Weaknesses of type CWE-352
5,738 resultsCVE-2026-30868MEDIUMCross-Site Request Forgery (CSRF) in opnsense/coreEPSS 0.1%CVE-2026-40883MEDIUMgoshs: CSRF in state-changing GET routes enables authenticated file deletion and directory creationEPSS 0.1%CVE-2025-9892MEDIUMRestrict User Registration <= 1.0.1 - Cross-Site Request Forgery to Settings UpdateEPSS 0.1%CVE-2025-28861HIGHWordPress WP jQuery Persian Datepicker plugin <= 0.1.0 - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2024-53754HIGHWordPress Out Of Stock Badge plugin <= 2.0 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2026-39619CRITICALWordPress Busiprof theme <= 2.5.2 - Cross Site Request Forgery (CSRF) to Arbitrary File Upload vulnerabilityEPSS 0.1%CVE-2024-13261LOWAcquia DAM - Moderately critical - Cross Site Request Forgery, Denial of Service - SA-CONTRIB-2024-025EPSS 0.1%CVE-2025-12401MEDIUMLabel Plugins <= 0.5 - Cross-Site Request Forgery to Stored Cross-Site ScriptingEPSS 0.1%CVE-2025-7669MEDIUMAvishi WP PayPal Payment Button <= 2.0 - Cross-Site Request Forgery to Stored Cross-Site ScriptingEPSS 0.1%CVE-2025-3284MEDIUMUser Registration & Membership PRO – Custom Registration Form, Login Form, and User Profile <= 5.1.3 - Cross-Site Request Forgery to User DeletionEPSS 0.1%CVE-2025-69634CRITICALCross Site Request Forgery vulnerability in Dolibarr ERP & CRM v.22.0.9 allows a remote attacker to escalate privileges via the notes field EPSS 0.1%CVE-2025-12415MEDIUMMapMap <= 1.1 - Cross-Site Request Forgery to Settings Update and Stored Cross-Site ScriptingEPSS 0.1%CVE-2026-57759HIGHWordPress ProfileGrid plugin <= 5.9.9.7 - CSRF to Account Takeover vulnerabilityEPSS 0.1%CVE-2025-46251HIGHWordPress VikRestaurants Table Reservations and Take-Away plugin <= 1.3.3 - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2025-12410MEDIUMSH Contextual Help <= 3.2.1 - Cross-Site Request Forgery to Stored Cross-Site ScriptingEPSS 0.1%CVE-2025-60535HIGHA Cross-Site Request Forgery (CSRF) in the component /endpoints/currency/currency of Wallos v4.1.1 allows attackers to execute arbitrary opeEPSS 0.1%CVE-2026-8409LOWConcrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/logs/deleteEPSS 0.1%CVE-2026-25812CRITICALPlaciPy is Missing CSRF Protection on State-Changing EndpointsEPSS 0.1%CVE-2020-36918MEDIUMiDS6 DSSPro Digital Signage System 6.2 Cross-Site Request Forgery via User ManagementEPSS 0.1%CVE-2025-12400MEDIUMLMB^Box Smileys <= 3.2 - Cross-Site Request Forgery to Stored Cross-Site ScriptingEPSS 0.1%