Weaknesses of type CWE-352
5,723 resultsCVE-2023-35778MEDIUMWordPress Recent Posts Slider Plugin <= 1.1 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.2%CVE-2024-37503MEDIUMWordPress Lawyer Landing Page theme <= 1.2.4 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-24843HIGHWordPress PowerPack Pro for Elementor Plugin < 2.10.8 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.2%CVE-2023-35780MEDIUMWordPress Galleria Plugin <= 1.0.3 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.2%CVE-2023-47550HIGHWordPress Donations Made Easy – Smart Donations Plugin <= 4.0.12 is vulnerable to Cross Site Scripting (XSS)EPSS 0.2%CVE-2019-20460HIGHAn issue was discovered on Epson Expression Home XP255 20.08.FM10I8 devices. POST requests don't require (anti-)CSRF tokens or other mechaniEPSS 0.2%CVE-2024-1503MEDIUMTutor LMS – eLearning and online course solution <= 2.6.1 - Cross-Site Request Forgery to Plugin Deactivation and Data EraseEPSS 0.2%CVE-2022-45228LOWDragino Lora LG01 18ed40 IoT v4.3.4 was discovered to contain a Cross-Site Request Forgery in the logout page.EPSS 0.2%CVE-2024-37937MEDIUMWordPress Rara Business theme <= 1.2.5 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2023-35047MEDIUMWordPress All Bootstrap Blocks Plugin <= 1.3.6 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.2%CVE-2024-49674CRITICALWordPress EKC Tournament Manager plugin <= 2.2.1 - CSRF to Arbitrary File Upload vulnerabilityEPSS 0.2%CVE-2026-6293MEDIUMInquiry form to posts or pages <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'inq_header' ParameterEPSS 0.2%CVE-2024-23597MEDIUMCross-site request forgery (CSRF) vulnerability exists in TvRock 0.9t8a. If a logged-in user of TVRock accesses a specially crafted page, unEPSS 0.2%CVE-2024-4344MEDIUMShield Security – Smart Bot Blocking & Intrusion Prevention Security <= 19.1.13 - Cross-Site Request ForgeryEPSS 0.2%CVE-2024-28430MEDIUMDedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/catalog_edit.php.EPSS 0.2%CVE-2025-5885MEDIUMKonica Minolta bizhub cross-site request forgeryEPSS 0.2%CVE-2026-42073MEDIUMOpenClaude's MCP OAuth Callback: State Check Bypass via error Param Leads to DoSEPSS 0.2%CVE-2024-54356MEDIUMWordPress Online Booking & Scheduling Calendar for WordPress by vcita plugin <= 4.5 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-5804MEDIUMConditional Fields for Contact Form 7 <= 2.4.13 - Cross-Site Request Forgery to Plugin Setting ResetEPSS 0.2%CVE-2022-50804MEDIUMJM-DATA ONU JF511-TV 1.0.67 Cross-Site Request Forgery (CSRF) VulnerabilityEPSS 0.2%