Weaknesses of type CWE-352
5,721 resultsCVE-2024-28672MEDIUMDedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/media_edit.php.EPSS 0.2%CVE-2023-51678MEDIUMWordPress Doofinder for WooCommerce Plugin <= 2.0.33 is vulnerable to Broken Access ControlEPSS 0.2%CVE-2024-8507HIGHFile Manager Pro <= 8.3.9 - Cross-Site Request Forgery to Arbitrary File UploadEPSS 0.2%CVE-2022-45847MEDIUMWordPress Countdown Widget plugin <= 3.1.9.1 - Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS)EPSS 0.2%CVE-2022-46798MEDIUMWordPress WooLentor Plugin <= 2.5.1 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.2%CVE-2023-37998MEDIUMWordPress Disabler Plugin <= 3.0.3 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.2%CVE-2022-41297MEDIUMIBM Db2U cross-site request forgeryEPSS 0.2%CVE-2024-13707HIGHWP Image Uploader <= 1.0.1 - Cross-Site Request Forgery to Arbitrary File DeletionEPSS 0.2%CVE-2022-45850MEDIUMWordPress Image Map Pro premium plugin < 5.6.9 - Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS)EPSS 0.2%CVE-2022-38468MEDIUMWordPress NextGEN Gallery Plugin <= 3.28 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.2%CVE-2024-45987MEDIUMProjectworld Online Voting System Version 1.0 is vulnerable to Cross Site Request Forgery (CSRF) via voter.php. This vulnerability allows anEPSS 0.2%CVE-2023-23983MEDIUMWordPress Responsive Vertical Icon Menu Plugin <= 1.5.8 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.2%CVE-2023-40172MEDIUMCross-Site Request Forgery (CSRF) in fobybus/social-media-skeletonEPSS 0.2%CVE-2024-31382MEDIUMWordPress Blocksy theme <= 2.0.22 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2023-7202MEDIUMFatal Error Notify < 1.5.3 - Subscriber+ Test Error Email SendingEPSS 0.2%CVE-2024-37940HIGHWordPress Seraphinite Accelerator (Full, premium) plugin <= 2.21.13 - CSRF Leading to Arbitrary File Deletion vulnerabilityEPSS 0.2%CVE-2024-10906HIGHCross-Site Request Forgery (CSRF) in eosphoros-ai/db-gptEPSS 0.2%CVE-2023-6788MEDIUMMetform Elementor Contact Form Builder <= 3.8.1 - Cross-Site Request ForgeryEPSS 0.2%CVE-2025-3064HIGHWPFront User Role Editor <= 4.2.1 - Cross-Site Request Forgery to Privilege Escalation via whitelist_options FunctionEPSS 0.2%CVE-2023-2508MEDIUMCSRF in PaperCutNG Mobility Print leads to sophisticated phishingEPSS 0.2%