Fallos del tipo CWE-352

5733 resultados
CVE-2025-13871LOWThe feature to manage resources is prone to Cross-Site Request Forgery attacksEPSS 0.2%CVE-2024-54205HIGHWordPress Paloma Widget plugin <= 1.14 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2024-7501MEDIUMDownload Plugins and Themes from Dashboard <= 1.8.7 - Cross-Site Request ForgeryEPSS 0.2%CVE-2025-3153MEDIUMConcrete CMS version 9 below 9.4.0RC2 and versions below 8.5.20 - CSRF and XSS in Concrete CMS Custom Address attributeEPSS 0.2%CVE-2024-9661MEDIUMWP All Import Pro <= 4.9.7 - Cross-Site Request Forgery to Imported Content DeletionEPSS 0.2%CVE-2026-6777MEDIUMOther issue in the Networking: DNS componentEPSS 0.2%CVE-2025-23806HIGHWordPress Ultimate Subscribe Plugin <=1.3 - CSRF to Reflected Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2025-26925MEDIUMWordPress Admin Menu Manager plugin <= 1.0.3 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-28986HIGHWordPress Epicwin Plugin plugin <= 1.5 - CSRF to SQL Injection vulnerabilityEPSS 0.2%CVE-2024-13647MEDIUMSchool Management System – SakolaWP <= 1.0.8 - Cross-Site Request Forgery to Exam Setting ManipulationEPSS 0.2%CVE-2025-48255MEDIUMWordPress Broadcast Live Video – Live Streaming : WebRTC, HLS, RTSP, RTMP plugin <= 6.2.4 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.2%CVE-2026-1644MEDIUMWP Frontend Profile <= 1.3.8 - Cross-Site Request Forgery to Unauthorized User Account Approval or RejectionEPSS 0.2%CVE-2025-23803HIGHWordPress Snippy Plugin <= 1.4.1 - CSRF to Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2026-46787HIGHVulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). The supported version that EPSS 0.2%CVE-2024-56222MEDIUMWordPress CodeBard Help Desk plugin <= 1.1.1 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-47624MEDIUMWordPress DoFollow Case by Case plugin <= 3.5.1 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-48038MEDIUMWordPress wp-Monalisa plugin <= 6.4 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-47633MEDIUMWordPress Awin – Advertiser Tracking for WooCommerce plugin <= 2.0.0 - CSRF to Product Feed Regeneration vulnerabilityEPSS 0.2%CVE-2024-38724HIGHWordPress Contact Form 7 Summary and Print plugin <= 1.2.5 - Cross Site Request Forgery (CSRF) to XSS vulnerabilityEPSS 0.2%CVE-2025-49291MEDIUMWordPress Calculated Fields Form plugin <= 5.3.58 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.2%