Weaknesses of type CWE-352
5,736 resultsCVE-2026-24666MEDIUMOpen eClass is Vulnerable to CSRF in Teacher-Restricted Endpoints Allows Unauthorized ActionsEPSS 0.2%CVE-2025-9949MEDIUMInternal Links Manager <= 3.0.1 - Cross-Site Request ForgeryEPSS 0.2%CVE-2025-9948MEDIUMChat by Chatwee <= 2.1.3 - Cross-Site Request Forgery to Settings UpdateEPSS 0.2%CVE-2025-9621MEDIUMWidgetPack Comment System <= 1.6.1 - Cross-Site Request ForgeryEPSS 0.2%CVE-2021-47946MEDIUMOpenCart 3.0.3.6 Account Takeover via Cross Site Request ForgeryEPSS 0.2%CVE-2025-9635MEDIUMAnalytics Reduce Bounce Rate <= 2.3 - Cross-Site Request ForgeryEPSS 0.2%CVE-2025-8102MEDIUMEasy Digital Downloads <= 3.5.0 - Cross-Site Request Forgery to Plugin Deactivation via edd_sendwp_disconnect and edd_sendwp_remote_install FunctionsEPSS 0.2%CVE-2025-24537MEDIUMWordPress The Events Calendar plugin <= 6.7.0 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-14167MEDIUMRemove Post Type Slug <= 1.0.2 - Cross-Site Request Forgery to Settings UpdateEPSS 0.2%CVE-2024-11336MEDIUMClickbank WordPress Plugin (Storefront) <= 1.7 - Cross-Site Request Forgery to Stored Cross-Site ScriptingEPSS 0.2%CVE-2025-25146MEDIUMWordPress Songkick Concerts and Festivals plugin <= 0.9.7 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-9628MEDIUMThe integration of the AMO.CRM <= 1.0.1 - Cross-Site Request ForgeryEPSS 0.2%CVE-2026-3140MEDIUMUltimate Dashboard <= 3.8.14 - Cross-Site Request Forgery to Module Activation/DeactivationEPSS 0.2%CVE-2025-9631MEDIUMAutoCatSet <= 2.1.4 - Cross-Site Request ForgeryEPSS 0.2%CVE-2025-9623MEDIUMAdmin in English with Switch <= 1.1 - Cross-Site Request ForgeryEPSS 0.2%CVE-2025-10498MEDIUMNinja Forms – The Contact Form Builder That Grows With You <= 3.12.0 - Cross-Site Request Forgery to Limited File DeletionEPSS 0.2%CVE-2026-21430HIGHEmlog: CSRF chained with stored XSS leads to ATOEPSS 0.2%CVE-2025-42616HIGHCSRF vulnerability in CIRCL Vulnerability-LookupEPSS 0.2%CVE-2025-24538MEDIUMWordPress BuddyPress Groups Extras plugin <= 3.6.10 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-8491MEDIUMEasy restaurant menu manager <= 2.0.2 - Cross-Site Request Forgery to Menu UploadEPSS 0.2%