Fallos del tipo CWE-352

5733 resultados
CVE-2025-39548HIGHWordPress Right Click Disable OR Ban plugin <= 1.1.17 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2023-50932HIGHAn issue was discovered in savignano S/Notify before 4.0.2 for Confluence. While an administrative user is logged on, the configuration settEPSS 0.2%CVE-2023-50931HIGHAn issue was discovered in savignano S/Notify before 2.0.1 for Bitbucket. While an administrative user is logged on, the configuration settiEPSS 0.2%CVE-2025-70062MEDIUMPHPGurukul Hospital Management System v4.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the 'Add Doctor' module. The applicEPSS 0.2%CVE-2024-40038MEDIUMidccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userScore_deal.php?mudi=revEPSS 0.2%CVE-2024-41811LOWipl/web susceptible to Cross-Site Request Forgery (CSRF)EPSS 0.2%CVE-2025-0801MEDIUMRateMyAgent Official <= 1.4.0 - Cross-Site Request Forgery to API Key UpdateEPSS 0.2%CVE-2025-22300MEDIUMWordPress PixelYourSite plugin <= 10.0.1.2 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-22301MEDIUMWordPress MyBookTable Bookstore by Stormhill Media plugin <= 3.5.3 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-43316MEDIUMWordPress Stripe Payments For WooCommerce plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-35632MEDIUMWordPress Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.1.5 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2026-12740HIGHPlack::Middleware::OAuth versions through 0.10 for Perl do not support the OAuth 2.0 state parameterEPSS 0.2%CVE-2024-43340MEDIUMWordPress AFI – The Easiest Integration Plugin plugin <= 1.89.4 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-43295MEDIUMWordPress WP Data Access plugin <= 5.5.7 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2026-48518MEDIUMMultiJuicer: Login CSRF allows attacker to force victims into their teamEPSS 0.2%CVE-2024-43356MEDIUMWordPress oik plugin <= 4.12.0 - Arbitrary File Deletion vulnerabilityEPSS 0.2%CVE-2024-35638MEDIUMWordPress ActiveDEMAND plugin <= 0.2.43 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-43947MEDIUMWordPress WP Armour Extended plugin <= 1.26 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2023-47845MEDIUMWordPress Grab & Save plugin <= 1.0.4 - Cross-Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-53897MEDIUMKiteworks MFT has a Cross-Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%