Fallos del tipo CWE-352

5733 resultados
CVE-2025-22690HIGHWordPress DigiTimber cPanel Integration plugin <= 1.4.6 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-22685HIGHWordPress Tags to Keywords plugin <= 1.0.1 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-20326MEDIUMCisco Unified Communications Manager Cross-Site Request Forgery VulnerabilityEPSS 0.2%CVE-2024-6673MEDIUMCSRF Vulnerability in parisneo/lollms-webuiEPSS 0.2%CVE-2023-42234MEDIUMPat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Cross Site Request Forgery (CSRF) via the WSCView function.EPSS 0.2%CVE-2025-62258HIGHCSRF vulnerability in Headless API in Liferay Portal 7.4.0 through 7.4.3.107, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through upEPSS 0.2%CVE-2025-22688HIGHWordPress Unlimited Page Sidebars plugin <= 0.2.6 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2024-37438MEDIUMWordPress Uncanny Toolkit Pro for LearnDash plugin < 4.1.4.1 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-37426MEDIUMWordPress Elegant Pink theme 1.3.0 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-4403MEDIUMCSRF in restart_program in parisneo/lollms-webuiEPSS 0.2%CVE-2025-23708HIGHWordPress DF Draggable plugin <= 1.13.2 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2024-49672HIGHWordPress Google Docs RSVP plugin <= 2.0.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2024-53728HIGHWordPress Protect Your Content plugin <= 1.0.2 - CSRF to Stored Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2024-11341MEDIUMSimple Redirection <= 1.5 - Cross-Site Request Forgery to Arbitrary Site RedirectEPSS 0.2%CVE-2024-53715HIGHWordPress Simple Travel Map plugin <= 0.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2024-53719HIGHWordPress Zajax – Ajax Navigation plugin <= 0.4 - CSRF to Stored Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2024-53723HIGHWordPress Google Plus Share and +1 Button plugin <= 1.0 - CSRF to Stored Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2026-22202MEDIUMwpDiscuz before 7.6.47 - Destructive GET Action Deletes All Comments by EmailEPSS 0.2%CVE-2024-53720HIGHWordPress WP-ISPConfig 3 plugin <= 1.5.6 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-28954HIGHWordPress Backwp plugin <= 2.0.2 - CSRF to Arbitrary File Deletion vulnerabilityEPSS 0.2%