Fallos del tipo CWE-352
5733 resultadosCVE-2026-13944LOWInappropriate implementation in DataTransfer in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who convinced a user tEPSS 0.2%CVE-2023-50932HIGHAn issue was discovered in savignano S/Notify before 4.0.2 for Confluence. While an administrative user is logged on, the configuration settEPSS 0.2%CVE-2025-32556HIGHWordPress Simple Post Meta Manager Plugin <= 1.0.9 - CSRF to Reflected Cross-Site Scripting vulnerabilityEPSS 0.2%CVE-2025-32621HIGHWordPress WP Map Route Planner plugin <= 1.0.0 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-32500HIGHWordPress Codescar Radio Widget plugin <= 0.4.2 - CSRF to Stored Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2025-39530HIGHWordPress Site Search 360 plugin <= 2.1.8 - Cross Site Request Forgery (CSRF) to stored XSS vulnerabilityEPSS 0.2%CVE-2025-32502HIGHWordPress ePaper Lister for Yumpu plugin <= 1.4.0 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-32505HIGHWordPress MultiMailer plugin <= 1.0.3 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-32484HIGHWordPress WP-Planification – WP-Planning plugin <= 2.3.1 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2026-40925HIGHWWBN AVideo has CSRF in configurationUpdate.json.php Enables Full Site Configuration Takeover Including Encoder URL and SMTP CredentialsEPSS 0.2%CVE-2025-32584HIGHWordPress Chat2 plugin <= 4.0 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2024-42768MEDIUMA Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Hotel Management System v1.0 via /admin/delete_room.php.EPSS 0.2%CVE-2026-36960HIGHA Cross-Site Request Forgery (CSRF) vulnerability exists in the web management interface of the U-SPEED N300 Rounter V1.0.0. The device doesEPSS 0.2%CVE-2025-21576MEDIUMVulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Dynamo Personalization Server). Supported versions thaEPSS 0.2%CVE-2025-39548HIGHWordPress Right Click Disable OR Ban plugin <= 1.1.17 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-32612HIGHWordPress User Session Synchronizer plugin <= 1.4.0 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-32518HIGHWordPress ALD Login Page plugin <= 1.1 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-32616HIGHWordPress Nimbata Call Tracking plugin <= 1.7.4 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-32610HIGHWordPress Foliopress WYSIWYG plugin <= 2.6.18 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-32497HIGHWordPress Spoiler Block plugin <= 1.7 - CSRF to Stored XSS vulnerabilityEPSS 0.2%