Weaknesses of type CWE-352
5,703 resultsCVE-2022-45071MEDIUMWordPress WPML Multilingual CMS premium plugin <= 4.5.13 - Cross-Site Request Forgery (CSRF) vulnerabilityEPSS 0.3%CVE-2023-3199MEDIUMMStore API <= 3.9.6 - Cross-Site Request Forgery to Order Title UpdateEPSS 0.3%CVE-2022-1112—Autolinks <= 1.0.1 - Stored Cross-Site Scripting via CSRFEPSS 0.3%CVE-2023-3407MEDIUMSubscribe2 <= 10.40 - Cross-Site Request ForgeryEPSS 0.3%CVE-2023-47666MEDIUMWordPress Code Snippets Plugin <= 3.5.0 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.3%CVE-2024-1719MEDIUMEasy PayPal & Stripe Buy Now Button <= 1.8.3 & Contact Form 7 – PayPal & Stripe Add-on <= 2.1 - Cross-Site Request Forgery to Settings UpdateEPSS 0.3%CVE-2024-30560CRITICALWordPress DX-Watermark plugin <= 1.0.4 - CSRF to Arbitrary File Upload and XSS vulnerabilityEPSS 0.3%CVE-2023-5537MEDIUMDelete Usermetas <= 1.1.2 - Cross-Site Request ForgeryEPSS 0.3%CVE-2024-3135MEDIUMCross-Site Request Forgery (CSRF) Vulnerability in mudler/localaiEPSS 0.3%CVE-2023-0729MEDIUMWicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_save_sort_orderEPSS 0.3%CVE-2024-3215MEDIUMPaid Memberships Pro <= 3.0.1 - Cross-Site Request ForgeryEPSS 0.3%CVE-2024-39158HIGHidccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/userSys_deal.php?mudi=infoSet.EPSS 0.3%CVE-2023-3427MEDIUMSalon Booking System <= 8.4.6 - Cross-Site Request Forgery to Admin Role Change to Customer, User Meta Update via save_customerEPSS 0.3%CVE-2024-39022HIGHidccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/infoSys_deal.php?mudi=dealEPSS 0.3%CVE-2025-11442MEDIUMJhumanJ OpnForm API Endpoint cross-site request forgeryEPSS 0.3%CVE-2018-19948LOWThe vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this cross-site request forgery (CSRF) vulnerabilEPSS 0.3%CVE-2022-35277MEDIUMWordPress GetResponse plugin <= 5.5.20 - Cross-Site Request Forgery (CSRF) vulnerabilityEPSS 0.3%CVE-2024-39023HIGHidccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via admin/info_deal.php?mudi=add&nohrefStr=closeEPSS 0.3%CVE-2024-39154HIGHidccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/keyWord_deal.php?mudi=del&dataType=word&EPSS 0.3%CVE-2021-43777MEDIUMVulnerability in Redash OAuth2 flows due to misuse of state field (should be a nonce)EPSS 0.3%