Weaknesses of type CWE-352
5,729 resultsCVE-2021-35486HIGHA Cross-Site Request Forgery (CSRF) vulnerability in Nokia IMPACT through 19.11.2.10-20210118042150283 allows a remote attacker to import anEPSS 0.2%CVE-2026-54220HIGHCross-Site Request Forgery in UBB.threadsEPSS 0.2%CVE-2023-4000MEDIUMWaiting: One-click countdowns <= 0.6.2 - Cross-Site Request ForgeryEPSS 0.2%CVE-2025-57902MEDIUMWordPress RIS Version Switcher – Downgrade or Upgrade WP Versions Easily Plugin <= 1.0 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.2%CVE-2023-3409MEDIUMBricks <= 1.8.1 - Cross-Site Request Forgery via reset_settingsEPSS 0.2%CVE-2026-11106MEDIUMInappropriate implementation in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafEPSS 0.2%CVE-2024-26450MEDIUMAn issue exists within Piwigo before v.14.2.0 allowing a malicious user to take over the application. This exploit involves chaining a CrossEPSS 0.2%CVE-2025-53483HIGHSecurePoll: Multiple admin actions vulnerable to Cross-Site Request ForgeryEPSS 0.2%CVE-2024-2964MEDIUMPocket News Generator <= 0.2.0 - Cross-Site Request Forgery to Settings UpdateEPSS 0.2%CVE-2024-27194HIGHWordPress Fontific plugin <= 0.1.6 - CSRF to XSS vulnerabilityEPSS 0.2%CVE-2025-21507MEDIUMVulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are EPSS 0.2%CVE-2024-37774HIGHA Cross-Site Request Forgery (CSRF) in Sunbird DCIM dcTrack v9.1.2 allows authenticated attackers to escalate their privileges by forcing anEPSS 0.2%CVE-2026-9486MEDIUMSourceCodester Student Grades Management System cross-site request forgeryEPSS 0.2%CVE-2026-6401MEDIUMBottom Bar <= 0.1.7 - Cross-Site Request Forgery to Settings UpdateEPSS 0.2%CVE-2025-22347HIGHWordPress BSK Forms Blacklist plugin <= 3.9 - CSRF to SQL Injection vulnerabilityEPSS 0.2%CVE-2024-52479MEDIUMWordPress Jobify plugin < 4.3.0 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-30764MEDIUMWordPress Football Pool plugin <= 2.12.2 - Cross Site Request Forgery (CSRF) to Settings Change vulnerabilityEPSS 0.2%CVE-2026-31016MEDIUMCross Site Request Forgery vulnerability in Squidex.io Squidex CMS v.7.21.0 and before allows a remote attacker to escalate privileges via tEPSS 0.2%CVE-2024-30460MEDIUMWordPress Tumult Hype Animations plugin <= 1.9.11 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-9891MEDIUMUser Sync – Remote User Sync <= 1.0.2 - Cross-Site Request Forgery to Plugin DeactivationEPSS 0.2%