Weaknesses of type CWE-352

5,731 results
CVE-2025-23717HIGHWordPress Theme My Ontraport Smartform plugin <= 1.2.11 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-32271MEDIUMWordPress Woocommerce Role Pricing Plugin <= 3.5.6 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2018-25321MEDIUMTP-Link TL-WR720N CSRF via Administrative Interfaces (firmware V1_130719)EPSS 0.2%CVE-2025-31753MEDIUMWordPress Advanced Speed Increaser Plugin <= 2.2.1 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-37413MEDIUMWordPress Preschool and Kindergarten theme <= 1.2.1 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-37458MEDIUMWordPress Highlight theme <= 1.0.29 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-28876MEDIUMWordPress Skrill Official plugin <= 1.0.66 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-37104MEDIUMWordPress Chic Lite theme <= 1.1.3 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-25128HIGHWordPress Facilita Form Tracker plugin <= 1.0 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2026-46869MEDIUMVulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: Dump and Load). Supported versions that are affected are 8.4.0-EPSS 0.2%CVE-2025-28862MEDIUMWordPress Comment Date and Gravatar remover plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-37441MEDIUMWordPress NewsMash theme <= 1.0.34 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-32269MEDIUMWordPress WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms Plugin <= 1.1.3 - Cross Site Request Forgery (CSRF) to Settings Change vulnerabilityEPSS 0.2%CVE-2025-23720HIGHWordPress Web Push plugin <= 1.4.0 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2024-39645MEDIUMWordPress Tutor LMS plugin <= 2.7.2 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2026-6396MEDIUMFast & Fancy Filter – 3F <= 1.2.2 - Cross-Site Request Forgery to Settings Modification via fff_save_settins AJAX ActionEPSS 0.2%CVE-2025-32268MEDIUMWordPress QR Code Tag for WC plugin <= 1.9.42 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-32272MEDIUMWordPress Wishlist plugin <= 1.0.46 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-28856MEDIUMWordPress W3Counter Free Real-Time Web Stats plugin <= 4.1 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-28866MEDIUMWordPress Login Logger plugin <= 1.2.1 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%