Weaknesses of type CWE-352
5,736 resultsCVE-2024-53729HIGHWordPress Blizzard Quotes plugin <= 1.3 - CSRF to Stored Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2025-5932MEDIUMHomerunner <= 1.0.30 - Cross-Site Request Forgery to Settings UpdateEPSS 0.2%CVE-2026-9674MEDIUMA cross-site request forgery (CSRF) vulnerability in Jenkins Multijob Plugin 662.vd2e0001f6b_b_d and earlier allows attackers to resume failEPSS 0.2%CVE-2024-53781HIGHWordPress SpatialMatch IDX plugin <= 3.0.9 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2024-53779HIGHWordPress Yahoo! WebPlayer plugin <= 2.0.6 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-54022MEDIUMWordPress Coupon Affiliates plugin <= 6.4.0 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.2%CVE-2024-51688HIGHWordPress FraudLabs Pro SMS Verification plugin <= 1.10.1 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2024-53780HIGHWordPress Load More Posts plugin <= 1.5.0 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2024-42504MEDIUMHPE IceWall Agent products, Cross-Site Request Forgery (CSRF)EPSS 0.2%CVE-2024-43301HIGHWordPress Fonts plugin <= 3.7.7 - Cross Site Request Forgery (CSRF) to Stored XSSvulnerabilityEPSS 0.2%CVE-2024-53769HIGHWordPress Custom Post Type to Map Store plugin <= 1.1.0 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2024-53765HIGHWordPress Mins To Read plugin <= 1.2.2 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2026-11155MEDIUMInappropriate implementation in CSS in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafteEPSS 0.2%CVE-2024-53777HIGHWordPress Simple Header and Footer plugin <= 1.0.0 - CSRF to Stored Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2026-57290MEDIUMA cross-site request forgery (CSRF) vulnerability in Jenkins Priority Sorter Plugin 936.v2c01c6b_84449 and earlier allows attackers to overwEPSS 0.2%CVE-2026-40325HIGHMasa CMS CSRF in content restoration allows unauthorized restoration of deleted contentEPSS 0.2%CVE-2026-3140MEDIUMUltimate Dashboard <= 3.8.14 - Cross-Site Request Forgery to Module Activation/DeactivationEPSS 0.2%CVE-2025-14167MEDIUMRemove Post Type Slug <= 1.0.2 - Cross-Site Request Forgery to Settings UpdateEPSS 0.2%CVE-2025-24537MEDIUMWordPress The Events Calendar plugin <= 6.7.0 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-9635MEDIUMAnalytics Reduce Bounce Rate <= 2.3 - Cross-Site Request ForgeryEPSS 0.2%