Weaknesses of type CWE-352
5,733 resultsCVE-2025-23694HIGHWordPress Shabbos and Yom Tov plugin <= 1.9 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-23712HIGHWordPress Kapost plugin <= 2.2.9 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2024-41776MEDIUMIBM Cognos Controller cross-site request forgeryEPSS 0.2%CVE-2024-13405MEDIUMApptivo Business Site CRM <= 5.3 - Cross-Site Request Forgery to IP Address BlockEPSS 0.2%CVE-2025-23698HIGHWordPress WP Custom Google Search plugin <= 1.0 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-24875MEDIUMSameSite Defense in Depth not applied for some cookies in SAP CommerceEPSS 0.2%CVE-2025-23702HIGHWordPress Anonymize Links plugin <= 1.1 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2024-13774MEDIUMWishlist for WooCommerce: Multi Wishlists Per Customer <= 3.1.7 - Cross-Site Request Forgery to Cross-Site Scriping via Wishlist NameEPSS 0.2%CVE-2025-23690HIGHWordPress Book a Place plugin <= 0.7.1 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2024-40035MEDIUMidccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userLevel_deal.php?mudi=add.EPSS 0.2%CVE-2025-48099MEDIUMWordPress Search & Filter plugin <= 1.2.17 - Cross Site Request Forgery (CSRF) to Open Redirect vulnerabilityEPSS 0.2%CVE-2025-23710HIGHWordPress Flying Twitter Birds plugin <= 1.8 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-23677HIGHWordPress HTTP to HTTPS link changer by Eyga.net plugin <= 0.2.4 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2024-48047MEDIUMWordPress Linked Variation for WooCommerce plugin <= 1.0.5 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-56009MEDIUMCross site request forgery (CSRF) vulnerability in KeeneticOS before 4.3 at "/rci" API endpoint allows attackers to take over the device viaEPSS 0.2%CVE-2025-25111MEDIUMWordPress WP Spell Check plugin <= 9.21 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-13795MEDIUMEcwid by Lightspeed Ecommerce Shopping Cart <= 6.12.27 - Cross-Site Request Forgery to Send Deactivation MessageEPSS 0.2%CVE-2026-34384MEDIUMAdmidio: Missing CSRF Protection on Registration Approval ActionsEPSS 0.2%CVE-2026-3857HIGHCross-Site Request Forgery (CSRF) in GitLabEPSS 0.2%CVE-2025-23693HIGHWordPress Secure CAPTCHA plugin <= 1.2 - CSRF to Stored XSS vulnerabilityEPSS 0.2%