Falhas do tipo CWE-352
5.733 resultadosCVE-2025-28857HIGHWordPress Rankchecker.io Integration plugin <= 1.0.9 - CSRF to Stored Cross Site Scripting (XSS) vulnerabilityEPSS 0.1%CVE-2025-49895MEDIUMWordPress ServerBuddy by PluginBuddy.com plugin <= 1.0.5 - CSRF to PHP Object Injection vulnerabilityEPSS 0.1%CVE-2024-53754HIGHWordPress Out Of Stock Badge plugin <= 2.0 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2026-39640CRITICALWordPress Theme Editor plugin <= 3.2 - Cross Site Request Forgery (CSRF) to Remote Code Execution vulnerabilityEPSS 0.1%CVE-2025-68052HIGHWordPress Eagle Booking plugin <= 1.3.4.3 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2026-40883MEDIUMgoshs: CSRF in state-changing GET routes enables authenticated file deletion and directory creationEPSS 0.1%CVE-2018-25327MEDIUMJoomla! Component Js Jobs 1.2.0 Cross-Site Request ForgeryEPSS 0.1%CVE-2025-46743MEDIUMCross-Site Request ForgeryEPSS 0.1%CVE-2025-14873MEDIUMLatePoint – Calendar Booking Plugin for Appointments and Events <= 5.2.5 - Cross-Site Request ForgeryEPSS 0.1%CVE-2025-28897HIGHWordPress Domain Theme plugin <= 1.3 - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2025-55744MEDIUMUnoPim vulnerable to CSRF on Product edit feature and creation of other typesEPSS 0.1%CVE-2026-39617CRITICALWordPress Bluestreet theme <= 1.7.3 - Cross Site Request Forgery (CSRF) to Arbitrary Plugin Installation vulnerabilityEPSS 0.1%CVE-2026-30868MEDIUMCross-Site Request Forgery (CSRF) in opnsense/coreEPSS 0.1%CVE-2026-27741MEDIUMBludit <= 3.16.1 CSRF in Plugin and Theme Management EndpointsEPSS 0.1%CVE-2026-39619CRITICALWordPress Busiprof theme <= 2.5.2 - Cross Site Request Forgery (CSRF) to Arbitrary File Upload vulnerabilityEPSS 0.1%CVE-2025-28861HIGHWordPress WP jQuery Persian Datepicker plugin <= 0.1.0 - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2026-39620CRITICALWordPress Appointment theme <= 3.5.5 - Cross Site Request Forgery (CSRF) to Arbitrary File Upload vulnerabilityEPSS 0.1%CVE-2026-8409LOWConcrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/logs/deleteEPSS 0.1%CVE-2025-12590MEDIUMYSlider <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site ScriptingEPSS 0.1%CVE-2025-12415MEDIUMMapMap <= 1.1 - Cross-Site Request Forgery to Settings Update and Stored Cross-Site ScriptingEPSS 0.1%