Fallos del tipo CWE-352
5733 resultadosCVE-2025-28954HIGHWordPress Backwp plugin <= 2.0.2 - CSRF to Arbitrary File Deletion vulnerabilityEPSS 0.2%CVE-2024-52477HIGHWordPress Document & Data Automation plugin <= 1.6.1 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2024-53720HIGHWordPress WP-ISPConfig 3 plugin <= 1.5.6 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2024-53722HIGHWordPress Favicon My Blog plugin <= 1.0.2 - CSRF to Stored Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2024-53727HIGHWordPress LinkLaunder SEO plugin <= 0.92.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2024-53736HIGHWordPress Custom Shortcode Sidebars plugin <= 1.2 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2024-56474MEDIUMIBM TXSeries for Multiplatforms cross-site request forgeryEPSS 0.2%CVE-2025-47462HIGHWordPress Challan plugin <= 3.7.58 - CSRF to Privilege Escalation vulnerabilityEPSS 0.2%CVE-2026-4139MEDIUMmCatFilter <= 0.5.2 - Cross-Site Request Forgery via compute_post() FunctionEPSS 0.2%CVE-2023-2438MEDIUMUserPro <= 5.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via userpro_save_userdataEPSS 0.2%CVE-2026-3499HIGHProduct Feed PRO for WooCommerce by AdTribes – Product Feeds for WooCommerce 13.4.6 - 13.5.2.1 - Cross-Site Request Forgery to Multiple Administrative ActionsEPSS 0.2%CVE-2024-9588MEDIUMCategory and Taxonomy Meta Fields <= 1.0.0 - Cross-Site Request Forgery to Taxonomy Meta Add/DeleteEPSS 0.2%CVE-2025-1382MEDIUMContact Us By Lord Linus <= 2.6 - Admin+ Stored XSS via CSRFEPSS 0.2%CVE-2024-8477MEDIUMNewsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue) <= 3.1.87 - Cross-Site Request ForgeryEPSS 0.2%CVE-2025-7379MEDIUMA security bypass vulnerability was found in DataSync Center installed on ADMEPSS 0.2%CVE-2026-42286HIGHEmlog: Cross-Site Request Forgery in Admin FunctionsEPSS 0.2%CVE-2026-45317MEDIUMOpen WebUI: Cross-Site Request Forgery (CSRF) via Image URL ManipulationEPSS 0.2%CVE-2026-41317MEDIUMFrappe Press has an unsafe HTTP method / CSRF-adjacent issue on API secret generationEPSS 0.2%CVE-2026-2112MEDIUMDam Spam <= 1.0.8 - Cross-Site Request Forgery to Arbitrary Pending Comment DeletionEPSS 0.2%CVE-2025-30619MEDIUMWordPress SpeakPipe plugin <= 0.2 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.2%