Weaknesses of type CWE-352

5,738 results
CVE-2025-12588MEDIUMUSB Qr Code Scanner For Woocommerce <= 1.0.0 - Cross-Site Request Forgery to Settings UpdateEPSS 0.1%CVE-2025-7965MEDIUMCBX Restaurant Booking <= 1.2.1 - Plugin Reset via CSRFEPSS 0.1%CVE-2025-46249MEDIUMWordPress Simple calendar for Elementor plugin <= 1.6.4 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2016-20053MEDIUMRedaxo CMS 5.2 Cross-Site Request Forgery via users endpointEPSS 0.1%CVE-2025-22589HIGHWordPress Quote Tweet plugin <= 0.7 - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2025-9946MEDIUMLockerPress – WordPress Security Plugin <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site ScriptingEPSS 0.1%CVE-2025-46243MEDIUMWordPress Recover abandoned cart for WooCommerce plugin <= 2.2 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2025-22814HIGHWordPress Zephyr Admin Theme Plugin <= 1.4.1 - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2025-46245MEDIUMWordPress CM Ad Changer plugin <= 2.0.5 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2025-46246MEDIUMWordPress CM Answers plugin <= 3.3.3 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2025-24289HIGHA Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) vulnerability in the UCRM Client Signup Plugin (v1.3.4 and earlierEPSS 0.1%CVE-2025-22325HIGHWordPress Autocompleter plugin <= 1.3.5.2 - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2025-22328HIGHWordPress Elevio plugin <= 4.4.1 - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2026-24434MEDIUMTenda AC7 Web Interface Lacks CSRF Protections for Admin ActionsEPSS 0.1%CVE-2026-10552MEDIUMBlue Captcha <= 2.0.1 - Cross-Site Request Forgery via 'blcap_action' ParameterEPSS 0.1%CVE-2019-25259MEDIUMLeica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 Cross-Site Request ForgeryEPSS 0.1%CVE-2020-37241MEDIUMbloofoxCMS 0.5.2.1 Cross-Site Request Forgery via user addEPSS 0.1%CVE-2025-22582HIGHWordPress Uptime Robot plugin <= 0.1.3 - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2025-22336HIGHWordPress Wizhi Multi Filters by Wenprise plugin <= 1.8.6 - CSRF to Stored Cross Site Scripting (XSS) vulnerabilityEPSS 0.1%CVE-2026-34171HIGHCoolify: Account takeover via CSRF-able GET endpoint that resets password to attacker-known valueEPSS 0.1%