Fallos del tipo CWE-352

5729 resultados
CVE-2026-13952MEDIUMInappropriate implementation in PerformanceAPIs in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data EPSS 0.2%CVE-2024-42606MEDIUMPligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_log.php?clear=1EPSS 0.2%CVE-2024-42603MEDIUMPligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=clearallEPSS 0.2%CVE-2024-33677MEDIUMWordPress Contact Form 7 Extension For Mailchimp plugin <= 0.5.70 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2023-26248MEDIUMThe Kademlia DHT (go-libp2p-kad-dht 0.20.0 and earlier) used in IPFS (0.18.1 and earlier) assigns routing information for content (i.e., infEPSS 0.2%CVE-2024-31096MEDIUMWordPress Nictitate theme <= 1.1.4 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-31384MEDIUMWordPress Spa and Salon theme <= 1.2.7 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-31364MEDIUMWordPress ELEX WooCommerce Dynamic Pricing and Discounts plugin <= 2.1.2 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-31922MEDIUMWordPress Hosting Benchmark tool plugin <= 1.3.6 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-31250MEDIUMWordPress WP Server Health Stats plugin <= 1.7.3 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-32728MEDIUMWordPress Paid Membership Subscriptions plugin <= 2.11.0 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-12004MEDIUMWPC Order Notes for WooCommerce <= 1.5.2 - Cross-Site Request Forgery to Reflected Cross-Site ScriptingEPSS 0.2%CVE-2024-31428MEDIUMWordPress The Conference theme <= 1.2.0 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-31379MEDIUMWordPress Smash Balloon Social Post Feed plugin <= 4.2.1 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-32947MEDIUMWordPress WP ADA Compliance Check Basic plugin <= 3.1.3 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2026-27978MEDIUMNext.js: null origin can bypass Server Actions CSRF checksEPSS 0.2%CVE-2024-31305MEDIUMWordPress Transcoder plugin <= 1.3.5 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-30541MEDIUMWordPress LWS Optimize plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-8505MEDIUM495300897 wx-shop cross-site request forgeryEPSS 0.2%CVE-2023-41864MEDIUMWordPress PeproDev CF7 Database plugin <= 1.8.0 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%