Weaknesses of type CWE-352

5,711 results
CVE-2024-0767MEDIUMEnvo's Elementor Templates & Widgets for WooCommerce <= 1.4.4 - Cross-Site Request Forgery via ajax_plugin_activationEPSS 0.3%CVE-2024-6862HIGHCross-Site Request Forgery (CSRF) in lunary-ai/lunaryEPSS 0.3%CVE-2022-23771HIGHIPTIME NAS1DUAL CSRF VulnerabilityEPSS 0.3%CVE-2024-27955HIGHWordPress Automatic plugin <= 3.92.0 - CSRF to Privilege Escalation vulnerabilityEPSS 0.3%CVE-2025-65593HIGHnopCommerce 4.90.0 is vulnerable to Cross Site Request Forgery (CSRF) via the Schedule Tasks functionality.EPSS 0.3%CVE-2023-25832HIGHBUG-000148346 There is a Cross-Site Request Forgery (CSRF) vulnerability in Portal for ArcGIS.EPSS 0.3%CVE-2025-23532HIGHWordPress MyAnime Widget plugin <= 1.0 - CSRF to Privilege Escalation vulnerabilityEPSS 0.3%CVE-2024-23831HIGHPrivilege escalation through CSRF attack on 'setup.pl'EPSS 0.3%CVE-2022-46491MEDIUMA Cross-Site Request Forgery (CSRF) vulnerability in the Add Administrator function of the default version of nbnbk allows attackers to arbiEPSS 0.3%CVE-2025-1891MEDIUMshishuocms cross-site request forgeryEPSS 0.3%CVE-2025-4282MEDIUMSourceCodester/oretnom23 Stock Management System Users.php cross-site request forgeryEPSS 0.3%CVE-2025-23530HIGHWordPress Custom Post Type Lockdown plugin <= 1.11 - CSRF to Privilege Escalation vulnerabilityEPSS 0.3%CVE-2023-50923MEDIUMIn QUIC in RFC 9000, the Latency Spin Bit specification (section 17.4) does not strictly constrain the bit value when the feature is disableEPSS 0.3%CVE-2025-4887MEDIUMSourceCodester Online Student Clearance System cross-site request forgeryEPSS 0.3%CVE-2022-44937MEDIUMBosscms v2.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Add function under the Administrator List module.EPSS 0.3%CVE-2023-52150HIGHWordPress Dynamic Content for Elementor Plugin < 2.12.5 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.3%CVE-2024-39623HIGHWordPress ListingPro theme <= 2.9.4 - Cross Site Request Forgery (CSRF) to Account Takeover vulnerabilityEPSS 0.3%CVE-2022-32289MEDIUMWordPress Popup Builder plugin <= 4.1.0 - Cross-Site Request Forgery (CSRF) vulnerability leading to Popup Status ChangeEPSS 0.3%CVE-2022-40488MEDIUMProcessWire v3.0.200 was discovered to contain a Cross-Site Request Forgery (CSRF).EPSS 0.3%CVE-2024-42612HIGHPligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/domain_management.php?whitelist_addEPSS 0.3%