Fallos del tipo CWE-352

5736 resultados
CVE-2025-54673MEDIUMWordPress Chartify plugin <= 3.5.3 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2024-0392MEDIUMCross-Site Request Forgery (CSRF) in WSO2 Enterprise Integrator 6.6.0 Management Console Due to Missing CSRF Token ValidationEPSS 0.1%CVE-2025-54694MEDIUMWordPress Button Block Plugin plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2025-28974HIGHWordPress Free WP Mail SMTP plugin <= 1.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerabilityEPSS 0.1%CVE-2025-64117MEDIUMTuleap missing CSRF protection in the management of SVN commit rules and immutable tagsEPSS 0.1%CVE-2025-26768HIGHWordPress what3words Address Field plugin <= 4.0.15 - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2026-7533MEDIUMEasy Digital Downloads <= 3.6.7 - Cross-Site Request Forgery to Payment Account Hijacking via 'square_tokens' ParameterEPSS 0.1%CVE-2025-26759HIGHWordPress Content Snippet Manager plugin <= 1.1.5 - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2026-8905MEDIUMOsiris Signature Banner <= 0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'prepend_text' ParameterEPSS 0.1%CVE-2025-12172MEDIUMMailchimp List Subscribe Form <= 2.0.0 - Cross-Site Request Forgery to Mailchimp List ChangeEPSS 0.1%CVE-2026-8425MEDIUMNotify Odoo <= 1.0.1 - Cross-Site Request Forgery to Settings UpdateEPSS 0.1%CVE-2025-13982HIGHLogin Time Restriction - Moderately critical - Cross-Site Request Forgery - SA-CONTRIB-2025-120EPSS 0.1%CVE-2026-9719MEDIUMLatePoint <= 5.6.0 - Cross-Site Request Forgery via invoices__change_status ActionEPSS 0.1%CVE-2025-54672MEDIUMWordPress Photo Engine Plugin plugin <= 6.4.3 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2025-31585HIGHWordPress Leadfox for WordPress plugin <= 2.1.9 - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2025-64482MEDIUMTuleap missing CSRF protections in the File Release SystemEPSS 0.1%CVE-2026-35181MEDIUMWWBN AVideo Affected by CSRF on Player Skin Configuration via admin/playerUpdate.json.phpEPSS 0.1%CVE-2025-48483MEDIUMFreeScout Stored XSS leads to CSRFEPSS 0.1%CVE-2024-13521MEDIUMMailUp Auto Subscription <= 1.1.0 - Cross-Site Request Forgery to Stored Cross-Site ScriptingEPSS 0.1%CVE-2024-56017HIGHWordPress Stop Registration Spam Plugin <= 1.23 - CSRF to Stored XSS vulnerabilityEPSS 0.1%