Fallos del tipo CWE-352
5728 resultadosCVE-2024-51657HIGHWordPress SmartLink Dynamic URLs plugin <= 1.1.0 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2024-37306HIGHCVAT's export and backup-related API endpoints are susceptible to CSRFEPSS 0.2%CVE-2024-51656HIGHWordPress Flash Show And Hide Box plugin <= 1.6 - CSRF to Stored Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2023-5534MEDIUMAI ChatBot <= 4.8.9 and 4.9.2 - Cross-Site Request Forgery on AJAX actionsEPSS 0.2%CVE-2024-51648HIGHWordPress e-shops plugin 1.0.3 - CSRF to Reflected Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2025-24568MEDIUMWordPress Starter Templates plugin <= 4.4.9 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-32105MEDIUMWordPress ELEX WooCommerce Dynamic Pricing and Discounts plugin <= 2.1.2 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-39155MEDIUMidccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ipRecord_deal.php?mudi=add.EPSS 0.2%CVE-2025-24696MEDIUMWordPress Gutenberg Blocks and Page Layouts Plugin <= 1.9.6 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-27012HIGHWordPress A1POST.BG Shipping for Woo plugin <= 1.5 - CSRF to Privilege Escalation vulnerabilityEPSS 0.2%CVE-2024-12554MEDIUMPeter’s Custom Anti-Spam <= 3.2.3 - Cross-Site Request Forgery via cas_register_post FunctionEPSS 0.2%CVE-2024-28429MEDIUMDedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/archives_do.phpEPSS 0.2%CVE-2025-7690MEDIUMAffiliate Plus <= 1.3.2 - Cross-Site Request Forgery to Stored Cross-Site ScriptingEPSS 0.2%CVE-2024-41795MEDIUMA vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices is vulnerable EPSS 0.2%CVE-2023-7273MEDIUMCross Site Request Forgery in Kiteworks OwnCloudEPSS 0.2%CVE-2025-32547HIGHWordPress All push notification for WP Plugin <= 1.5.3 - CSRF to SQL Injection vulnerabilityEPSS 0.2%CVE-2023-50886MEDIUMWordPress Legal Pages plugin <= 1.3.7 - CSRF + Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-27910HIGHtianti v2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /user/ajax/upd/status. This vulnerability allowsEPSS 0.2%CVE-2024-4100MEDIUMPricing Table <= 2.0.1 - Cross-Site Request Forgery via ajax()EPSS 0.2%CVE-2024-52451HIGHWordPress Post Ideas plugin <= 2 - CSRF to SQL Injection vulnerabilityEPSS 0.2%