Weaknesses of type CWE-352
5,739 resultsCVE-2025-39442HIGHWordPress Review Wave – Google Places Reviews plugin <= 1.4.7 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-39455HIGHWordPress IP2Location Variables plugin <= 2.9.5 - CSRF to Cross Site Scripting (XSS) vulnerabilityEPSS 0.1%CVE-2025-54675MEDIUMWordPress YITH WooCommerce Popup Plugin plugin <= 1.48.0 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2025-28883HIGHWordPress WP Compare Tables plugin <= 1.0.5 - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2025-66531MEDIUMWordPress Salon booking system plugin <= 10.30.3 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-39424HIGHWordPress Simple Maps plugin <= 0.98 - CSRF to XSS vulnerabilityEPSS 0.1%CVE-2025-28922HIGHWordPress Go To Top plugin <= 0.0.8 - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2025-32655HIGHWordPress Restrict User Registration plugin <= 1.0.1 - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2025-39440HIGHWordPress Broken Links Remover plugin <= 1.2.2 - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2025-28923HIGHWordPress No Disposable Email plugin <= 2.5.1 - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2026-5923MEDIUMPoly Voice – Potential Unauthorized Modification of WebUI using CSRF AttackEPSS 0.1%CVE-2025-28894HIGHWordPress List of Posts from each Category plugin for WordPress plugin <= 2.0 - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2025-63952MEDIUMA Cross-Site Request Forgery (CSRF) in the /mwapi?method=add-user component of Magewell Pro Convert v1.2.213 allows attackers to arbitrarilyEPSS 0.1%CVE-2026-57751HIGHWordPress Heateor Social Login plugin <= 1.1.39 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-32546HIGHWordPress All push notification for WP Plugin <= 1.5.3 - CSRF to Reflected Cross Site Scripting (XSS) vulnerabilityEPSS 0.1%CVE-2025-39419HIGHWordPress Revision Diet plugin <= 1.0.1 - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2025-39416HIGHWordPress translit it! plugin <= 1.6 - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2025-36422MEDIUMIBM InfoSphere Information Server is vulnerable to cross-site request forgeryEPSS 0.1%CVE-2025-39417HIGHWordPress Redirect wordpress to welcome or landing page plugin <= 2.0 - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2025-28931HIGHWordPress WordPress Hashtags plugin <= 0.3.2 - CSRF to Stored XSS vulnerabilityEPSS 0.1%