Weaknesses of type CWE-352

5,738 results
CVE-2018-25327MEDIUMJoomla! Component Js Jobs 1.2.0 Cross-Site Request ForgeryEPSS 0.1%CVE-2025-55744MEDIUMUnoPim vulnerable to CSRF on Product edit feature and creation of other typesEPSS 0.1%CVE-2026-27609HIGHParse Dashboard Missing CSRF Protection on Agent EndpointEPSS 0.1%CVE-2026-39640CRITICALWordPress Theme Editor plugin <= 3.2 - Cross Site Request Forgery (CSRF) to Remote Code Execution vulnerabilityEPSS 0.1%CVE-2026-39617CRITICALWordPress Bluestreet theme <= 1.7.3 - Cross Site Request Forgery (CSRF) to Arbitrary Plugin Installation vulnerabilityEPSS 0.1%CVE-2024-53750HIGHWordPress PayPal Responder plugin <= 1.2 - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2025-23446HIGHWordPress WP SpaceContent plugin <= 0.4.5 - CSRF to Stored Cross Site Scripting (XSS) vulnerabilityEPSS 0.1%CVE-2026-27741MEDIUMBludit <= 3.16.1 CSRF in Plugin and Theme Management EndpointsEPSS 0.1%CVE-2025-46743MEDIUMCross-Site Request ForgeryEPSS 0.1%CVE-2025-28857HIGHWordPress Rankchecker.io Integration plugin <= 1.0.9 - CSRF to Stored Cross Site Scripting (XSS) vulnerabilityEPSS 0.1%CVE-2024-53755HIGHWordPress Third Party Cookie Eraser plugin <= 1.0.2 - CSRF to Cross Site Scripting (XSS) vulnerabilityEPSS 0.1%CVE-2026-39621HIGHWordPress SpicePress theme <= 2.3.2.5 - CSRF to Arbitrary Plugin Installation vulnerabilityEPSS 0.1%CVE-2024-53753HIGHWordPress CultBooking Hotel Booking Engine plugin <= 2.1 - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2025-47546HIGHWordPress WP Compress plugin <= 6.30.30 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2025-49895MEDIUMWordPress ServerBuddy by PluginBuddy.com plugin <= 1.0.5 - CSRF to PHP Object Injection vulnerabilityEPSS 0.1%CVE-2025-68052HIGHWordPress Eagle Booking plugin <= 1.3.4.3 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-28860HIGHWordPress Google News Editors Picks Feed Generator plugin <= 2.1 - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2025-14873MEDIUMLatePoint – Calendar Booking Plugin for Appointments and Events <= 5.2.5 - Cross-Site Request ForgeryEPSS 0.1%CVE-2025-28897HIGHWordPress Domain Theme plugin <= 1.3 - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2026-39620CRITICALWordPress Appointment theme <= 3.5.5 - Cross Site Request Forgery (CSRF) to Arbitrary File Upload vulnerabilityEPSS 0.1%