Weaknesses of type CWE-352
5,739 resultsCVE-2025-58878MEDIUMWordPress Woocommerce Gifts Product Plugin <= 1.0.0 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2025-25135HIGHWordPress Custom Links On Admin Dashboard Toolbar plugin <= 3.3 - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2025-25152HIGHWordPress Smart DoFollow plugin <= 1.0.2 - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2025-25140HIGHWordPress Simple User Profile plugin <= 1.9 - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2025-13685MEDIUMPhoto Gallery by Ays <= 6.4.8 - Cross-Site Request Forgery to Bulk ActionsEPSS 0.1%CVE-2025-25153HIGHWordPress Simple Auto Tag plugin <= 1.1 - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2025-62771HIGHMercku M6a devices through 2.1.0 allow password changes via intranet CSRF attacks.EPSS 0.1%CVE-2026-11148MEDIUMInappropriate implementation in Payments in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to leak cross-origin daEPSS 0.1%CVE-2026-40471CRITICALHackage CSRF vulnerabilityEPSS 0.1%CVE-2025-2797MEDIUMWoffice Core <= 5.4.21 - Cross-Site Request Forgery to User Registration ApprovalEPSS 0.1%CVE-2025-12416MEDIUMPagerank Tools <= 1.1.5 - Cross-Site Request Forgery to Stored Cross-Site ScriptingEPSS 0.1%CVE-2024-30154MEDIUMHCL SX is susceptible to a Cross-Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-9617MEDIUMPublish approval <= 1.1 - Cross-Site Request ForgeryEPSS 0.1%CVE-2025-25154HIGHWordPress Custom Comment Notifications plugin <= 1.0.8 - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2025-25139HIGHWordPress WP Custom Post RSS Feed plugin <= 1.0.0 - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2025-25071HIGHWordPress Vignette Ads plugin <= 0.2 - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2025-22637MEDIUMWordPress Print PDF Generator and Publisher plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-30986MEDIUMWordPress Elite Video Player plugin <= 10.0.5 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2025-62009MEDIUMWordPress UPC/EAN/GTIN Code Generator plugin <= 2.0.2 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2018-25152MEDIUMEcessa Edge EV150 10.7.4 Cross-Site Request Forgery via User ConfigurationEPSS 0.1%