Weaknesses of type CWE-352
5,726 resultsCVE-2024-51634HIGHWordPress Webriti Custom Login plugin <= 0.3 - CSRF to Reflected Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2024-50533HIGHWordPress Domain Sharding plugin <= 1.2.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2024-51636HIGHWordPress Plugin Name: GMO Social Connection plugin <= 1.2 - CSRF to Stored Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2025-22503MEDIUMWordPress Admin debug wordpress – enable debug Plugin <= 1.0.13 - Cross Site Request Forgery vulnerabilityEPSS 0.2%CVE-2023-27435MEDIUMWordPress HTTP Auth Plugin <= 0.3.2 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.2%CVE-2024-22290HIGHWordPress Custom Dashboard Widgets Plugin <= 1.3.1 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.2%CVE-2026-4138MEDIUMDX Unanswered Comments <= 1.7 - Cross-Site Request Forgery via Settings UpdateEPSS 0.2%CVE-2025-1314MEDIUMCustom Twitter Feeds <= 2.2.5 - Cross-Site Request Forgery to Cache Reset via ctf_clear_cache_admin FunctionEPSS 0.2%CVE-2025-21513MEDIUMVulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are EPSS 0.2%CVE-2025-27579MEDIUMIn Bitaxe ESP-Miner before 2.5.0 with AxeOS, one can use an /api/system CSRF attack to update the payout address (aka stratumUser) for a BitEPSS 0.2%CVE-2025-23559HIGHWordPress MemeOne plugin <= 2.0.5 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2023-50930HIGHAn issue was discovered in savignano S/Notify before 4.0.2 for Jira. While an administrative user is logged on, the configuration settings oEPSS 0.2%CVE-2024-41744MEDIUMIBM CICS TX Standard cross-site request forgeryEPSS 0.2%CVE-2025-5142MEDIUMSimple Page Access Restriction <= 1.0.31 - Cross-Site Request Forgery via Multiple ParametersEPSS 0.2%CVE-2025-39593MEDIUMWordPress Ever Accounting plugin <= 2.1.5 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.2%CVE-2024-30855HIGHDedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /src/dede/makehtml_list_action.php.EPSS 0.2%CVE-2024-31205MEDIUMSaleor CSRF bypass in refreshToken mutationEPSS 0.2%CVE-2024-53775MEDIUMWordPress DancePress (TRWA) plugin <= 3.1.11 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-49627MEDIUMWordPress WordPress Image SEO plugin <= 1.1.4 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-10480MEDIUM3DPrint Lite < 2.1 - Settings Update via CSRFEPSS 0.2%