Weaknesses of type CWE-352
5,733 resultsCVE-2024-11341MEDIUMSimple Redirection <= 1.5 - Cross-Site Request Forgery to Arbitrary Site RedirectEPSS 0.2%CVE-2024-52477HIGHWordPress Document & Data Automation plugin <= 1.6.1 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2024-53722HIGHWordPress Favicon My Blog plugin <= 1.0.2 - CSRF to Stored Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2026-40309HIGHMasa CMS CSRF in trash management allows unauthorized permanent deletion of deleted contentEPSS 0.2%CVE-2025-47462HIGHWordPress Challan plugin <= 3.7.58 - CSRF to Privilege Escalation vulnerabilityEPSS 0.2%CVE-2024-9588MEDIUMCategory and Taxonomy Meta Fields <= 1.0.0 - Cross-Site Request Forgery to Taxonomy Meta Add/DeleteEPSS 0.2%CVE-2024-8477MEDIUMNewsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue) <= 3.1.87 - Cross-Site Request ForgeryEPSS 0.2%CVE-2026-40174HIGHMasa CMS CSRF in user address management allows unauthorized address changesEPSS 0.2%CVE-2026-40458HIGHCross-Site Request Forgery in PAC4JEPSS 0.2%CVE-2024-31613MEDIUMBOSSCMS v3.10 is vulnerable to Cross Site Request Forgery (CSRF) in name="head_code" or name="foot_code."EPSS 0.2%CVE-2026-41317MEDIUMFrappe Press has an unsafe HTTP method / CSRF-adjacent issue on API secret generationEPSS 0.2%CVE-2026-2112MEDIUMDam Spam <= 1.0.8 - Cross-Site Request Forgery to Arbitrary Pending Comment DeletionEPSS 0.2%CVE-2025-32280MEDIUMWordPress WP Project Manager plugin < 2.6.25 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.2%CVE-2025-7379MEDIUMA security bypass vulnerability was found in DataSync Center installed on ADMEPSS 0.2%CVE-2025-1382MEDIUMContact Us By Lord Linus <= 2.6 - Admin+ Stored XSS via CSRFEPSS 0.2%CVE-2026-3499HIGHProduct Feed PRO for WooCommerce by AdTribes – Product Feeds for WooCommerce 13.4.6 - 13.5.2.1 - Cross-Site Request Forgery to Multiple Administrative ActionsEPSS 0.2%CVE-2026-42091MEDIUMgoshs has Cross-Origin Arbitrary File Write via Missing CSRF on PUT and Wildcard CORSEPSS 0.2%CVE-2025-14266LOWCSRF in Ercom Cryptobox administration consoleEPSS 0.2%CVE-2026-42286HIGHEmlog: Cross-Site Request Forgery in Admin FunctionsEPSS 0.2%CVE-2024-5596MEDIUMARMember Premium <= 6.7 - Cross-Site Request Forgery via multiple functionsEPSS 0.2%