Weaknesses of type CWE-352
5,743 resultsCVE-2025-10930MEDIUMCurrency - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-110EPSS 0.1%CVE-2026-0502MEDIUMCross Site Request Forgery (CSRF) in SAP BusinessObjects Business Intelligence PlatformEPSS 0.1%CVE-2025-49069MEDIUMWordPress Contact Forms by Cimatti plugin <= 1.9.8 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2024-54172MEDIUMIBM Sterling B2B Integrator and IBM Sterling File Gateway cross-site request forgeryEPSS 0.1%CVE-2026-41194MEDIUMFreeScout's Mailbox OAuth disconnect uses a state-changing GET and is CSRFableEPSS 0.1%CVE-2026-2723MEDIUMPost Snippits <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via Settings UpdateEPSS 0.1%CVE-2025-64499MEDIUMTuleap is missing CSRF protections for its planning management APIEPSS 0.1%CVE-2025-53271HIGHWordPress Additional Order Filters for WooCommerce plugin <= 1.22 - Cross Site Request Forgery (CSRF) to Stored XSS VulnerabilityEPSS 0.1%CVE-2025-46495MEDIUMWordPress Drop Caps plugin <= 2.1 - CSRF to XSS vulnerabilityEPSS 0.1%CVE-2026-48612HIGHImproper state verification in the OAuth implementation could allow an attacker to manipulate the authentication flow and cause a victim’s aEPSS 0.1%CVE-2026-22355HIGHWordPress Simple XML Sitemap plugin <= 1.3 - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2025-53274HIGHWordPress WP Permalink Translator plugin <= 1.7.6 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2026-7561MEDIUMTm – WordPress Redirection <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site ScriptingEPSS 0.1%CVE-2025-62061MEDIUMWordPress Product Catalog Simple plugin <= 1.8.4 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2026-6702MEDIUMPublish 2 Ping.fm <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'wpPingPingKey' ParameterEPSS 0.1%CVE-2026-8910MEDIUMWP Emoticon Rating <= 1.0.1 - Cross-Site Request Forgery to Reflected Cross-Site Scripting via 'emo_settings' ParameterEPSS 0.1%CVE-2026-44548HIGHChurchCRM: CSRF via legacy GET-delete pages (FundRaiserDelete.php, PropertyTypeDelete.php, NoteDelete.php)EPSS 0.1%CVE-2026-8906MEDIUMWP Promoter <= 1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'popup_width' ParameterEPSS 0.1%CVE-2025-58272LOWCross-site request forgery vulnerability exists in Web Caster V130 versions 1.08 and earlier. If a logged-in user views a malicious page creEPSS 0.1%CVE-2026-8907MEDIUMWP-Ultimate-Map <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'zoom-level' ParameterEPSS 0.1%