CWE-352
Medium likelihoodCross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
9,302 vulnerabilities with CWE-352
CVE-2026-7533
MEDIUM
Easy Digital Downloads <= 3.6.7 - Cross-Site Request Forgery to Payment Account Hijacking via 'square_tokens' Parameter
CVSS 4.3
CVE-2026-48147
MEDIUM
Budibase: Unanchored Regex in `matchers.ts` Allows CSRF Bypass via Query String Injection in Budibase Worker
CVSS 6.5
CVE-2026-9674
MEDIUM
Jenkins Multijob Plugin < 662.vd2e0001f6b_b_d - Cross-Site Request Forgery (CSRF)
CVSS 4.3
CVE-2026-48925
MEDIUM
Jenkins GitHub Integration Plugin < 0.7.3 - Cross-Site Request Forgery (CSRF)
CVSS 4.3
CVE-2026-30498
MEDIUM
Jason2605 AdminPanel 4.0 - Cross-Site Request Forgery via delete.php Endpoint
CVSS 6.3
CVE-2026-8942
MEDIUM
MetaMagic SEO Plugin <= 1.6 - Cross-Site Request Forgery to Plugin Settings Update via Settings Page
CVSS 4.3
CVE-2026-8906
MEDIUM
WP Promoter <= 1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'popup_width' Parameter
CVSS 6.1
CVE-2026-49001
MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in ZTE ZXUniPOS NDS-LTE product
CVSS 5.3
CVE-2026-8943
MEDIUM
GoStats for WordPress <= 1.4 - Cross-Site Request Forgery via gostats_manage() Function
CVSS 4.3
CVE-2026-8941
MEDIUM
CDN Linker lite <= 1.3.1 - Cross-Site Request Forgery to Plugin Settings Update
CVSS 4.3
CVE-2026-8939
MEDIUM
Search Simple Fields <= 0.2 - Cross-Site Request Forgery to Plugin Settings Update
CVSS 4.3
CVE-2026-8938
MEDIUM
auto making JSON-LD <= 4.5.3 - Cross-Site Request Forgery to Plugin Certification Settings via Nonce Validation Bypass
CVSS 4.3
CVE-2026-8911
MEDIUM
WP AutoBuzz <= 1.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'googleAccount' Parameter
CVSS 6.1
CVE-2026-8903
MEDIUM
Two-factor authentication (formerly IP Vault) <= 2.1 - Cross-Site Request Forgery to Settings Update
CVSS 4.3
CVE-2026-8708
MEDIUM
Genzel breadcrumbs <= 1.2 - Cross-Site Request Forgery to Settings Update via Plugin Settings Page
CVSS 4.3
CVE-2026-7614
MEDIUM
Old Posts Highlighter <= 1.0.3 - Cross-Site Request Forgery to Settings Update
CVSS 4.3
CVE-2026-9236
MEDIUM
CM Ad Changer <= 2.0.7 - Cross-Site Request Forgery to Campaign Deletion via Campaign Management
CVSS 4.3
CVE-2026-9582
MEDIUM
SourceCodester CET Automated Grading System with AI Predictive Analytics cross-site request forgery
CVSS 4.3
CVE-2026-35220
MEDIUM
Joomla! Core - [20260505] - CSRF in user activation endpoint
CVSS 4.3
CVE-2026-46620
MEDIUM
e107: CSRF in comment.php moderation endpoints via token-optional validation in session_handler::check()
CVSS 6.5
CVE-2026-8174
MEDIUM
Zohocorp Zoho Mail wordpress plugin - Cross-Site Request Forgery
CVSS 5.7
CVE-2026-39436
HIGH
WordPress CformsII plugin <= 15.1.3 - Cross Site Request Forgery (CSRF) vulnerability
CVSS 7.1
CVE-2026-24554
MEDIUM
WordPress WPSubscription plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) vulnerability
CVSS 4.3
CVE-2026-24597
MEDIUM
WordPress Organization chart plugin <= 1.7.5 - Cross Site Request Forgery (CSRF) vulnerability
CVSS 4.3
CVE-2026-24574
MEDIUM
WordPress Export WP Page to Static HTML/CSS plugin <= 6.0.0 - Cross Site Request Forgery (CSRF) vulnerability
CVSS 6.5
Details
Vulnerabilities
9,302
Exploit Likelihood
Medium