Fallos del tipo CWE-352

5733 resultados
CVE-2025-30585MEDIUMWordPress Generate Post Thumbnails plugin <= 0.8 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.2%CVE-2025-24561HIGHWordPress ReviewsTap plugin <= 1.1.2 - CSRF to Stored Cross-Site Scripting vulnerabilityEPSS 0.2%CVE-2025-30805MEDIUMWordPress Flexible Cookies plugin <= 1.1.8 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-30746MEDIUMVulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). Supported versions that are affected are EPSS 0.2%CVE-2026-12746HIGHDancer2::Plugin::Auth::OAuth::Provider versions before 0.23 for Perl do not support the OAuth 2.0 state parameterEPSS 0.2%CVE-2024-41305HIGHA Server-Side Request Forgery (SSRF) in the Plugins Page of WonderCMS v3.4.3 allows attackers to force the application to make arbitrary reqEPSS 0.2%CVE-2025-9891MEDIUMUser Sync – Remote User Sync <= 1.0.2 - Cross-Site Request Forgery to Plugin DeactivationEPSS 0.2%CVE-2025-60208HIGHWordPress Advanced Custom Fields : CPT Options Pages plugin <= 2.0.9 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-49685MEDIUMWordPress Custom Twitter Feeds plugin <= 2.2.3 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2023-45374An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.EPSS 0.2%CVE-2025-30576MEDIUMWordPress Hacklog Remote Image Autosave plugin <= 2.1.0 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.2%CVE-2025-30801MEDIUMWordPress TWB Woocommerce Reviews plugin <= 1.7.7 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-30804MEDIUMWordPress wpShopGermany IT-RECHT KANZLEI plugin <= 2.0 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-12095HIGHSimple Registration for WooCommerce <= 1.5.8 - Cross-Site Request Forgery to Privilege Escalation via Role Request ApprovalEPSS 0.2%CVE-2026-31016MEDIUMCross Site Request Forgery vulnerability in Squidex.io Squidex CMS v.7.21.0 and before allows a remote attacker to escalate privileges via tEPSS 0.2%CVE-2024-4541MEDIUMCustom Product List Table <= 3.0.0 - Cross-Site Request ForgeryEPSS 0.2%CVE-2024-39641MEDIUMWordPress LearnPress plugin <= 4.2.6.8.2 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-7422MEDIUMTheme My Login <= 7.1.7 - Cross-Site Request Forgery to Settings UpdateEPSS 0.2%CVE-2024-12218MEDIUMWoocommerce check pincode/zipcode for shipping <= 2.0.4 - Cross-Site Request Forgery to Reflected Cross-Site ScriptingEPSS 0.2%CVE-2024-33646HIGHWordPress Sticky Anything plugin <= 2.1.5 - Broken Access Control to XSS vulnerabilityEPSS 0.2%