Fallos del tipo CWE-352
5733 resultadosCVE-2026-40925HIGHWWBN AVideo has CSRF in configurationUpdate.json.php Enables Full Site Configuration Takeover Including Encoder URL and SMTP CredentialsEPSS 0.2%CVE-2025-13413MEDIUMCountry Blocker for AdSense <= 1.0 - Cross-Site Request Forgery to Settings UpdateEPSS 0.2%CVE-2025-29722MEDIUMA CSRF vulnerability in Commercify v1.0 allows remote attackers to perform unauthorized actions on behalf of authenticated users. The issue EPSS 0.2%CVE-2025-21576MEDIUMVulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Dynamo Personalization Server). Supported versions thaEPSS 0.2%CVE-2023-50932HIGHAn issue was discovered in savignano S/Notify before 4.0.2 for Confluence. While an administrative user is logged on, the configuration settEPSS 0.2%CVE-2023-50931HIGHAn issue was discovered in savignano S/Notify before 2.0.1 for Bitbucket. While an administrative user is logged on, the configuration settiEPSS 0.2%CVE-2025-13438MEDIUMPage Title, Description & Open Graph Updater <= 1.02 - Cross-Site Request Forgery to Arbitrary Page Title ModificationEPSS 0.2%CVE-2025-32502HIGHWordPress ePaper Lister for Yumpu plugin <= 1.4.0 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-32621HIGHWordPress WP Map Route Planner plugin <= 1.0.0 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-32591HIGHWordPress WP Abstracts Plugin <= 2.7.5 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-32597HIGHWordPress WordPress Events Calendar Plugin – connectDaily plugin <= 1.5.4 - CSRF to Cross-Site Scripting vulnerabilityEPSS 0.2%CVE-2025-32498HIGHWordPress VKontakte Cross-Post plugin <= 0.3.2 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-32497HIGHWordPress Spoiler Block plugin <= 1.7 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2024-40038MEDIUMidccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userScore_deal.php?mudi=revEPSS 0.2%CVE-2025-32616HIGHWordPress Nimbata Call Tracking plugin <= 1.7.4 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2026-59148HIGHMockoon: Unauthenticated admin API + wildcard CORS allows mock-state hijack and secret theftEPSS 0.2%CVE-2025-32484HIGHWordPress WP-Planification – WP-Planning plugin <= 2.3.1 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-39548HIGHWordPress Right Click Disable OR Ban plugin <= 1.1.17 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-32610HIGHWordPress Foliopress WYSIWYG plugin <= 2.6.18 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-32563HIGHWordPress WP Calais Auto Tagger plugin <= 2.0 - CSRF to Stored XSS vulnerabilityEPSS 0.2%