Fallos del tipo CWE-352
5733 resultadosCVE-2026-40309HIGHMasa CMS CSRF in trash management allows unauthorized permanent deletion of deleted contentEPSS 0.2%CVE-2025-1382MEDIUMContact Us By Lord Linus <= 2.6 - Admin+ Stored XSS via CSRFEPSS 0.2%CVE-2024-5596MEDIUMARMember Premium <= 6.7 - Cross-Site Request Forgery via multiple functionsEPSS 0.2%CVE-2021-47702MEDIUMOpenBMCS Cross Site Request Forgery (CSRF) via sendFeedback.phpEPSS 0.2%CVE-2025-14266LOWCSRF in Ercom Cryptobox administration consoleEPSS 0.2%CVE-2024-8477MEDIUMNewsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue) <= 3.1.87 - Cross-Site Request ForgeryEPSS 0.2%CVE-2026-2112MEDIUMDam Spam <= 1.0.8 - Cross-Site Request Forgery to Arbitrary Pending Comment DeletionEPSS 0.2%CVE-2026-45317MEDIUMOpen WebUI: Cross-Site Request Forgery (CSRF) via Image URL ManipulationEPSS 0.2%CVE-2024-9588MEDIUMCategory and Taxonomy Meta Fields <= 1.0.0 - Cross-Site Request Forgery to Taxonomy Meta Add/DeleteEPSS 0.2%CVE-2026-40458HIGHCross-Site Request Forgery in PAC4JEPSS 0.2%CVE-2026-1165MEDIUMPopup Box <= 6.1.1 - Cross-Site Request Forgery to Popup Status ChangeEPSS 0.2%CVE-2024-57160MEDIUM07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via /erp.07fly.net:80/oa/OaTask/edit.html.EPSS 0.2%CVE-2025-22703HIGHWordPress Forge – Front-End Page Builder plugin <= 1.4.6 - CSRF to Stored Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2026-4070MEDIUMAlfie <= 1.2.1 - Cross-Site Request Forgery to Feed Deletion via 'delete' ParameterEPSS 0.2%CVE-2024-49304MEDIUMWordPress Pinpoint Booking System plugin <= 2.9.9.5.7 - CSRF to Stored Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2025-30919HIGHWordPress Store Locator Widget plugin <= 2025r2 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2024-38778MEDIUMWordPress WP Fast Total Search <= 1.69.234 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-24982MEDIUMCross-site request forgery vulnerability exists in Activity Log WinterLock versions prior to 1.2.5. If a user views a malicious page while lEPSS 0.2%CVE-2025-26211LOWGibbon before 29.0.00 allows CSRF.EPSS 0.2%CVE-2024-47635MEDIUMWordPress TinyPNG plugin <= 3.4.3 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%