Weaknesses of type CWE-352
5,728 resultsCVE-2024-9943MEDIUMMultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.4 - Cross-Site Request Forgery to Vendor UpdatesEPSS 0.2%CVE-2025-27276HIGHWordPress Photo Gallery ( Responsive ) plugin <= 4.0 - CSRF to Privilege Escalation vulnerabilityEPSS 0.2%CVE-2024-12555MEDIUMSIP Calculator <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site ScriptingEPSS 0.2%CVE-2024-38691MEDIUMWordPress Metorik plugin <= 1.7.1 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-48057MEDIUMlocalai <=2.20.1 is vulnerable to Cross Site Scripting (XSS). When calling the delete model API and passing inappropriate parameters, it canEPSS 0.2%CVE-2023-40212MEDIUMWordPress WooCommerce Product Attachment Plugin <= 2.1.8 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.2%CVE-2024-37467MEDIUMWordPress Hestia theme <= 3.1.2 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-32479HIGHWordPress Flags Widget plugin <= 1.0.7 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2026-1785MEDIUMCode Snippets <= 3.9.4 - Cross-Site Request Forgery to Cloud Snippet Download/Update ActionsEPSS 0.2%CVE-2025-31390HIGHWordPress Social Crowd plugin <= 0.9.6.1 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2024-37518MEDIUMWordPress The Events Calendar plugin <= 6.5.1.4 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2023-40198MEDIUMWordPress Easy Cookie Law Plugin <= 3.1 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.2%CVE-2023-37391MEDIUMWordPress WordPress Mobile Pack Plugin <= 3.4.1 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.2%CVE-2025-32250MEDIUMWordPress Rollbar plugin <= 2.7.1 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-31388HIGHWordPress The World plugin <= 0.4 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-31382HIGHWordPress Language Field plugin <= 0.9 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2024-35554MEDIUMidccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoWeb_deal.php?mudi=del&dataType=newsWEPSS 0.2%CVE-2025-31402HIGHWordPress NewsBoard Post and RSS Scroller plugin <= 1.2.12 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2024-37240MEDIUMWordPress Falang multilanguage for WordPress plugin <= 1.3.51 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-31395HIGHWordPress Easy Custom CSS plugin <= 1.0 - CSRF to Stored XSS vulnerabilityEPSS 0.2%