Weaknesses of type CWE-352
5,729 resultsCVE-2025-24622MEDIUMWordPress Job Board Manager plugin <= 2.1.59 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-64149MEDIUMA cross-site request forgery (CSRF) vulnerability in Jenkins Publish to Bitbucket Plugin 0.4 and earlier allows attackers to connect to an aEPSS 0.2%CVE-2024-55920MEDIUMCross-Site Request Forgery in Dashboard Module in TYPO3EPSS 0.2%CVE-2025-24739MEDIUMWordPress FluentSMTP plugin <= 2.2.80 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-34806MEDIUMWordPress Clearfy Cache plugin <= 2.2.1 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-54351HIGHWordPress Fancy Roller Scroller plugin <= 1.4.0 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-1506MEDIUMWp Social Login and Register Social Counter <= 3.1.0 - Cross-Site Request Forgery to Settings UpdateEPSS 0.2%CVE-2024-54337HIGHWordPress DX Dark Site plugin <= 1.0.1 - CSRF to Stored Cross-Site Scripting vulnerabilityEPSS 0.2%CVE-2024-34957MEDIUMidccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/sysImages_deal.php?mudi=infoSet.EPSS 0.2%CVE-2024-42792LOWA Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Music Management System v1.0 via /music/ajax.php?action=delete_playEPSS 0.2%CVE-2025-29766MEDIUMTuleap has missing CSRF protections on artifact submission & edition from the tracker viewEPSS 0.2%CVE-2026-34228HIGHEmlog: CSRF in Backend Upgrade Interface Leading to Arbitrary Remote SQL Execution and Arbitrary File WriteEPSS 0.2%CVE-2024-13518MEDIUMSimple:Press <= 6.10.12 - Cross-Site Request Forgery to Unauthorized Post EditingEPSS 0.2%CVE-2025-24647MEDIUMWordPress WooCommerce Cloak Affiliate Links plugin <= 1.0.35 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-31943MEDIUMWordPress USPS Shipping for WooCommerce plugin <= 1.9.2 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-54226HIGHWordPress Country Blocker plugin <= 3.2 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2026-6401MEDIUMBottom Bar <= 0.1.7 - Cross-Site Request Forgery to Settings UpdateEPSS 0.2%CVE-2025-21526MEDIUMVulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web AccEPSS 0.2%CVE-2026-11106MEDIUMInappropriate implementation in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafEPSS 0.2%CVE-2026-11270MEDIUMInappropriate implementation in UI in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data viEPSS 0.2%