Weaknesses of type CWE-352

5,733 results
CVE-2025-39547HIGHWordPress Internal Link Optimiser plugin <= 5.1.3 - CSRF to XSS vulnerabilityEPSS 0.2%CVE-2025-32497HIGHWordPress Spoiler Block plugin <= 1.7 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-32619HIGHWordPress KeyCAPTCHA plugin <= 2.5.1 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-32610HIGHWordPress Foliopress WYSIWYG plugin <= 2.6.18 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-32597HIGHWordPress WordPress Events Calendar Plugin – connectDaily plugin <= 1.5.4 - CSRF to Cross-Site Scripting vulnerabilityEPSS 0.2%CVE-2025-29722MEDIUMA CSRF vulnerability in Commercify v1.0 allows remote attackers to perform unauthorized actions on behalf of authenticated users. The issue EPSS 0.2%CVE-2024-40038MEDIUMidccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userScore_deal.php?mudi=revEPSS 0.2%CVE-2025-32591HIGHWordPress WP Abstracts Plugin <= 2.7.5 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-13438MEDIUMPage Title, Description & Open Graph Updater <= 1.02 - Cross-Site Request Forgery to Arbitrary Page Title ModificationEPSS 0.2%CVE-2025-32612HIGHWordPress User Session Synchronizer plugin <= 1.4.0 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2026-40925HIGHWWBN AVideo has CSRF in configurationUpdate.json.php Enables Full Site Configuration Takeover Including Encoder URL and SMTP CredentialsEPSS 0.2%CVE-2025-32563HIGHWordPress WP Calais Auto Tagger plugin <= 2.0 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-32502HIGHWordPress ePaper Lister for Yumpu plugin <= 1.4.0 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-32584HIGHWordPress Chat2 plugin <= 4.0 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-32623HIGHWordPress PlainInventory plugin <= 3.1.9 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2026-3193LOWChia Blockchain send_transaction cross-site request forgeryEPSS 0.2%CVE-2025-32555HIGHWordPress SEO, Nutrition and Print for Recipes by Edamam plugin <= 3.3 - CSRF to Cross-Site Scripting vulnerabilityEPSS 0.2%CVE-2023-50931HIGHAn issue was discovered in savignano S/Notify before 2.0.1 for Bitbucket. While an administrative user is logged on, the configuration settiEPSS 0.2%CVE-2025-70062MEDIUMPHPGurukul Hospital Management System v4.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the 'Add Doctor' module. The applicEPSS 0.2%CVE-2024-42768MEDIUMA Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Hotel Management System v1.0 via /admin/delete_room.php.EPSS 0.2%