Weaknesses of type CWE-352
5,733 resultsCVE-2024-43930MEDIUMWordPress JobSearch WP Job Board WordPress Plugin plugin <= 2.5.3 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-30584HIGHWordPress AlphaOmega Captcha & Anti-Spam Filter plugin <= 3.3 - CSRF to Stored XSS VulnerabilityEPSS 0.2%CVE-2024-49340MEDIUMIBM Watson Studio Local cross-site request forgeryEPSS 0.2%CVE-2024-6405MEDIUMFloating Social Buttons <= 1.5 - Cross-Site Request ForgeryEPSS 0.2%CVE-2026-3772HIGHWP Editor <= 1.2.9.2 - Cross-Site Request Forgery to Remote Code Execution via Plugin and Theme File EditorEPSS 0.2%CVE-2026-7615MEDIUMWidget Context <= 1.3.3 - Cross-Site Request Forgery to Settings Update via 'wl' ParameterEPSS 0.2%CVE-2025-30577HIGHWordPress Browser Address Bar Color plugin <= 3.3 - Cross Site Request Forgery (CSRF) to Stored XSS VulnerabilityEPSS 0.2%CVE-2024-20940MEDIUMVulnerability in the Oracle Knowledge Management product of Oracle E-Business Suite (component: Create, Update, Authoring Flow). Supported EPSS 0.2%CVE-2025-31683MEDIUMGoogle Tag - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-012EPSS 0.2%CVE-2025-36375MEDIUMIBM DataPower Gateway vulnerable to CSRFEPSS 0.2%CVE-2023-42234MEDIUMPat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Cross Site Request Forgery (CSRF) via the WSCView function.EPSS 0.2%CVE-2025-31684MEDIUMOAuth2 Client - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-013EPSS 0.2%CVE-2020-10095HIGHVarious Lexmark devices have CSRF that allows an attacker to modify the configuration of the device.EPSS 0.2%CVE-2025-31601MEDIUMWordPress Appointy Appointment Scheduler plugin <= 4.2.1 - CSRF to Settings Change vulnerabilityEPSS 0.2%CVE-2024-43265MEDIUMWordPress Analytify plugin <= 5.3.1 - CSRF Leading to Optout VulnerabilityEPSS 0.2%CVE-2024-13304MEDIUMMinify JS - Moderately critical - Cross site request forgery - SA-CONTRIB-2024-070EPSS 0.2%CVE-2025-62258HIGHCSRF vulnerability in Headless API in Liferay Portal 7.4.0 through 7.4.3.107, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through upEPSS 0.2%CVE-2025-20326MEDIUMCisco Unified Communications Manager Cross-Site Request Forgery VulnerabilityEPSS 0.2%CVE-2024-37438MEDIUMWordPress Uncanny Toolkit Pro for LearnDash plugin < 4.1.4.1 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-6459HIGHAds Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.89 - Cross-Site Request Forgery to PHP Code Injection in bsaCreateAdTemplateEPSS 0.2%