Weaknesses of type CWE-352
5,742 resultsCVE-2025-31460HIGHWordPress OmniLeads Scripts and Tags Manager plugin <= 1.3 - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2026-34382MEDIUMAdmidio: Missing CSRF Protection on Custom List Deletion in mylist_function.phpEPSS 0.1%CVE-2025-31922HIGHWordPress CSS3 Accordions for WordPress plugin <= 3.0 - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2026-27659MEDIUMCSRF vulnerability in UpdateAccessControlPolicyActiveStatus endpointEPSS 0.1%CVE-2025-54703MEDIUMWordPress Integrate Google Drive plugin <= 1.5.2 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2026-49396HIGHNezha Monitoring: Cross-site GET request can trigger stored cron commands on a victim's agentsEPSS 0.1%CVE-2025-31458HIGHWordPress Video Embedder plugin <= 1.7.1 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerabilityEPSS 0.1%CVE-2026-57635MEDIUMWordPress FunnelKit Payment Gateway for Stripe WooCommerce plugin <= 1.14.0.3 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-62886HIGHWordPress Pricing Table builder plugin <= 1.5.3 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-31435HIGHWordPress Microblog Poster plugin <= 2.1.6 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerabilityEPSS 0.1%CVE-2025-14976MEDIUMUser Registration & Membership <= 4.4.8 - Cross-Site Request Forgery to Arbitrary Post DeletionEPSS 0.1%CVE-2025-31459HIGHWordPress Login Alert plugin <= 0.2.1 - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2025-31443HIGHWordPress KK I Like It plugin <= 1.7.5.3 - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2025-13365MEDIUMWP Hallo Welt <= 1.4. - Cross-Site Request Forgery to Stored Cross-Site ScriptingEPSS 0.1%CVE-2025-62005HIGHWordPress SUMO Memberships for WooCommerce plugin < 7.8.0 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-31613HIGHWordPress AB Google Map Travel plugin <= 4.6 - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2025-31616HIGHWordPress Varnish WordPress plugin <= 1.7 - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2026-24554MEDIUMWordPress WPSubscription plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2026-8417HIGHConcrete CMS 9.5.0 and below is vulnerable to CSRF in do_update() in the package update controllerEPSS 0.1%CVE-2025-12072MEDIUMDisable Content Editor For Specific Template <= 2.0 - Cross-Site Request Forgery to Template Configuration UpdateEPSS 0.1%