Weaknesses of type CWE-352

5,743 results
CVE-2025-12069MEDIUMWP Global Screen Options <= 0.2 - Cross-Site Request Forgery to Screen Options UpdateEPSS 0.1%CVE-2026-34904HIGHWordPress Simple Social Media Share Buttons plugin <= 6.2.0 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2021-41074MEDIUMA CSRF issue in index.php in QloApps hotel eCommerce 1.5.1 allows an attacker to change the admin's email address via a crafted HTML documenEPSS 0.1%CVE-2025-12072MEDIUMDisable Content Editor For Specific Template <= 2.0 - Cross-Site Request Forgery to Template Configuration UpdateEPSS 0.1%CVE-2026-8417HIGHConcrete CMS 9.5.0 and below is vulnerable to CSRF in do_update() in the package update controllerEPSS 0.1%CVE-2025-48357MEDIUMWordPress Century ToolKit plugin <= 1.2.1 - Cross Site Request Forgery (CSRF) to Arbitrary Plugin Activation vulnerabilityEPSS 0.1%CVE-2025-10691MEDIUMEasy Email Subscription <= 1.3 - Cross-Site Request Forgery to Arbitrary Subscriber DeletionEPSS 0.1%CVE-2025-12132MEDIUMWP Custom Admin Login Page Logo <= 1.4.8.4 - Cross-Site Request Forgery to Settings UpdateEPSS 0.1%CVE-2025-12188MEDIUMPosts Navigation Links for Sections and Headings - Free by WP Masters <= 1.0.1 - Cross-Site Request Forgery to Settings UpdateEPSS 0.1%CVE-2026-24597MEDIUMWordPress Organization chart plugin <= 1.7.5 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-49865MEDIUMWordPress Advanced Settings plugin <= 3.0.1 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2025-53568MEDIUMWordPress Radio Station plugin <= 2.5.12 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2025-69238MEDIUMCross-Site Request Forgery in Raytha CMSEPSS 0.1%CVE-2025-52711MEDIUMWordPress Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin <= 1.27.8 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2025-10930MEDIUMCurrency - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-110EPSS 0.1%CVE-2026-45430HIGHThe Salesforce module before 1.x-1.0.1 for Backdrop CMS does not properly use a random state parameter to protect the authorization flow agaEPSS 0.1%CVE-2025-49856MEDIUMWordPress Responsive Plus plugin <= 3.2.2 - Cross Site Request Forgery (CSRF) to Settings Change vulnerabilityEPSS 0.1%CVE-2025-46257MEDIUMWordPress Element Pack Pro Plugin < 8.0.0 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-10188MEDIUMThe Hack Repair Guy's Plugin Archiver <= 2.0.4 - Cross-Site Request Forgery to Arbitrary Directory Deletion in /wp-contentEPSS 0.1%CVE-2025-49069MEDIUMWordPress Contact Forms by Cimatti plugin <= 1.9.8 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%