CWE-352
Medium likelihoodCross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
9,119 vulnerabilities with CWE-352
CVE-2026-39710
MEDIUM
WordPress RT-Theme 18 | Extensions plugin <= 2.5 - Cross Site Request Forgery (CSRF) vulnerability
CVSS 5.4
CVE-2026-39671
HIGH
WordPress Extra Fees Plugin for WooCommerce plugin <= 4.3.3 - Cross Site Request Forgery (CSRF) vulnerability
CVSS 7.1
CVE-2026-39641
MEDIUM
WordPress Blackfyre theme <= 2.5.4 - Cross Site Request Forgery (CSRF) vulnerability
CVSS 6.5
CVE-2026-39640
CRITICAL
WordPress Theme Editor plugin <= 3.2 - Cross Site Request Forgery (CSRF) to Remote Code Execution vulnerability
CVSS 9.6
CVE-2026-39635
MEDIUM
WordPress Grand Magazine theme <= 3.5.5 - Cross Site Request Forgery (CSRF) vulnerability
CVSS 5.4
CVE-2026-39634
MEDIUM
WordPress Grand Portfolio theme <= 3.3 - Cross Site Request Forgery (CSRF) vulnerability
CVSS 5.4
CVE-2026-39633
MEDIUM
WordPress Grand Car Rental theme <= 3.6.9 - Cross Site Request Forgery (CSRF) vulnerability
CVSS 6.5
CVE-2026-39632
MEDIUM
WordPress Grand Blog theme <= 3.1 - Cross Site Request Forgery (CSRF) vulnerability
CVSS 6.5
CVE-2026-39621
HIGH
WordPress SpicePress theme <= 2.3.2.5 - CSRF to Arbitrary Plugin Installation vulnerability
CVSS 8.8
CVE-2026-39620
CRITICAL
WordPress Appointment theme <= 3.5.5 - Cross Site Request Forgery (CSRF) to Arbitrary File Upload vulnerability
CVSS 9.6
CVE-2026-39619
CRITICAL
WordPress Busiprof theme <= 2.5.2 - Cross Site Request Forgery (CSRF) to Arbitrary File Upload vulnerability
CVSS 9.6
CVE-2026-39618
MEDIUM
WordPress NewsExo theme <= 7.1 - Cross Site Request Forgery (CSRF) vulnerability
CVSS 4.3
CVE-2026-39617
CRITICAL
WordPress Bluestreet theme <= 1.7.3 - Cross Site Request Forgery (CSRF) to Arbitrary Plugin Installation vulnerability
CVSS 9.6
CVE-2026-39603
MEDIUM
WordPress Grand Photography theme <= 5.7.8 - Cross Site Request Forgery (CSRF) vulnerability
CVSS 5.4
CVE-2026-4141
MEDIUM
Quran Translations <= 1.7 - Cross-Site Request Forgery to Playlist Settings Form
CVSS 4.3
CVE-2026-3499
HIGH
Product Feed PRO for WooCommerce by AdTribes – Product Feeds for WooCommerce 13.4.6 - 13.5.2.1 - Cross-Site Request Forgery to Multiple Administrative Actions
CVSS 8.8
CVE-2026-4401
MEDIUM
Download Monitor <= 5.1.10 - Cross-Site Request Forgery to Download Path Deletion and Disabling
CVSS 5.4
CVE-2026-39371
HIGH
RedwoodSDK has a CSRF vulnerability in server function dispatch via GET requests
CVSS 8.1
CVE-2026-34904
HIGH
WordPress Simple Social Media Share Buttons plugin <= 6.2.0 - Cross Site Request Forgery (CSRF) vulnerability
CVSS 7.5
CVE-2026-34896
HIGH
WordPress Under Construction, Coming Soon & Maintenance Mode plugin <= 2.1.1 - Cross Site Request Forgery (CSRF) vulnerability
CVSS 7.5
CVE-2026-35181
MEDIUM
WWBN AVideo Affected by CSRF on Player Skin Configuration via admin/playerUpdate.json.php
CVSS 4.3
CVE-2026-35180
MEDIUM
WWBN AVideo affected by CSRF on Site Customization Endpoint Enables Logo Overwrite via Base64 File Write
CVSS 4.3
CVE-2026-5624
MEDIUM
ProjectSend upload.php cross-site request forgery
CVSS 4.3
CVE-2026-5572
MEDIUM
Technostrobe HI-LED-WR120-G2 cross-site request forgery
CVSS 4.3
CVE-2026-34228
MEDIUM
Emlog: CSRF in Backend Upgrade Interface Leading to Arbitrary Remote SQL Execution and Arbitrary File Write
CVSS 6.5
Details
Vulnerabilities
9,119
Exploit Likelihood
Medium