Fallos del tipo CWE-352

5740 resultados
CVE-2025-53568MEDIUMWordPress Radio Station plugin <= 2.5.12 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2025-52711MEDIUMWordPress Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin <= 1.27.8 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2025-49069MEDIUMWordPress Contact Forms by Cimatti plugin <= 1.9.8 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-53569MEDIUMWordPress Trust Payments Gateway for WooCommerce (JavaScript Library) plugin <= 1.3.6 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2026-7561MEDIUMTm – WordPress Redirection <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site ScriptingEPSS 0.1%CVE-2026-48612HIGHImproper state verification in the OAuth implementation could allow an attacker to manipulate the authentication flow and cause a victim’s aEPSS 0.1%CVE-2025-62061MEDIUMWordPress Product Catalog Simple plugin <= 1.8.4 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2026-2723MEDIUMPost Snippits <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via Settings UpdateEPSS 0.1%CVE-2025-64499MEDIUMTuleap is missing CSRF protections for its planning management APIEPSS 0.1%CVE-2026-22355HIGHWordPress Simple XML Sitemap plugin <= 1.3 - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2025-53274HIGHWordPress WP Permalink Translator plugin <= 1.7.6 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2026-41194MEDIUMFreeScout's Mailbox OAuth disconnect uses a state-changing GET and is CSRFableEPSS 0.1%CVE-2025-53271HIGHWordPress Additional Order Filters for WooCommerce plugin <= 1.22 - Cross Site Request Forgery (CSRF) to Stored XSS VulnerabilityEPSS 0.1%CVE-2025-46495MEDIUMWordPress Drop Caps plugin <= 2.1 - CSRF to XSS vulnerabilityEPSS 0.1%CVE-2026-44548HIGHChurchCRM: CSRF via legacy GET-delete pages (FundRaiserDelete.php, PropertyTypeDelete.php, NoteDelete.php)EPSS 0.1%CVE-2026-6702MEDIUMPublish 2 Ping.fm <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'wpPingPingKey' ParameterEPSS 0.1%CVE-2026-8910MEDIUMWP Emoticon Rating <= 1.0.1 - Cross-Site Request Forgery to Reflected Cross-Site Scripting via 'emo_settings' ParameterEPSS 0.1%CVE-2025-27003MEDIUMWordPress Quick Paypal Payments Plugin <= 5.7.46 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-8119MEDIUMCross-Site Request Forgery in PAD CMSEPSS 0.1%CVE-2025-57885MEDIUMWordPress Fluent Support Plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%