Weaknesses of type CWE-352
5,738 resultsCVE-2016-20053MEDIUMRedaxo CMS 5.2 Cross-Site Request Forgery via users endpointEPSS 0.1%CVE-2026-34171HIGHCoolify: Account takeover via CSRF-able GET endpoint that resets password to attacker-known valueEPSS 0.1%CVE-2025-22343HIGHWordPress wpSOL plugin <= 1.2.0 - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2025-22589HIGHWordPress Quote Tweet plugin <= 0.7 - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2025-24289HIGHA Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) vulnerability in the UCRM Client Signup Plugin (v1.3.4 and earlierEPSS 0.1%CVE-2025-22342HIGHWordPress WP Simple Sitemap plugin <= 0.2 - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2026-43985HIGHTaultulli has CSRF in /configUpdate via missing anti-CSRF and method restriction that allows admin credential takeoverEPSS 0.1%CVE-2025-53314CRITICALWordPress WP Optimizer plugin <= 2.5.0 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2019-25259MEDIUMLeica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 Cross-Site Request ForgeryEPSS 0.1%CVE-2025-27353MEDIUMWordPress Namaste! LMS Plugin <= 2.6.5 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-27342MEDIUMWordPress WooCommerce Recargo de Equivalencia Plugin <= 1.6.24 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-32276MEDIUMWordPress Administrator Z plugin <= 2026.03.02 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-27851CRITICALThe locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows a cross-site origin WebSocket hijacking attack. Among other uses,EPSS 0.1%CVE-2025-27339MEDIUMWordPress Minimum Password Strength Plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2018-25334MEDIUMZechat 1.5 Cross-Site Request Forgery (CSRF) via hashtag parameterEPSS 0.1%CVE-2025-32282MEDIUMWordPress ShareThis Dashboard for Google Analytics plugin <= 3.2.3 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2026-8911MEDIUMWP AutoBuzz <= 1.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'googleAccount' ParameterEPSS 0.1%CVE-2026-9724MEDIUMMotorDesk <= 1.1.2 - Cross-Site Request Forgery to Settings UpdateEPSS 0.1%CVE-2025-32264MEDIUMWordPress UltraAddons – Elementor Addons plugin <= 2.0.2 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-31888MEDIUMWordPress WP Multi Store Locator Plugin <= 2.5.2 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%