Weaknesses of type CWE-352
5,731 resultsCVE-2024-53713HIGHWordPress Silverlight Video Player plugin <= 1.0 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2024-51658HIGHWordPress WP Course Manager plugin <= 1.3 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2024-49294MEDIUMWordPress WpBusTicketly plugin <= 5.4.3 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-11014MEDIUMCross-site request forgery (CSRF) vulnerability in NEC Corporation UNIVERGE IX from Ver9.2 to Ver10.10.21, for Ver10.8 up to Ver10.8.27 and EPSS 0.2%CVE-2024-53714HIGHWordPress Continue Shopping From Cart plugin <= 1.3 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-25769HIGHWangmarket v4.10 to v5.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /controller/UserController.java.EPSS 0.2%CVE-2024-53710HIGHWordPress ITERAS plugin <= 1.8.0 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2024-51659HIGHWordPress Twitter @Anywhere Plus plugin <= 2.0 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2024-53711HIGHWordPress Hotlink2Watermark plugin <= 0.3.2 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2024-53712HIGHWordPress Kevin's plugin <= 2.0.0 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2026-55744HIGHCotonti CSRF in PFS allows forced arbitrary file uploadEPSS 0.2%CVE-2024-3593HIGHUberMenu <= 3.8.3 - Cross-Site Request Forgery to Settings ResetEPSS 0.2%CVE-2024-31251MEDIUMWordPress Community by PeepSo plugin <= 6.3.1.1 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-12526MEDIUMArena.IM – Live Blogging for real-time events <= 0.4.1 - Cross-Site Request Forgery to Settings UpdateEPSS 0.2%CVE-2018-25156MEDIUMTeradek Cube 7.3.6 Cross-Site Request Forgery Password ChangeEPSS 0.2%CVE-2021-47722MEDIUMZucchetti Axess CLOKI Access Control 1.64 Cross-Site Request ForgeryEPSS 0.2%CVE-2024-36452LOWCross-site request forgery vulnerability exists in ajaxterm module of Webmin versions prior to 2.003. If this vulnerability is exploited, unEPSS 0.2%CVE-2026-11084MEDIUMInappropriate implementation in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin dataEPSS 0.2%CVE-2025-8104MEDIUMMemory Usage <= 3.98 - Cross-Site Request Forgery to Limited Plugin Installation via wpmemory_install_plugin FunctionEPSS 0.2%CVE-2025-8479MEDIUMZoho Flow <= 2.14.1 - Cross-Site Request ForgeryEPSS 0.2%