Fallos del tipo CWE-352
5733 resultadosCVE-2026-11106MEDIUMInappropriate implementation in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafEPSS 0.2%CVE-2026-44342MEDIUMNew API CSRF in email and WeChat account binding endpointsEPSS 0.2%CVE-2026-6401MEDIUMBottom Bar <= 0.1.7 - Cross-Site Request Forgery to Settings UpdateEPSS 0.2%CVE-2025-53483HIGHSecurePoll: Multiple admin actions vulnerable to Cross-Site Request ForgeryEPSS 0.2%CVE-2025-20322MEDIUMDenial of Service (DoS) in Search Head Cluster through Cross-Site Request Forgery (CSRF) in Splunk EnterpriseEPSS 0.2%CVE-2025-24555HIGHWordPress Subscription DNA plugin <= 2.1 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-12095HIGHSimple Registration for WooCommerce <= 1.5.8 - Cross-Site Request Forgery to Privilege Escalation via Role Request ApprovalEPSS 0.2%CVE-2024-27968HIGHWordPress Super Page Cache for Cloudflare plugin <= 4.7.5 - Cross Site Request Forgery (CSRF) to XSS vulnerabilityEPSS 0.2%CVE-2024-49274MEDIUMWordPress VOD Infomaniak plugin <= 1.5.7 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-30568MEDIUMWordPress Super Static Cache plugin <= 3.3.5 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.2%CVE-2025-24561HIGHWordPress ReviewsTap plugin <= 1.1.2 - CSRF to Stored Cross-Site Scripting vulnerabilityEPSS 0.2%CVE-2025-30526MEDIUMWordPress Typekit plugin <= 1.2.3 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-30745MEDIUMVulnerability in the Oracle MES for Process Manufacturing product of Oracle E-Business Suite (component: Device Integration). Supported verEPSS 0.2%CVE-2021-47820MEDIUMUbee EVW327 - 'Enable Remote Access' Cross-Site Request Forgery (CSRF)EPSS 0.2%CVE-2025-30764MEDIUMWordPress Football Pool plugin <= 2.12.2 - Cross Site Request Forgery (CSRF) to Settings Change vulnerabilityEPSS 0.2%CVE-2025-30746MEDIUMVulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). Supported versions that are affected are EPSS 0.2%CVE-2025-9891MEDIUMUser Sync – Remote User Sync <= 1.0.2 - Cross-Site Request Forgery to Plugin DeactivationEPSS 0.2%CVE-2023-45269MEDIUMWordPress Simple SEO Plugin <= 2.0.25 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.2%CVE-2024-30460MEDIUMWordPress Tumult Hype Animations plugin <= 1.9.11 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-30804MEDIUMWordPress wpShopGermany IT-RECHT KANZLEI plugin <= 2.0 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%