CWE-352
Medium likelihoodCross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
9,119 vulnerabilities with CWE-352
CVE-2026-22215
MEDIUM
wpDiscuz <7.6.47 - CSRF
CVSS 4.3
CVE-2026-22202
HIGH
wpDiscuz <7.6.47 - CSRF
CVSS 8.1
CVE-2026-31954
NONE
Emlog <=2.6.6 - CSRF
CVE-2026-30868
MEDIUM
OPNsense <26.1.4 - CSRF
CVSS 6.3
CVE-2026-3903
MEDIUM
Modular DS WordPress Plugin <2.5.1 - CSRF
CVSS 4.3
CVE-2026-2626
HIGH
Divi-Booster <5.0.2 - CSRF & Object Injection
CVSS 8.1
CVE-2026-2324
MEDIUM
LatePoint Calendar Booking Plugin <5.2.7 - CSRF
CVSS 6.1
CVE-2026-29113
MEDIUM
Craft CMS <4.17.4/5.9.7 - CSRF
CVSS 4.3
CVE-2026-28495
CRITICAL
GetSimple CMS 3.3.22 - CSRF to RCE
CVSS 9.6
CVE-2026-28281
HIGH
InstantCMS <2.18.1 - CSRF
CVSS 7.1
CVE-2026-1508
MEDIUM
Court Reservation <1.10.9 - CSRF
CVSS 4.3
CVE-2026-3770
MEDIUM
SourceCodester CLMS 1.0 - CSRF
CVSS 4.3
CVE-2026-29784
HIGH
Ghost 5.101.6-6.19.2 - CSRF
CVSS 7.5
CVE-2026-1087
MEDIUM
Guardian News Feed Plugin <1.2 - CSRF
CVSS 4.3
CVE-2026-1086
MEDIUM
WordPress Font Pairing Preview - CSRF
CVSS 4.3
CVE-2026-1085
MEDIUM
True Ranker WordPress Plugin <2.2.9 - CSRF
CVSS 4.3
CVE-2026-1073
MEDIUM
Purchase Button For Affiliate Link <1.0.2 - CSRF
CVSS 4.3
CVE-2026-2494
MEDIUM
ProfileGrid WordPress Plugin <=5.9.8.2 - CSRF
CVSS 4.3
CVE-2026-1644
MEDIUM
WP Frontend Profile <1.3.8 - CSRF
CVSS 4.3
CVE-2026-1468
MEDIUM
QuickCMS - CSRF
CVE-2026-3589
HIGH
WooCommerce 5.4.0-10.5.2 - CSRF
CVSS 7.5
CVE-2026-1128
MEDIUM
WP eCommerce WordPress Plugin <3.15.1 - CSRF
CVSS 4.3
CVE-2026-29084
MEDIUM
Gokapi <2.2.3 - CSRF
CVSS 4.6
CVE-2026-28477
HIGH
OpenClaw <2026.2.14 - Auth Bypass
CVSS 7.1
CVE-2026-30793
CRITICAL
RustDesk Client <=1.4.5 - CSRF to Privilege Escalation
CVSS 9.8
Details
Vulnerabilities
9,119
Exploit Likelihood
Medium