Weaknesses of type CWE-352

5,733 results
CVE-2024-43356MEDIUMWordPress oik plugin <= 4.12.0 - Arbitrary File Deletion vulnerabilityEPSS 0.2%CVE-2024-43295MEDIUMWordPress WP Data Access plugin <= 5.5.7 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-43299MEDIUMWordPress SpeedyCache plugin <= 1.1.8 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-52388HIGHWordPress Hebrew Date plugin <= 2.1.0 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2026-8426HIGHConcrete CMS 9.5.0 and below is vulnerable to CSRF on prepare_remote_upgrade() leading to one-request RCE via package overwriteEPSS 0.2%CVE-2025-22555HIGHWordPress Smoothness Slider Shortcode plugin <= v1.2.2 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-47701HIGHRestrict route by IP - Critical - Cross Site Request Forgery - SA-CONTRIB-2025-047EPSS 0.2%CVE-2025-22559HIGHWordPress TubePress.NET Plugin <= 4.0.1 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2026-8421HIGHConcrete CMS 9.5.0 and below is vulnerable to CSRF on install_package() with conditional token bypass leading to RCEEPSS 0.2%CVE-2024-37925MEDIUMWordPress BuddyBoss Theme theme <= 2.4.61 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-22571HIGHWordPress Instabot plugin <= 1.10 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-52835CRITICALWordPress WING WordPress Migrator plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-22556HIGHWordPress Norse Rune Oracle plugin <= 1.4.2 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-47708HIGHEnterprise MFA - TFA for Drupal - Critical - Cross Site Request Forgery - SA-CONTRIB-2025-054EPSS 0.2%CVE-2025-36728MEDIUMSimpleHelp Cross Site Request ForgeryEPSS 0.2%CVE-2025-22557HIGHWordPress News Publisher Autopilot plugin <= 2.1.4 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2024-52421HIGHWordPress WP Popup Window Maker plugin <= 2.0 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-22590HIGHWordPress Prayer Times Anywhere plugin <= 2.0.1 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2024-51157MEDIUM07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component http://erp.07fly.net:80/oa/OaSchedule/add.htEPSS 0.2%CVE-2025-25093MEDIUMWordPress Child Themes Helper plugin <= 2.2.7 - CSRF to Arbitrary File Deletion vulnerabilityEPSS 0.2%