Weaknesses of type CWE-352
5,744 resultsCVE-2025-48309HIGHWordPress BetPress plugin <= 1.0.1 Lite - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2025-48311HIGHWordPress Invisible Optin plugin <= 1.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerabilityEPSS 0.1%CVE-2026-35266HIGHVulnerability in Oracle REST Data Services (component: Core). Supported versions that are affected are 24.2.0-26.1.0. Difficult to exploit EPSS 0.1%CVE-2026-48147MEDIUMBudibase: Unanchored Regex in `matchers.ts` Allows CSRF Bypass via Query String Injection in Budibase WorkerEPSS 0.1%CVE-2025-62950MEDIUMWordPress Contest Gallery plugin <= 28.0.0 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-66064MEDIUMWordPress Giveaways and Contests by RafflePress plugin <= 1.12.20 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2026-34460MEDIUMNamelessMC: OAuth callback `state` is not validated, allowing login CSRF / session swappingEPSS 0.1%CVE-2026-40929MEDIUMWWBN AVideo's missing CSRF protection in objects/commentDelete.json.php enables mass comment deletion against moderators and content creatorsEPSS 0.1%CVE-2025-52789HIGHWordPress Lewe ChordPress plugin <= 4.0.1 - Cross Site Request Forgery (CSRF) to Stored XSS VulnerabilityEPSS 0.1%CVE-2025-52784HIGHWordPress Bluff Post plugin <= 1.1.1 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2025-52794HIGHWordPress Creative Contact Form plugin <= 1.0.0 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2025-52793HIGHWordPress Esselink.nu Settings plugin <= 4.5 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2022-47150MEDIUMWordPress WooCommerce Conversion Tracking plugin <= 2.0.10 - Cross-Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-62945HIGHWordPress Did Prestashop Display plugin <= 1.0.30 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-52792HIGHWordPress WP User Stylesheet Switcher plugin <= v2.2.0 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2025-12452MEDIUMVisit Counter 1.0 - Cross-Site Request Forgery to Stored Cross-Site ScriptingEPSS 0.1%CVE-2025-65203HIGHKeePassXC-Browser thru 1.9.9.2 autofills or prompts to fill stored credentials into documents rendered under a browser-enforced CSP directivEPSS 0.1%CVE-2025-58918MEDIUMWordPress Entrada theme <= 5.7.7 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-52783HIGHWordPress Change Cart button Colors WooCommerce plugin <= 1.0 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2025-36018MEDIUMMultiple Vulnerabilities in IBM Concert Software.EPSS 0.1%