Weaknesses of type CWE-352
5,738 resultsCVE-2024-46872MEDIUMClient-Side Path Traversal Leading to CSRF in PlaybooksEPSS 0.1%CVE-2025-9632MEDIUMPhpList Subber <= 1.1 - Cross-Site Request ForgeryEPSS 0.1%CVE-2025-57927MEDIUMWordPress Dashboard Notepad Plugin <= 1.42 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2024-56232HIGHWordPress WP Nice Loader plugin <= 0.1.0.4 - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2025-9880MEDIUMSide Slide Responsive Menu <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site ScriptingEPSS 0.1%CVE-2025-27357MEDIUMWordPress Önceki Yazı Link Plugin <= 1.3 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-46547MEDIUMIn Sherpa Orchestrator 141851, the web application lacks protection against CSRF attacks, with resultant effects of an attacker conducting XEPSS 0.1%CVE-2025-61547MEDIUMCross-Site Request Forgery (CSRF) is present on all functions in edu Business Solutions Print Shop Pro WebDesk version 18.34 (fixed in 19.76EPSS 0.1%CVE-2026-4590LOWkalcaddle kodbox loginSubmit API index.class.php cross-site request forgeryEPSS 0.1%CVE-2025-70811MEDIUMCross Site Request Forgery vulnerability in Phpbb phbb3 v.3.3.15 allows a local attacker to execute arbitrary code via the Admin Control PanEPSS 0.1%CVE-2025-22705HIGHWordPress Disqus Popular Posts plugin <= 2.1.1 - CSRF to Reflected Cross Site Scripting (XSS) vulnerabilityEPSS 0.1%CVE-2025-7965MEDIUMCBX Restaurant Booking <= 1.2.1 - Plugin Reset via CSRFEPSS 0.1%CVE-2025-12588MEDIUMUSB Qr Code Scanner For Woocommerce <= 1.0.0 - Cross-Site Request Forgery to Settings UpdateEPSS 0.1%CVE-2024-23736HIGHCross Site Request Forgery (CSRF) vulnerability in savignano S/Notify before 4.0.2 for Confluence allows attackers to manipulate a user's S/EPSS 0.1%CVE-2025-54033MEDIUMWordPress Theme Builder For Elementor plugin <= 1.2.3 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2025-54536MEDIUMIn JetBrains TeamCity before 2025.07 a CSRF was possible on GraphQL endpointEPSS 0.1%CVE-2025-54528MEDIUMIn JetBrains TeamCity before 2025.07 a CSRF was possible in GitHub App connection flowEPSS 0.1%CVE-2024-56218MEDIUMWordPress Contact Form 7 - Dynamic Text Extension plugin <= 5.0.1 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-50179MEDIUMTuleap missing CSRF protection on tracker reports manipulationEPSS 0.1%CVE-2025-60645MEDIUMA Cross-Site Request Forgery (CSRF) in xxl-api v1.3.0 allows attackers to arbitrarily add users to the management module via a crafted GET rEPSS 0.1%