Weaknesses of type CWE-352

5,703 results
CVE-2024-35559HIGHidccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoMove_deal.php?mudi=rev&nohrefStr=cloEPSS 0.3%CVE-2024-40329HIGHidccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/softBak_deal.php?mudi=backupEPSS 0.3%CVE-2023-2301MEDIUMContact Form Builder by vcita <= 4.10.3 - Cross-Site Request Forgery to Stored Cross-Site ScriptingEPSS 0.3%CVE-2026-28495CRITICALGetSimple CMS has CSRF to Remote Code Execution via Arbitrary PHP Write in gsconfig.phpEPSS 0.3%CVE-2024-40039HIGHidccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userGroup_deal.php?mudi=delEPSS 0.3%CVE-2023-30616MEDIUMCross Site Request Forgery due to missing nonce verification in form blockEPSS 0.3%CVE-2024-40034HIGHidccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userLevel_deal.php?mudi=delEPSS 0.3%CVE-2022-35656MEDIUMPega Platform from 8.3 to 8.7.3 vulnerability may allow authenticated security administrators to alter CSRF settings directly.EPSS 0.3%CVE-2023-47667MEDIUMWordPress WP Full Stripe Free plugin <= 7.0.16 - Cross Site Request Forgery (CSRF) vulnerability on every Setting SaveEPSS 0.3%CVE-2023-47556MEDIUMWordPress Device Theme Switcher Plugin <= 3.0.2 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.3%CVE-2024-12645MEDIUMChunghwa Telecom topm-client - Arbitrary File ReadEPSS 0.3%CVE-2022-30694MEDIUMThe login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attacEPSS 0.3%CVE-2024-47359MEDIUMWordPress Depicter plugin <= 3.2.2 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2023-2279MEDIUMWP Directory Kit <= 1.2.1 - Cross-Site Request Forgery to Plugin Settings Change/Delete, Demo Import, Directory Kit Modification/Deletion via admin_page_displayEPSS 0.3%CVE-2023-49155MEDIUMWordPress Button Generator – easily Button Builder Plugin <= 2.3.8 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.3%CVE-2023-49763MEDIUMWordPress CSprite Plugin <= 1.1 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.3%CVE-2023-47670MEDIUMWordPress Korea SNS Plugin <= 1.6.3 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.3%CVE-2023-27442MEDIUMWordPress Leyka Plugin <= 3.29.2 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.3%CVE-2023-27441MEDIUMWordPress New Adman Plugin <= 1.6.8 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.3%CVE-2023-47531MEDIUMWordPress Droit Dark Mode Plugin <= 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.3%