Weaknesses of type CWE-352

5,729 results
CVE-2024-54393HIGHWordPress WP Fiddle plugin <= 1.0 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2024-13260HIGHMigrate queue importer - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2024-024EPSS 0.2%CVE-2024-2748MEDIUMCSRF vulnerability was identified in GitHub Enterprise Server that allowed performing actions on behalf of a userEPSS 0.2%CVE-2024-52420MEDIUMWordPress Disable Admin Notices individually plugin <= 1.4.0 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2026-6755MEDIUMMitigation bypass in the DOM: postMessage componentEPSS 0.2%CVE-2024-3407MEDIUMWP Prayer <= 2.0.9 - Arbitrary Prayer Deletion via CSRFEPSS 0.2%CVE-2024-12383MEDIUMBinary MLM Woocommerce <= 2.0 - Cross-Site Request Forgery to Stored Cross-Site ScriptingEPSS 0.2%CVE-2024-13284HIGHGutenberg - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2024-048EPSS 0.2%CVE-2024-12557MEDIUMTransporters.io <= 2.1.1 - Cross-Site Request Forgery to Stored Cross-Site ScriptingEPSS 0.2%CVE-2024-13244HIGHMigrate Tools - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2024-008EPSS 0.2%CVE-2025-48885MEDIUMapplication-urlshortener users can create arbitrary pages as long as they have view access to themEPSS 0.2%CVE-2024-2969MEDIUMWP-Eggdrop <= 0.1 - Cross-Site Request Forgery to Settings UpdateEPSS 0.2%CVE-2024-13250HIGHDrupal Symfony Mailer Lite - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2024-014EPSS 0.2%CVE-2026-54359HIGHMISP automation endpoints may be exposed to CSRF when Sec-Fetch-Site protection is disabled by defaultEPSS 0.2%CVE-2024-54337HIGHWordPress DX Dark Site plugin <= 1.0.1 - CSRF to Stored Cross-Site Scripting vulnerabilityEPSS 0.2%CVE-2025-29766MEDIUMTuleap has missing CSRF protections on artifact submission & edition from the tracker viewEPSS 0.2%CVE-2025-7330HIGHRockwell Automation 1783-NATR Cross-Site Request Forgery VulnerabilityEPSS 0.2%CVE-2025-24622MEDIUMWordPress Job Board Manager plugin <= 2.1.59 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-32112MEDIUMWordPress Leadinfo plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-31943MEDIUMWordPress USPS Shipping for WooCommerce plugin <= 1.9.2 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%