Weaknesses of type CWE-352
5,733 resultsCVE-2024-34807MEDIUMWordPress Fast Custom Social Share by CodeBard plugin <= 1.1.2 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2020-37026MEDIUMSickbeard 0.1 - Cross-Site Request ForgeryEPSS 0.2%CVE-2018-25387MEDIUMHaPe PKH 1.1 Cross-Site Request Forgery via aksi_user.phpEPSS 0.2%CVE-2024-38789MEDIUMWordPress Telegram Bot & Channel plugin <= 3.8.2 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-4499HIGHCSRF Vulnerability in parisneo/lollms XTTS ServerEPSS 0.2%CVE-2025-24636HIGHWordPress MachForm Shortcode plugin <= 1.4.1 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-62245MEDIUMCross-site request forgery (CSRF) vulnerability in Liferay Portal 7.4.1 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023EPSS 0.2%CVE-2025-27912HIGHAn issue was discovered in Datalust Seq before 2024.3.13545. Missing Content-Type validation can lead to CSRF when (1) Entra ID or OpenID CoEPSS 0.2%CVE-2020-37144MEDIUMExagate Sysguard 6001 - Cross-Site Request Forgery (Add Admin)EPSS 0.2%CVE-2024-56251MEDIUMWordPress Event Espresso plugin <= 5.0.28.decaf - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-38764MEDIUMWordPress i-transform theme <= 3.0.9 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-39512MEDIUMWordPress Bulk Term Editor plugin <= 1.1.4 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.2%CVE-2026-8420MEDIUMBLOGCHAT Chat System <= 1.3.6.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting via Settings UpdateEPSS 0.2%CVE-2024-43336MEDIUMWordPress WP User Manager – User Profile Builder & Membership plugin <= 2.9.10 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-37931MEDIUMWordPress Point theme <= 1.1 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-1320MEDIUMteachPress <= 9.0.9 - Cross-Site Request Forgery to Import DeleteEPSS 0.2%CVE-2026-6391MEDIUMSentence To SEO (keywords, description and tags) <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via Settings Page ParametersEPSS 0.2%CVE-2026-13944LOWInappropriate implementation in DataTransfer in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who convinced a user tEPSS 0.2%CVE-2026-27146HIGHGetSimple CMS: Cross-Site Request Forgery (CSRF) in File Upload Allows Arbitrary UploadsEPSS 0.2%CVE-2024-38731MEDIUMWordPress i-amaze theme <= 1.3.7 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%