Weaknesses of type CWE-352
5,730 resultsCVE-2026-11194MEDIUMInappropriate implementation in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crEPSS 0.2%CVE-2024-55922MEDIUMCross-Site Request Forgery in Form Framework Module in TYPO3EPSS 0.2%CVE-2025-7835MEDIUMiThoughts Advanced Code Editor <= 1.2.10 - Cross-Site Request Forgery to Settings UpdateEPSS 0.2%CVE-2025-24724MEDIUMWordPress Side Menu Lite Plugin <= 5.3.1 - Cross Site Request Forgery (CSRF) to Settings Change vulnerabilityEPSS 0.2%CVE-2025-24720MEDIUMWordPress Sticky Buttons Plugin <= 4.1.1 - Cross Site Request Forgery (CSRF) to Settings Change vulnerabilityEPSS 0.2%CVE-2024-13523MEDIUMMemorialDay <= 1.0.4 - Cross-Site Request Forgery to Stored Cross-Site ScriptingEPSS 0.2%CVE-2025-21538MEDIUMVulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are EPSS 0.2%CVE-2024-13683MEDIUMAutomate Hub Free by Sperse.IO <= 1.7.0 - Cross-Site Request Forgery to Activation Status UpdateEPSS 0.2%CVE-2025-62797HIGHCSRF in FluxCP account endpoints allows account takeover / state-changing actionsEPSS 0.2%CVE-2025-22563MEDIUMWordPress Pretty Urls Plugin <= 1.5.5 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2026-40549MEDIUMCross-Site Request Forgery in SOPlanningEPSS 0.2%CVE-2024-35557MEDIUMidccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/vpsApi_deal.php?mudi=rev&nohrefStr=closeEPSS 0.2%CVE-2015-20113MEDIUMRealtyScript 4.0.2 Multiple Cross-Site Request Forgery and Persistent Cross-Site Scripting VulnerabilitiesEPSS 0.2%CVE-2025-66407MEDIUMWeblate has Server-Side Request Forgery vulnerabilityEPSS 0.2%CVE-2024-8120MEDIUMImageRecycle pdf & image compression <= 3.1.14 - Cross-Site Request in Several AJAX ActionsEPSS 0.2%CVE-2026-24885MEDIUMKanboard Affected by Cross-Site Request Forgery (CSRF) via Content-Type Misconfiguration in Project Role AssignmentEPSS 0.2%CVE-2023-2447MEDIUMUserPro <= 5.1.1 - Cross-Site Request Forgery to Sensitive Information ExposureEPSS 0.2%CVE-2025-54598MEDIUMThe Bevy Event service through 2025-07-22, as used for eBay Seller Events and other activities, allows CSRF to delete all notifications via EPSS 0.2%CVE-2026-4131MEDIUMWP Responsive Popup + Optin <= 1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'wpo_image_url' ParameterEPSS 0.2%CVE-2026-1924MEDIUMAruba HiSpeed Cache <= 3.0.4 - Cross-Site Request Forgery to Plugin Settings ResetEPSS 0.2%