Fallos del tipo CWE-352

5728 resultados
CVE-2023-37992MEDIUMWordPress Smarty for WordPress Plugin <= 3.1.35 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.2%CVE-2021-47754MEDIUMArunna 1.0.0 - 'Multiple' Cross-Site Request Forgery (CSRF)EPSS 0.2%CVE-2025-63955HIGHA Cross-Site Request Forgery (CSRF) vulnerability in the manage-students.php component of PHPGurukul Student Record System v3.2 allows an atEPSS 0.2%CVE-2024-1592MEDIUMComplianz – GDPR/CCPA Cookie Consent <= 6.5.6 - Cross-Site Request Forgery to Data Request DeletionEPSS 0.2%CVE-2023-46092HIGHWordPress Webmaster Tools Plugin <= 2.0 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.2%CVE-2024-53793HIGHWordPress eDoc Easy Tables plugin <= 1.29 - CSRF to SQL Injection vulnerabilityEPSS 0.2%CVE-2025-7052HIGHLatePoint <= 5.1.94 - Cross-Site Request Forgery to Account Takeover via change_password() FunctionEPSS 0.2%CVE-2024-32699MEDIUMWordPress YITH WooCommerce Compare plugin <= 2.37.0 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-46721MEDIUMnosurf vulnerable to CSRF due to non-functional same-origin request checksEPSS 0.2%CVE-2023-22942MEDIUMCross-Site Request Forgery in the ‘ssg/kvstore_client’ REST Endpoint in Splunk EnterpriseEPSS 0.2%CVE-2025-1764HIGHLoginPress <= 3.3.1 - Cross-Site Request Forgery to Arbitrary Options UpdateEPSS 0.2%CVE-2020-37054MEDIUMNavigate CMS 2.8.7 - Cross-Site Request ForgeryEPSS 0.2%CVE-2024-33678MEDIUMWordPress ClickCease Click Fraud Protection plugin <= 3.2.7 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2026-11265HIGHInappropriate implementation in Autofill in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a cEPSS 0.2%CVE-2026-23622HIGHCSRF Protection Bypass: Sensitive endpoints accept GET requests, enabling admin account takeoverEPSS 0.2%CVE-2023-3589MEDIUMCross-Site Request Forgery (CSRF) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022xEPSS 0.2%CVE-2026-6075HIGHMedia Library Assistant <= 3.35 - Cross-Site Request Forgery via Bulk Action FormEPSS 0.2%CVE-2024-33689MEDIUMWordPress Radio Station plugin <= 2.5.7 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-35560MEDIUMidccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ca_deal.php?mudi=del&dataType=&dataTypeCEPSS 0.2%CVE-2024-37102MEDIUMWordPress Vilva theme <= 1.2.2 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%