Vulnerabilities (CVE)

Filtered by CWE-352
Total 7831 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-48243 2025-05-21 N/A 4.3 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in Bill Minozzi reCAPTCHA for all allows Cross Site Request Forgery. This issue affects reCAPTCHA for all: from n/a through 2.26.
CVE-2025-48238 2025-05-21 N/A 7.1 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in awcode AWcode Toolkit allows Stored XSS. This issue affects AWcode Toolkit: from n/a through 1.0.18.
CVE-2025-48342 2025-05-21 N/A 5.4 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in RedefiningTheWeb Dynamic Pricing & Discounts Lite for WooCommerce allows Cross Site Request Forgery. This issue affects Dynamic Pricing & Discounts Lite for WooCommerce: from n/a through 2.0.3.
CVE-2025-48284 2025-05-21 N/A 5.4 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in shohei.tanaka Japanized For WooCommerce allows Cross Site Request Forgery. This issue affects Japanized For WooCommerce: from n/a through 2.6.40.
CVE-2025-48285 2025-05-21 N/A 4.3 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in sbouey Falang multilanguage allows Cross Site Request Forgery. This issue affects Falang multilanguage: from n/a through 1.3.61.
CVE-2025-48265 2025-05-21 N/A 4.3 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in Pektsekye Year Make Model Search for WooCommerce allows Cross Site Request Forgery. This issue affects Year Make Model Search for WooCommerce: from n/a through 1.0.11.
CVE-2025-48264 2025-05-21 N/A 4.3 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in artiosmedia Product Code for WooCommerce allows Cross Site Request Forgery. This issue affects Product Code for WooCommerce: from n/a through 1.5.0.
CVE-2025-48344 2025-05-21 N/A 5.4 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in ed4becky Rootspersona allows Cross Site Request Forgery. This issue affects Rootspersona: from n/a through 3.7.5.
CVE-2025-48233 2025-05-21 N/A 7.1 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in affmngr Affiliates Manager Google reCAPTCHA Integration allows Stored XSS. This issue affects Affiliates Manager Google reCAPTCHA Integration: from n/a through 1.0.6.
CVE-2025-48259 2025-05-21 N/A 4.3 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in Juan Carlos WP Mapa Politico España allows Cross Site Request Forgery. This issue affects WP Mapa Politico España: from n/a through 3.8.0.
CVE-2025-39351 2025-05-21 N/A 4.3 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Restaurant WordPress allows Cross Site Request Forgery.This issue affects Grand Restaurant WordPress: from n/a through 7.0.
CVE-2025-39371 2025-05-21 N/A 4.3 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in Sanjeev Mohindra Author Box Plugin With Different Description allows Cross Site Request Forgery.This issue affects Author Box Plugin With Different Description: from n/a through 1.3.5.
CVE-2025-39375 2025-05-21 N/A 4.3 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in Ashok G Easy Child Theme Creator allows Cross Site Request Forgery.This issue affects Easy Child Theme Creator: from n/a through 1.3.1.
CVE-2025-43840 2025-05-21 N/A 7.1 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Ref CheckBot allows Stored XSS.This issue affects CheckBot: from n/a through 1.05.
CVE-2025-43835 2025-05-21 N/A 4.3 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in ktsvetkov allows Cross Site Request Forgery.This issue affects wp-cyr-cho: from n/a through 0.1.
CVE-2025-47583 2025-05-21 N/A 5.4 MEDIUM
Unauthenticated Cross Site Request Forgery (CSRF) in Salon booking system <= 10.16 versions.
CVE-2025-48340 2025-05-21 N/A 9.8 CRITICAL
Cross-Site Request Forgery (CSRF) vulnerability in Danny Vink User Profile Meta Manager allows Privilege Escalation.This issue affects User Profile Meta Manager: from n/a through 1.02.
CVE-2025-39374 2025-05-21 N/A 7.1 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in aseem1234 Best Posts Summary allows Stored XSS.This issue affects Best Posts Summary: from n/a through 1.0.
CVE-2025-5033 2025-05-21 5.0 MEDIUM 4.3 MEDIUM
A vulnerability classified as problematic was found in XiaoBingby TeaCMS 2.0.2. Affected by this vulnerability is an unknown functionality of the file src/main/java/me/teacms/controller/admin/UserManageController/addUser. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2022-3119 1 Oauth Client Single Sign On Project 1 Oauth Client Single Sign On 2025-05-21 N/A 7.5 HIGH
The OAuth client Single Sign On WordPress plugin before 3.0.4 does not have authorisation and CSRF when updating its settings, which could allow unauthenticated attackers to update them and change the OAuth endpoints to ones they controls, allowing them to then be authenticated as admin if they know the correct email address