Falhas do tipo CWE-352
5.740 resultadosCVE-2025-49425HIGHWordPress Konami Easter Egg plugin <= v0.4 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2026-57757HIGHWordPress pCloud WP Backup plugin <= 2.0.2 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2016-20067MEDIUMWordPress CP Polls 1.0.8 Cross-Site Request ForgeryEPSS 0.1%CVE-2025-60132HIGHWordPress Video Blogster Lite Plugin <= 1.2 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2025-58975MEDIUMWordPress Advanced Settings Plugin <= 3.1.1 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2025-53316HIGHWordPress WP GDPR Cookie Consent plugin <= 1.0.0 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2025-53332HIGHWordPress Track Everything plugin <= 2.0.1 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2025-48144HIGHWordPress Import Export For WooCommerce plugin <= 1.6.2 - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2025-47655HIGHWordPress theMarketer plugin <= 1.4.7 - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2025-48085HIGHWordPress Simple Stripe plugin <= 0.9.17 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerabilityEPSS 0.1%CVE-2025-9899MEDIUMTrust Reviews plugin for Google, Tripadvisor, Yelp, Airbnb and other platforms <= 1.0 - Cross-Site Request ForgeryEPSS 0.1%CVE-2025-48308HIGHWordPress Newsletter subscription optin module plugin <= 1.2.9 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerabilityEPSS 0.1%CVE-2026-40928MEDIUMAVideo: Missing CSRF Protection on State-Changing JSON Endpoints Enables Forced Comment Creation, Vote Manipulation, and Category Asset DeletionEPSS 0.1%CVE-2025-48309HIGHWordPress BetPress plugin <= 1.0.1 Lite - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2026-35266HIGHVulnerability in Oracle REST Data Services (component: Core). Supported versions that are affected are 24.2.0-26.1.0. Difficult to exploit EPSS 0.1%CVE-2026-48147MEDIUMBudibase: Unanchored Regex in `matchers.ts` Allows CSRF Bypass via Query String Injection in Budibase WorkerEPSS 0.1%CVE-2025-48304HIGHWordPress Google XML News Sitemap plugin plugin <= 0.02 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerabilityEPSS 0.1%CVE-2025-13519MEDIUMSVG Map Plugin <= 1.0.0 - Cross-Site Request Forgery to Settings Update and Stored Cross-Site ScriptingEPSS 0.1%CVE-2025-48311HIGHWordPress Invisible Optin plugin <= 1.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerabilityEPSS 0.1%CVE-2026-8435LOWConcrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file approveVersion()EPSS 0.1%