Weaknesses of type CWE-352
5,726 resultsCVE-2025-21513MEDIUMVulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are EPSS 0.2%CVE-2025-13179MEDIUMBdtask/CodeCanyon Wholesale Inventory Control and Inventory Management System cross-site request forgeryEPSS 0.2%CVE-2025-1314MEDIUMCustom Twitter Feeds <= 2.2.5 - Cross-Site Request Forgery to Cache Reset via ctf_clear_cache_admin FunctionEPSS 0.2%CVE-2026-4138MEDIUMDX Unanswered Comments <= 1.7 - Cross-Site Request Forgery via Settings UpdateEPSS 0.2%CVE-2024-49779MEDIUMIBM OpenPages cross-site request forgeryEPSS 0.2%CVE-2024-51669MEDIUMWordPress Dynamic Widgets plugin <= 1.6.4 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-49272MEDIUMWordPress Social Auto Poster plugin <= 5.3.15 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-53775MEDIUMWordPress DancePress (TRWA) plugin <= 3.1.11 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-30855HIGHDedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /src/dede/makehtml_list_action.php.EPSS 0.2%CVE-2025-10317MEDIUMMultiple Cross-Site Request Forgery in Quick.CartEPSS 0.2%CVE-2024-32863MEDIUMexacqVison - CSRF issues with Web ServiceEPSS 0.2%CVE-2024-39020MEDIUMidccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/vpsApiData_deal.php?mudi=rev&nohrefStr=cEPSS 0.2%CVE-2024-12555MEDIUMSIP Calculator <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site ScriptingEPSS 0.2%CVE-2024-1375MEDIUMEvent post <= 5.9.10 - Cross-Site Request ForgeryEPSS 0.2%CVE-2025-27276HIGHWordPress Photo Gallery ( Responsive ) plugin <= 4.0 - CSRF to Privilege Escalation vulnerabilityEPSS 0.2%CVE-2026-50132HIGHBudibase: Chat Identity Link Hijacking via Missing Consent & CSRF — Account Impersonation in BudibaseEPSS 0.2%CVE-2024-9943MEDIUMMultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.4 - Cross-Site Request Forgery to Vendor UpdatesEPSS 0.2%CVE-2018-25370MEDIUMAdmidio 3.3.5 Cross-Site Request Forgery via roles_function.phpEPSS 0.2%CVE-2024-53684HIGHA cross-site request forgery (csrf) vulnerability exists in the WEBVIEW-M functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crEPSS 0.2%CVE-2024-40328MEDIUMidccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/memberOnline_deal.php?mudi=del&dataType=EPSS 0.2%