Weaknesses of type CWE-352

5,703 results
CVE-2023-2286MEDIUMWP Activity Log <= 4.5.0 - Cross-Site Request Forgery via ajax_run_cleanupEPSS 0.3%CVE-2024-46394HIGHFrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/?/user/addEPSS 0.3%CVE-2021-43777MEDIUMVulnerability in Redash OAuth2 flows due to misuse of state field (should be a nonce)EPSS 0.3%CVE-2018-19948LOWThe vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this cross-site request forgery (CSRF) vulnerabilEPSS 0.3%CVE-2023-1029MEDIUMWP Meta SEO <= 4.5.3 - Cross-Site Request Forgery via 'regenerateSitemaps'EPSS 0.3%CVE-2024-36549HIGHidccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/vpsCompany_deal.php?mudi=rev&nohrefStr=closeEPSS 0.3%CVE-2024-39023HIGHidccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via admin/info_deal.php?mudi=add&nohrefStr=closeEPSS 0.3%CVE-2024-23094HIGHFlusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /cover/addons/info_media_gallery/action/edEPSS 0.3%CVE-2023-3202MEDIUMMStore API <= 3.9.6 - Cross-Site Request Forgery to Firebase Server Key UpdateEPSS 0.3%CVE-2023-3427MEDIUMSalon Booking System <= 8.4.6 - Cross-Site Request Forgery to Admin Role Change to Customer, User Meta Update via save_customerEPSS 0.3%CVE-2024-0431MEDIUMGestpay for WooCommerce <= 20221130 - Cross-Site Request Forgery (CSRF) via ajax_set_default_cardEPSS 0.3%CVE-2024-5943HIGHNested Pages <= 3.2.7 - Cross-Site Request Forgery to Local File InclusionEPSS 0.3%CVE-2023-2301MEDIUMContact Form Builder by vcita <= 4.10.3 - Cross-Site Request Forgery to Stored Cross-Site ScriptingEPSS 0.3%CVE-2024-40037HIGHidccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userScore_deal.php?mudi=delEPSS 0.3%CVE-2024-40039HIGHidccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userGroup_deal.php?mudi=delEPSS 0.3%CVE-2023-27633MEDIUMWordPress Customify Plugin <= 2.10.4 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.3%CVE-2024-35556HIGHidccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/vpsSys_deal.php?mudi=infoSet.EPSS 0.3%CVE-2023-47718MEDIUMIBM Maximo Asset Management cross-site request forgeryEPSS 0.3%CVE-2023-30616MEDIUMCross Site Request Forgery due to missing nonce verification in form blockEPSS 0.3%CVE-2022-44739MEDIUMWordPress Quick Restaurant Reservations Plugin <= 1.5.4 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.3%