Fallos del tipo CWE-352

5733 resultados
CVE-2026-8194MEDIUMosTicket Dispatcher class.dispatcher.php cross-site request forgeryEPSS 0.2%CVE-2018-25397MEDIUMPHP-SHOP 1.0 Cross-Site Request Forgery via users.phpEPSS 0.2%CVE-2025-23639HIGHWordPress MDC YouTube Downloader plugin <= 3.0.0 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2020-37007MEDIUMLiman 0.7 - Cross-Site Request Forgery (Change Password)EPSS 0.2%CVE-2025-55043MEDIUMMuraCMS through 10.1.10 contains a CSRF vulnerability in the bundle creation functionality (csettings.cfc createBundle method) that allows uEPSS 0.2%CVE-2026-27841HIGHSenseLive X3050 Cross-Site request forgeryEPSS 0.2%CVE-2026-1447MEDIUMMail Mint <= 1.19.2 - Cross-Site Request Forgery to Stored Cross-Site ScriptingEPSS 0.2%CVE-2026-13537MEDIUMCodeAstro Human Resource Management System cross-site request forgeryEPSS 0.2%CVE-2025-25772MEDIUMA Cross-Site Request Forgery (CSRF) in the component /back/UserController.java of Jspxcms v9.0 to v9.5 allows attackers to arbitrarily add AEPSS 0.2%CVE-2024-48278MEDIUMPhpgurukul User Registration & Login and User Management System 3.2 is vulnerable to Cross Site Request Forgery (CSRF) via /edit-profile.phpEPSS 0.2%CVE-2026-4401MEDIUMDownload Monitor <= 5.1.10 - Cross-Site Request Forgery to Download Path Deletion and DisablingEPSS 0.2%CVE-2023-50900MEDIUMWordPress Master Slider plugin <= 3.9.10 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-46439HIGHWordPress Plugin Central plugin <= 2.5.1 - CSRF to Arbitrary File Deletion vulnerabilityEPSS 0.2%CVE-2026-6777MEDIUMOther issue in the Networking: DNS componentEPSS 0.2%CVE-2025-53277HIGHWordPress IS-theme-companion plugin <= 1.59 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2026-11214MEDIUMInappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to leak cross-originEPSS 0.2%CVE-2025-1435MEDIUMbbPress <= 2.6.11 - Cross-Site Request Forgery to Limited Privilege EscalationEPSS 0.2%CVE-2024-51630HIGHWordPress Responsive Flickr Gallery plugin <= 1.3.1 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2024-9661MEDIUMWP All Import Pro <= 4.9.7 - Cross-Site Request Forgery to Imported Content DeletionEPSS 0.2%CVE-2025-13871LOWThe feature to manage resources is prone to Cross-Site Request Forgery attacksEPSS 0.2%