordPress Custom Options Plus Plugin <= 1.8.1 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.3%CVE-2023-26531MEDIUMWordPress 多合一搜索自动推送管理插件-支持Baidu/Google/Bing/IndexNow/Yandex/头条 Plugin <= 4.2.7 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.3%CVE-2024-40331HIGHidccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/dbBakMySQL_deal.php?mudi=backupEPSS 0.3%CVE-2024-35009HIGHidccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/share_switch.php?mudi=switch&dataType=&fEPSS 0.3%CVE-2024-11640HIGHVikRentCar Car Rental Management System <= 1.4.2 - Cross-Site Request Forgery to Authenticated (Subscriber+) Arbitrary File UploadEPSS 0.3%CVE-2019-15002MEDIUMAn exploitable CSRF vulnerability exists in Atlassian Jira, from versions 7.6.4 to 8.1.0. The login form doesn’t require a CSRF token. As a EPSS 0.3%CVE-2024-55076HIGHGrocy through 4.3.0 has no CSRF protection, as demonstrated by changing the Administrator's password.EPSS 0.3%CVE-2022-37405MEDIUMWordPress Better Font Awesome plugin <= 2.0.1 - Cross-Site Request Forgery (CSRF) vulnerabilityEPSS 0.3%CVE-2024-35010HIGHidccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/banner_deal.php?mudi=del&dataType=&dataTEPSS 0.3%CVE-2023-28986MEDIUMWordPress Affiliates Manager Plugin <= 2.9.20 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.3%CVE-2023-22673MEDIUMWordPress Website Monetization by MageNet Plugin <= 1.0.29.1 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.3%CVE-2023-0735MEDIUMCross-Site Request Forgery (CSRF) in wallabag/wallabagEPSS 0.3%CVE-2025-32642CRITICALWordPress Vite Coupon plugin <= 1.0.9 - CSRF to Remote Code Execution (RCE) vulnerabilityEPSS 0.3%CVE-2023-26535MEDIUMWordPress Sheets To WP Table Live Sync Plugin <= 2.12.15 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.3%CVE-2017-5263Versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware lack CSRF controls that can mitigate the effects of CSRF attacks, which areEPSS 0.3%CVE-2024-45504MEDIUMCross-site request forgery (CSRF) vulnerability in multiple Alps System Integration products and the OEM products allow a remote unauthenticEPSS 0.3%CVE-2022-47149MEDIUMWordPress Shortlinks by Pretty Links Plugin <= 3.4.0 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.3%CVE-2023-33314MEDIUMWordPress BEAR Plugin <= 1.1.3.1 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.3%