Fallos del tipo CWE-352

5733 resultados
CVE-2025-30856MEDIUMWordPress Custom Field For WP Job Manager plugin <= 1.4 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-31399HIGHWordPress CG Scroll To Top plugin <= 3.5 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-32477HIGHWordPress WP-Easy Menu plugin <= 0.41 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2024-37540MEDIUMWordPress Leaky Paywall plugin <= 4.21.2 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-31026HIGHWordPress Comment Validation Reloaded plugin <= 0.5 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-32478HIGHWordPress WP SexyLightBox plugin <= 0.5.3 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-8891MEDIUMOceanWP <= 4.0.9 - 4.1.1 - Cross-Site Request Forgery to Ocean Extra Plugin InstallationEPSS 0.2%CVE-2025-31391HIGHWordPress Script Compressor plugin <= 1.7.1 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2024-37518MEDIUMWordPress The Events Calendar plugin <= 6.5.1.4 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2023-37391MEDIUMWordPress WordPress Mobile Pack Plugin <= 3.4.1 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.2%CVE-2025-32250MEDIUMWordPress Rollbar plugin <= 2.7.1 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-34756MEDIUMWordPress Integration for HubSpot and Contact Form 7 plugin <= 1.3.1 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-31032HIGHWordPress Pagopar – WooCommerce Gateway plugin <= 2.7.1 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2024-12279MEDIUMWP Social AutoConnect <= 4.6.2 - Cross-Site Request Forgery to Reflected Cross-Site ScriptingEPSS 0.2%CVE-2025-32480HIGHWordPress Windows Live Writer plugin <= 0.1 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2018-25336MEDIUMjCart for OpenCart 2.3.0.2 Cross-Site Request ForgeryEPSS 0.2%CVE-2023-25697MEDIUMWordPress GamiPress plugin <= 2.5.6 - CSRF Leading to Settings Change VulnerabilityEPSS 0.2%CVE-2024-37491MEDIUMWordPress Rife Free theme <= 2.4.18 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-48057MEDIUMlocalai <=2.20.1 is vulnerable to Cross Site Scripting (XSS). When calling the delete model API and passing inappropriate parameters, it canEPSS 0.2%CVE-2024-38753MEDIUMWordPress Animated Rotating Words Plugin <= 5.6 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%