Weaknesses of type CWE-352

5,733 results
CVE-2025-29722MEDIUMA CSRF vulnerability in Commercify v1.0 allows remote attackers to perform unauthorized actions on behalf of authenticated users. The issue EPSS 0.2%CVE-2025-32610HIGHWordPress Foliopress WYSIWYG plugin <= 2.6.18 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-32616HIGHWordPress Nimbata Call Tracking plugin <= 1.7.4 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-32497HIGHWordPress Spoiler Block plugin <= 1.7 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-32623HIGHWordPress PlainInventory plugin <= 3.1.9 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2023-50931HIGHAn issue was discovered in savignano S/Notify before 2.0.1 for Bitbucket. While an administrative user is logged on, the configuration settiEPSS 0.2%CVE-2025-32481HIGHWordPress Nino Social Connect plugin <= 2.0 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-32556HIGHWordPress Simple Post Meta Manager Plugin <= 1.0.9 - CSRF to Reflected Cross-Site Scripting vulnerabilityEPSS 0.2%CVE-2025-32505HIGHWordPress MultiMailer plugin <= 1.0.3 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-13438MEDIUMPage Title, Description & Open Graph Updater <= 1.02 - Cross-Site Request Forgery to Arbitrary Page Title ModificationEPSS 0.2%CVE-2025-32502HIGHWordPress ePaper Lister for Yumpu plugin <= 1.4.0 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-32597HIGHWordPress WordPress Events Calendar Plugin – connectDaily plugin <= 1.5.4 - CSRF to Cross-Site Scripting vulnerabilityEPSS 0.2%CVE-2026-40925HIGHWWBN AVideo has CSRF in configurationUpdate.json.php Enables Full Site Configuration Takeover Including Encoder URL and SMTP CredentialsEPSS 0.2%CVE-2025-32482HIGHWordPress Custom Smilies plugin <= 1.2 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2026-59148HIGHMockoon: Unauthenticated admin API + wildcard CORS allows mock-state hijack and secret theftEPSS 0.2%CVE-2025-32563HIGHWordPress WP Calais Auto Tagger plugin <= 2.0 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-32575HIGHWordPress WP w3all phpBB Plugin <= 2.9.9 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-32591HIGHWordPress WP Abstracts Plugin <= 2.7.5 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-32498HIGHWordPress VKontakte Cross-Post plugin <= 0.3.2 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2026-36960HIGHA Cross-Site Request Forgery (CSRF) vulnerability exists in the web management interface of the U-SPEED N300 Rounter V1.0.0. The device doesEPSS 0.2%