Fallos del tipo CWE-352

5731 resultados
CVE-2025-23804HIGHWordPress WP Service Payment Form With Authorize.net Plugin <= 2.6.0 - CSRF to Reflected Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2023-51521MEDIUMWordPress Quiz And Survey Master plugin <= 8.1.18 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-21032MEDIUMVulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versioEPSS 0.2%CVE-2025-30541MEDIUMWordPress Info Boxes Shortcode And Widgets plugin <= 1.15 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-30538MEDIUMWordPress Simple Optimizer plugin <= 1.2.7 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2023-4301MEDIUMCSRF vulnerability in Fortify Plugin allow capturing credentialsEPSS 0.2%CVE-2024-35550MEDIUMidccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoWeb_deal.php?mudi=rev.EPSS 0.2%CVE-2024-11813MEDIUMPulsating Chat Button <= 1.4.1 - Cross-Site Request Forgery to Stored Cross-Site ScriptingEPSS 0.2%CVE-2024-0511MEDIUMRoyal Elementor Addons and Templates <= 1.3.87 - Cross-Site Request Forgery via wpr_update_form_action_metaEPSS 0.2%CVE-2023-50858MEDIUMWordPress Anti Hacker Plugin <= 4.34 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.2%CVE-2024-26351MEDIUMflusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/update_place.phpEPSS 0.2%CVE-2024-43287MEDIUMWordPress Brevo plugin <= 3.1.82 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-39157LOWidccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ipRecord_deal.php?mudi=del&dataType=&datEPSS 0.2%CVE-2024-43116MEDIUMWordPress Simple Local Avatars plugin <= 2.7.10 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-39156LOWidccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/keyWord_deal.php?mudi=add.EPSS 0.2%CVE-2026-46785CRITICALVulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). The supported version that EPSS 0.2%CVE-2024-43325MEDIUMWordPress Dark Mode for WP Dashboard plugin <= 1.2.3 - Cross Site Request Forgery vulnerabilityEPSS 0.2%CVE-2024-12280MEDIUMWP Customer Area <= 8.2.4 - Event Log Deletion via CSRFEPSS 0.2%CVE-2023-6984MEDIUMPowerPack Addons for Elementor (Free Widgets, Extensions and Templates) <= 2.7.13 - Cross-Site Request ForgeryEPSS 0.2%CVE-2025-49896MEDIUMWordPress WP Discord Post Plus – Supports Unlimited Channels plugin <= 1.0.2 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%