Weaknesses of type CWE-352

5,731 results
CVE-2026-1672MEDIUMBEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net <= 1.1.5 - Cross-Site Request Forgery to Product Data ModificationEPSS 0.2%CVE-2024-45372MEDIUMMZK-DP300N firmware versions 1.04 and earlier contains a cross-site request forger vulnerability. Viewing a malicious page while logging in EPSS 0.2%CVE-2024-37243MEDIUMWordPress Vandana Lite theme <= 1.1.9 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-30617MEDIUMA Cross-Site Request Forgery (CSRF) vulnerability in Chamilo LMS 1.11.26 "/main/social/home.php," allows attackers to initiate a request thaEPSS 0.2%CVE-2025-60111HIGHWordPress Javo Core Plugin <= 3.0.0.266 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.2%CVE-2024-36452LOWCross-site request forgery vulnerability exists in ajaxterm module of Webmin versions prior to 2.003. If this vulnerability is exploited, unEPSS 0.2%CVE-2026-11083MEDIUMInappropriate implementation in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin dataEPSS 0.2%CVE-2024-31251MEDIUMWordPress Community by PeepSo plugin <= 6.3.1.1 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2026-11134MEDIUMInappropriate implementation in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafEPSS 0.2%CVE-2025-8479MEDIUMZoho Flow <= 2.14.1 - Cross-Site Request ForgeryEPSS 0.2%CVE-2026-6292MEDIUMMP Customize Login Page <= 1.0 - Cross-Site Request Forgery to Settings UpdateEPSS 0.2%CVE-2018-25155MEDIUMTeradek Slice 7.3.15 Cross-Site Request Forgery via Password ChangeEPSS 0.2%CVE-2026-11200MEDIUMInappropriate implementation in WebRTC in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a craEPSS 0.2%CVE-2026-11139MEDIUMInappropriate implementation in Paint in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafEPSS 0.2%CVE-2024-11142HIGHCSRF in Gosoft Software's Proticaret E-CommerceEPSS 0.2%CVE-2024-12526MEDIUMArena.IM – Live Blogging for real-time events <= 0.4.1 - Cross-Site Request Forgery to Settings UpdateEPSS 0.2%CVE-2025-60912LOWphpIPAM v1.7.3 contains a Cross-Site Request Forgery (CSRF) vulnerability in the database export functionality. The generate-mysql.php functEPSS 0.2%CVE-2024-37421MEDIUMWordPress JobScout theme <= 1.1.4 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2021-47722MEDIUMZucchetti Axess CLOKI Access Control 1.64 Cross-Site Request ForgeryEPSS 0.2%CVE-2024-4499HIGHCSRF Vulnerability in parisneo/lollms XTTS ServerEPSS 0.2%