Fallos del tipo CWE-352

5733 resultados
CVE-2026-39641MEDIUMWordPress Blackfyre theme <= 2.5.4 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-23694HIGHWordPress Shabbos and Yom Tov plugin <= 1.9 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-23691HIGHWordPress Send to Twitter plugin <= 1.7.2 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-23702HIGHWordPress Anonymize Links plugin <= 1.1 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-23710HIGHWordPress Flying Twitter Birds plugin <= 1.8 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-23712HIGHWordPress Kapost plugin <= 2.2.9 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-23690HIGHWordPress Book a Place plugin <= 0.7.1 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2026-34384MEDIUMAdmidio: Missing CSRF Protection on Registration Approval ActionsEPSS 0.2%CVE-2025-25111MEDIUMWordPress WP Spell Check plugin <= 9.21 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-13795MEDIUMEcwid by Lightspeed Ecommerce Shopping Cart <= 6.12.27 - Cross-Site Request Forgery to Send Deactivation MessageEPSS 0.2%CVE-2025-23703HIGHWordPress Free MailClient FMC plugin <= 1.0 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2026-3857HIGHCross-Site Request Forgery (CSRF) in GitLabEPSS 0.2%CVE-2024-40035MEDIUMidccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userLevel_deal.php?mudi=add.EPSS 0.2%CVE-2025-24875MEDIUMSameSite Defense in Depth not applied for some cookies in SAP CommerceEPSS 0.2%CVE-2025-56009MEDIUMCross site request forgery (CSRF) vulnerability in KeeneticOS before 4.3 at "/rci" API endpoint allows attackers to take over the device viaEPSS 0.2%CVE-2024-13774MEDIUMWishlist for WooCommerce: Multi Wishlists Per Customer <= 3.1.7 - Cross-Site Request Forgery to Cross-Site Scriping via Wishlist NameEPSS 0.2%CVE-2024-13405MEDIUMApptivo Business Site CRM <= 5.3 - Cross-Site Request Forgery to IP Address BlockEPSS 0.2%CVE-2025-23692HIGHWordPress Slider for Writers plugin <= 1.3 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-43809MEDIUMCross-Site Request Forgery (CSRF) vulnerability in the server (license) registration page in Liferay Portal 7.4.0 through 7.4.3.111, and oldEPSS 0.2%CVE-2025-23677HIGHWordPress HTTP to HTTPS link changer by Eyga.net plugin <= 0.2.4 - CSRF to Stored XSS vulnerabilityEPSS 0.2%