Weaknesses of type CWE-352
5,711 resultsCVE-2024-53472HIGHWeGIA v3.2.0 was discovered to contain a Cross-Site Request Forgery (CSRF).EPSS 0.3%CVE-2023-2277MEDIUMWP Directory Kit <= 1.1.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting via wdk_resultitemEPSS 0.3%CVE-2020-36065HIGHCross Site Request Forgery (CSRF) vulnerability in FlyCms 1.0 allows attackers to add arbitrary administrator accounts via system/admin/admiEPSS 0.3%CVE-2024-4929MEDIUMSourceCodester Simple Online Bidding System cross-site request forgeryEPSS 0.3%CVE-2022-2762MEDIUMAdminPad < 2.2 - Note Update via CSRFEPSS 0.3%CVE-2021-27758MEDIUMThere is a security vulnerability in login form related to Cross-site Request Forgery which prevents user to login after attacker spam to loEPSS 0.3%CVE-2023-6196HIGHAudio Merchant <= 5.0.4 - Cross-Site Request Forgery to Arbitrary File UploadEPSS 0.3%CVE-2022-3154—Multiple Plugins from Viszt Peter - Multiple CSRFEPSS 0.3%CVE-2022-45130MEDIUMPlesk Obsidian allows a CSRF attack, e.g., via the /api/v2/cli/commands REST API to change an Admin password. NOTE: Obsidian is a specific vEPSS 0.3%CVE-2024-8490HIGHPropertyHive <= 2.0.19 - Cross-Site Request Forgery via save_account_detailsEPSS 0.3%CVE-2022-2276—WP Edit Menu < 1.5.0 - Unauthenticated Arbitrary Post DeletionEPSS 0.3%CVE-2022-29430MEDIUMWordPress PNG to JPG plugin <= 4.0 - Cross-Site Request Forgery (CSRF) leading to Persistent Cross-Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2023-2405MEDIUMCRM and Lead Management by vcita <= 2.7.0 - Cross-Site Request Forgery to Stored Cross-Site ScriptingEPSS 0.3%CVE-2024-2817MEDIUMTenda AC15 SysToolRestoreSet fromSysToolRestoreSet cross-site request forgeryEPSS 0.3%CVE-2024-5428MEDIUMSourceCodester Simple Online Bidding System HTTP POST Request save_product cross-site request forgeryEPSS 0.3%CVE-2020-14369—This release fixes a Cross Site Request Forgery vulnerability was found in Red Hat CloudForms which forces end users to execute unwanted actEPSS 0.3%CVE-2024-26352HIGHflusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/add_places.phpEPSS 0.3%CVE-2023-49965MEDIUMSpaceX Starlink Wi-Fi router Gen 2 before 2023.48.0 allows XSS via the ssid and password parameters on the Setup Page.EPSS 0.3%CVE-2024-39680MEDIUMWordPress Cooked Plugin - Cross-Site Request Forgery to Default Recipe Template SaveEPSS 0.3%CVE-2022-36346MEDIUMWordPress MaxButtons plugin <= 9.2 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilitiesEPSS 0.3%