Falhas do tipo CWE-352

5.733 resultados
CVE-2026-24408NONEsigstore has CSRF possibility in OIDC authentication during signingEPSS 0.2%CVE-2025-28910MEDIUMWordPress WP Hide Admin Bar plugin <= 2.0 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-23617HIGHWordPress Floatbox Plus plugin <= 1.4.4 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2026-6452MEDIUMBigfishgames Syndicate <= 1.2 - Cross-Site Request Forgery to Settings Reset and UpdateEPSS 0.2%CVE-2025-32667HIGHWordPress Doppler Forms plugin <= 2.5.1 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2025-28881MEDIUMWordPress Mobile Themes plugin <= 1.1.1 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2026-57283MEDIUMA cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier allows attackers to instEPSS 0.2%CVE-2025-27318MEDIUMWordPress Simple Google Sitemap Plugin <= 1.6 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2026-8424MEDIUMRemove Yellow BGBOX <= 1.0 - Cross-Site Request ForgeryEPSS 0.2%CVE-2024-48341LOWdingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/doAdminAction.php?act=addShopEPSS 0.2%CVE-2025-28912MEDIUMWordPress Custom Dashboard Page plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-27290MEDIUMWordPress Select Erima Zarinpal Donate Plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-28941MEDIUMWordPress SPAM-BYBYE Plugin <= 2.2.4 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-28927MEDIUMWordPress Display Template Name plugin <= 1.7.1 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2026-1076MEDIUMStar Review Manager <= 1.2.2 - Cross-Site Request Forgery to Settings UpdateEPSS 0.2%CVE-2026-1070MEDIUMAlex User Counter <= 6.0 - Cross-Site Request Forgery to Settings UpdateEPSS 0.2%CVE-2026-5918MEDIUMInappropriate implementation in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the rendereEPSS 0.2%CVE-2024-12541MEDIUMChative Live chat and Chatbot <= 1.1 - Cross-Site Request Forgery via add_chative_widget_action FunctionEPSS 0.2%CVE-2026-29784HIGHGhost: Incomplete CSRF protections around OTC useEPSS 0.2%CVE-2026-11784MEDIUMOptimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization <= 4.2.6 - Cross-Site Request Forgery via 'optml_replace_file' AJAX ActionEPSS 0.2%