Fallos del tipo CWE-352

5740 resultados
CVE-2026-35181MEDIUMWWBN AVideo Affected by CSRF on Player Skin Configuration via admin/playerUpdate.json.phpEPSS 0.1%CVE-2024-13512MEDIUMWonder FontAwesome <= 0.8 - Cross-Site Request Forgery to Stored Cross-Site ScriptingEPSS 0.1%CVE-2024-56017HIGHWordPress Stop Registration Spam Plugin <= 1.23 - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2024-13293LOWPOST File - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2024-059EPSS 0.1%CVE-2024-13521MEDIUMMailUp Auto Subscription <= 1.1.0 - Cross-Site Request Forgery to Stored Cross-Site ScriptingEPSS 0.1%CVE-2018-25170HIGHDoceboLMS 1.2 SQL Injection via lesson.phpEPSS 0.1%CVE-2025-48483MEDIUMFreeScout Stored XSS leads to CSRFEPSS 0.1%CVE-2025-14165MEDIUMKirim.Email WooCommerce Integration <= 1.2.9 - Cross-Site Request Forgery to Settings UpdateEPSS 0.1%CVE-2025-14158MEDIUMCoding Blocks <= 1.1.0 - Cross-Site Request Forgery to Settings UpdateEPSS 0.1%CVE-2025-13144MEDIUMContentStudio <= 1.3.7 - Cross-Site Request Forgery to Settings UpdateEPSS 0.1%CVE-2026-24596MEDIUMWordPress Related Posts Thumbnails plugin for WordPress plugin <= 4.3.2 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2026-46620MEDIUMe107: CSRF in comment.php moderation endpoints via token-optional validation in session_handler::check()EPSS 0.1%CVE-2025-14163MEDIUMPremium Addons for Elementor <= 4.11.53 - Cross-Site Request Forgery via 'insert_inner_template'EPSS 0.1%CVE-2026-24521MEDIUMWordPress Kama Thumbnail plugin <= 3.5.1 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-67626MEDIUMWordPress WP SEO Search plugin <= 1.1 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2026-34383MEDIUMAdmidio: CSRF and Form Validation Bypass in Inventory Item Save via `imported` ParameterEPSS 0.1%CVE-2025-59428MEDIUMEspoCRM allows arbitrary user creation via stored SVG injection and CSRFEPSS 0.1%CVE-2026-24542MEDIUMWordPress WP Term Order plugin <= 2.1.0 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2026-20704MEDIUMCross-site request forgery vulnerability exists in ELECOM wireless LAN products. If a user accesses a malicious page while logged-in to the EPSS 0.1%CVE-2026-24549MEDIUMWordPress GeoDirectory plugin <= 2.8.149 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%