Weaknesses of type CWE-352
5,733 resultsCVE-2025-28884MEDIUMWordPress WP Bulk Post Duplicator plugin <= 1.2 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-58856MEDIUMWordPress Woocommerce Notify Updated Product Plugin <= 1.6 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.2%CVE-2025-28927MEDIUMWordPress Display Template Name plugin <= 1.7.1 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-22297MEDIUMWordPress AI WP Writer plugin <= 3.8.4.4 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-28887MEDIUMWordPress Plugins Last Updated Column plugin <= 0.1.3 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-43339MEDIUMWordPress WordPress Webinar Plugin – WebinarPress plugin <= 1.33.20 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-23617HIGHWordPress Floatbox Plus plugin <= 1.4.4 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-27316MEDIUMWordPress JPG, PNG Compression and Optimization Plugin <= 1.7.35 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-0808MEDIUMHouzez Property Feed <= 2.4.21 - Cross-Site Request Forgery to Property Feed Export DeletionEPSS 0.2%CVE-2024-49629HIGHWordPress Endless Posts Navigation plugin <= 2.2.7 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-28940MEDIUMWordPress Back To Top Plugin <= 2.0 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-27290MEDIUMWordPress Select Erima Zarinpal Donate Plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2026-24408NONEsigstore has CSRF possibility in OIDC authentication during signingEPSS 0.2%CVE-2025-57946MEDIUMWordPress payOS plugin <= 1.0.73 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2026-6589MEDIUMComfyUI server.py create_origin_only_middleware cross-site request forgeryEPSS 0.2%CVE-2024-38776HIGHWordPress WP GoToWebinar plugin <= 15.7 - CSRF to XSS vulnerabilityEPSS 0.2%CVE-2025-53451MEDIUMWordPress Mihdan: No External Links Plugin <= 5.1.6.2 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.2%CVE-2024-48341LOWdingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/doAdminAction.php?act=addShopEPSS 0.2%CVE-2025-28886MEDIUMWordPress REST API TO MiniProgram plugin <= 5.1.2 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-28902MEDIUMWordPress Contact Form 7 Select Box Editor Button plugin <= 0.6 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%