Weaknesses of type CWE-352
5,730 resultsCVE-2024-35561MEDIUMidccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ca_deal.php?mudi=add&nohrefStr=close.EPSS 0.2%CVE-2024-21202MEDIUMVulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions thEPSS 0.2%CVE-2026-44364CRITICALmisp-modules website - Missing CSRF protection in the website home blueprintEPSS 0.2%CVE-2025-12535MEDIUMSureForms <= 1.13.1 - Cross-Site Request Forgery Protection Bypass via Improper Nonce DistributionEPSS 0.2%CVE-2024-35684MEDIUMWordPress ElasticPress plugin <= 5.1.1 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-38729MEDIUMWordPress MBE eShip plugin <= 2.1.2 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-21044MEDIUMVulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versioEPSS 0.2%CVE-2024-7574MEDIUMChristmasify! <= 1.5.5 - Cross-Site Request Forgery to Stored Cross-Site ScriptingEPSS 0.2%CVE-2024-56015HIGHWordPress Tidy Up Plugin <= 1.3 - CSRF to Reflected Cross-Site Scripting vulnerabilityEPSS 0.2%CVE-2025-23649HIGHWordPress Auphonic Importer plugin <= 1.5.1 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-23654HIGHWordPress Twitter Post plugin <= 0.1 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-23572HIGHWordPress UpDownUpDown plugin <= 1.1 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-29929MEDIUMTuleap is missing CSRF protection on tracker hierarchy administrationEPSS 0.2%CVE-2026-22342HIGHWordPress WordPress Dating Theme theme <= 11.2.0 - Cross Site Request Forgery (CSRF) to Account Takeover vulnerabilityEPSS 0.2%CVE-2024-13511MEDIUMVariation Swatches for WooCommerce 1.0.8 - 1.3.2 - Cross-Site Request Forgery to Plugin Settings ResetEPSS 0.2%CVE-2025-10377MEDIUMSystem Dashboard <= 2.8.20 - Cross-Site Request ForgeryEPSS 0.2%CVE-2024-31105HIGHWordPress Tax Rate Upload plugin <= 2.4.5 - CSRF leading to Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2025-9886MEDIUMTrinity Audio <= 5.20.2 - Cross-Site Request ForgeryEPSS 0.2%CVE-2025-23569HIGHWordPress Shortcode in Comment plugin <= 1.1.1 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-23661HIGHWordPress NV Slider plugin <= 1.6 - CSRF to Stored Cross-Site Scripting vulnerabilityEPSS 0.2%