Weaknesses of type CWE-352
5,731 resultsCVE-2020-37106MEDIUMBusiness Live Chat Software 1.0 - Cross-Site Request Forgery (Add Admin)EPSS 0.2%CVE-2025-30923MEDIUMWordPress Gift Message for WooCommerce plugin <= 1.7.8 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2022-40724MEDIUMCross-Site Request Forgery on PingFederate Local Identity Profiles Endpoint.EPSS 0.2%CVE-2023-2447MEDIUMUserPro <= 5.1.1 - Cross-Site Request Forgery to Sensitive Information ExposureEPSS 0.2%CVE-2025-54598MEDIUMThe Bevy Event service through 2025-07-22, as used for eBay Seller Events and other activities, allows CSRF to delete all notifications via EPSS 0.2%CVE-2026-4131MEDIUMWP Responsive Popup + Optin <= 1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'wpo_image_url' ParameterEPSS 0.2%CVE-2025-23717HIGHWordPress Theme My Ontraport Smartform plugin <= 1.2.11 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2024-37441MEDIUMWordPress NewsMash theme <= 1.0.34 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-32273MEDIUMWordPress Freetobook Responsive Widget Plugin <= 1.1 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2026-6396MEDIUMFast & Fancy Filter – 3F <= 1.2.2 - Cross-Site Request Forgery to Settings Modification via fff_save_settins AJAX ActionEPSS 0.2%CVE-2025-28868MEDIUMWordPress ZipList Recipe plugin <= 3.1 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-37448MEDIUMWordPress OnePress theme <= 2.3.6 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-28866MEDIUMWordPress Login Logger plugin <= 1.2.1 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-28859MEDIUMWordPress Maintenance Notice plugin <= 1.0.6 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-32270MEDIUMWordPress Broadstreet plugin <= 1.52.1 - Cross Site Request Forgery (CSRF) to Settings Change vulnerabilityEPSS 0.2%CVE-2025-31880MEDIUMWordPress Pearl plugin <= 1.3.9 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-28862MEDIUMWordPress Comment Date and Gravatar remover plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-37458MEDIUMWordPress Highlight theme <= 1.0.29 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-23715HIGHWordPress Post & Page Notes plugin <= 0.1.1 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2024-34755MEDIUMWordPress Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin <= 1.3.9 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%