Fallos del tipo CWE-352

5733 resultados
CVE-2025-63717MEDIUMThe change password functionality at /pet_grooming/admin/change_pass.php in SourceCodester Pet Grooming Management Software 1.0 is vulnerablEPSS 0.1%CVE-2025-8606LOWGSheetConnector For Gravity Forms <= 1.3.23 - Cross-Site Request Forgery to Arbitrary Plugin Activation/DeactivationEPSS 0.1%CVE-2025-23989HIGHWordPress Internal Link Builder plugin <= 1.0 - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2025-30968MEDIUMWordPress Advanced Post List plugin <= 0.5.6.2 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2025-57977HIGHWordPress Flexible PDF Invoices for WooCommerce & WordPress Plugin <= 6.0.13 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2025-63710MEDIUMThe send_message.php endpoint in SourceCodester Simple Public Chat Room 1.0 is vulnerable to Cross-Site Request Forgery (CSRF). The applicatEPSS 0.1%CVE-2025-30632MEDIUMWordPress Global Translator plugin <= 2.0.2 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2025-23990HIGHWordPress Scroll Styler plugin <= 1.1 - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2025-53329HIGHWordPress Społecznościowa 6 PL 2013 plugin <= 2.0.6 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2026-30807HIGHCross-Site Request Forgery on Extension PagesEPSS 0.1%CVE-2025-70899MEDIUMPHPgurukul Online Course Registration v3.1 lacks Cross-Site Request Forgery (CSRF) protection on all administrative forms. An attacker can pEPSS 0.1%CVE-2025-22814HIGHWordPress Zephyr Admin Theme Plugin <= 1.4.1 - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2025-22768HIGHWordPress Rocket Media Library Mime Type plugin <= 2.1.0 - CSRF to Stored Cross Site Scripting (XSS) vulnerabilityEPSS 0.1%CVE-2026-39619CRITICALWordPress Busiprof theme <= 2.5.2 - Cross Site Request Forgery (CSRF) to Arbitrary File Upload vulnerabilityEPSS 0.1%CVE-2024-53753HIGHWordPress CultBooking Hotel Booking Engine plugin <= 2.1 - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2026-39621HIGHWordPress SpicePress theme <= 2.3.2.5 - CSRF to Arbitrary Plugin Installation vulnerabilityEPSS 0.1%CVE-2025-28857HIGHWordPress Rankchecker.io Integration plugin <= 1.0.9 - CSRF to Stored Cross Site Scripting (XSS) vulnerabilityEPSS 0.1%CVE-2025-68052HIGHWordPress Eagle Booking plugin <= 1.3.4.3 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2024-53755HIGHWordPress Third Party Cookie Eraser plugin <= 1.0.2 - CSRF to Cross Site Scripting (XSS) vulnerabilityEPSS 0.1%CVE-2025-46743MEDIUMCross-Site Request ForgeryEPSS 0.1%