Fallos del tipo CWE-352
5733 resultadosCVE-2025-30919HIGHWordPress Store Locator Widget plugin <= 2025r2 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-36576LOWDell Wyse Management Suite, versions prior to WMS 5.2, contain a Cross-Site Request Forgery (CSRF) vulnerability. A high privileged attackerEPSS 0.2%CVE-2024-57160MEDIUM07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via /erp.07fly.net:80/oa/OaTask/edit.html.EPSS 0.2%CVE-2025-24982MEDIUMCross-site request forgery vulnerability exists in Activity Log WinterLock versions prior to 1.2.5. If a user views a malicious page while lEPSS 0.2%CVE-2018-25337MEDIUMJoomla JoomOCShop 1.0 Cross-Site Request ForgeryEPSS 0.2%CVE-2024-49304MEDIUMWordPress Pinpoint Booking System plugin <= 2.9.9.5.7 - CSRF to Stored Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2025-57905MEDIUMWordPress AgreeMe Checkboxes For WooCommerce Plugin <= 1.1.3 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.2%CVE-2026-6400MEDIUMChild Height Predictor by Ostheimer <= 1.3 - Cross-Site Request Forgery to Settings Update via Plugin Settings FormEPSS 0.2%CVE-2025-32644HIGHWordPress IP2Location World Clock Plugin <= 1.1.9 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-57960MEDIUMWordPress Travel Map Plugin <= 1.0.3 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.2%CVE-2025-53456MEDIUMWordPress SEO Backlink Monitor plugin <= 1.8.0 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-32669HIGHWordPress Mergado Pack plugin <= 4.2.1 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2026-52784HIGHOpenProject: CSRF on TARGET through /users/:id via POST parameter "user[admin]"EPSS 0.2%CVE-2025-25138HIGHWordPress On Page SEO + Social Live Chat (Formerly OPS) plugin <= 2.0.0 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-32645HIGHWordPress Custom Posts Order Plugin <= 4.4 - CSRF to Stored Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2026-43735HIGHThe issue was addressed with improved checks. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A maliEPSS 0.2%CVE-2025-50090MEDIUMVulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Personalization). Supported versions thatEPSS 0.2%CVE-2024-40601MEDIUMAn issue was discovered in the MediaWikiChat extension for MediaWiki through 1.42.1. CSRF can occur in API modules.EPSS 0.2%CVE-2025-32673HIGHWordPress Epeken All Kurir plugin <= 2.0.6 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-4839MEDIUMCSRF in Servers Configurations in parisneo/lollms-webuiEPSS 0.2%