CWE-352 (跨站请求伪造(CSRF)) — Vulnerability Class 4751

4751 vulnerabilities classified as CWE-352 (跨站请求伪造(CSRF)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-24549	WordPress GeoDirectory plugin <= 2.8.149 - Cross Site Request Forgery (CSRF) vulnerability — GeoDirectory	8.8	-	2026-01-23
CVE-2026-24542	WordPress WP Term Order plugin <= 2.1.0 - Cross Site Request Forgery (CSRF) vulnerability — WP Term Order	8.8	-	2026-01-23
CVE-2026-24521	WordPress Kama Thumbnail plugin <= 3.5.1 - Cross Site Request Forgery (CSRF) vulnerability — Kama Thumbnail	8.1	-	2026-01-23
CVE-2026-22359	WordPress Wordpress Movies Bulk Importer plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability — Wordpress Movies Bulk Importer	8.8^AI	High^AI	2026-01-22
CVE-2026-24384	WordPress Merge + Minify + Refresh plugin <= 2.14 - Cross Site Request Forgery (CSRF) vulnerability — Merge + Minify + Refresh	5.4	Medium	2026-01-22
CVE-2026-24374	WordPress RegistrationMagic plugin <= 6.0.6.9 - Cross Site Request Forgery (CSRF) vulnerability — RegistrationMagic	5.4	Medium	2026-01-22
CVE-2026-24365	WordPress Stock Manager for WooCommerce plugin < 3.6.0 - Cross Site Request Forgery (CSRF) vulnerability — Stock Manager for WooCommerce	5.4	Medium	2026-01-22
CVE-2026-22483	WordPress teachPress plugin <= 9.0.12 - Cross Site Request Forgery (CSRF) vulnerability — teachPress	8.8^AI	High^AI	2026-01-22
CVE-2026-22462	WordPress Add Polylang support for Customizer plugin <= 1.4.5 - Cross Site Request Forgery (CSRF) vulnerability — Add Polylang support for Customizer	8.8^AI	High^AI	2026-01-22
CVE-2026-22382	WordPress PawFriends - Pet Shop and Veterinary WordPress Theme theme <= 1.3 - Cross Site Request Forgery (CSRF) vulnerability — PawFriends - Pet Shop and Veterinary WordPress Theme	8.8^AI	High^AI	2026-01-22
CVE-2026-22360	WordPress SearchAzon plugin <= 1.4 - Cross Site Request Forgery (CSRF) vulnerability — SearchAzon	8.8^AI	High^AI	2026-01-22
CVE-2026-22355	WordPress Simple XML Sitemap plugin <= 1.3 - CSRF to Stored XSS vulnerability — Simple XML Sitemap	6.1^AI	Medium^AI	2026-01-22
CVE-2025-67626	WordPress WP SEO Search plugin <= 1.1 - Cross Site Request Forgery (CSRF) vulnerability — WP SEO Search	8.8^AI	High^AI	2026-01-22
CVE-2025-31413	WordPress Element Pack Elementor Addons plugin <= 8.3.13 - Cross Site Request Forgery (CSRF) vulnerability — Element Pack Elementor Addons	4.3	Medium	2026-01-22
CVE-2021-47860	GetSimple CMS Custom JS 0.1 - CSRF to XSS to RCE — Custom JS Plugin	5.3	Medium	2026-01-21
CVE-2021-47830	GetSimple CMS My SMTP Contact Plugin 1.1.1 - CSRF — My SMTP Contact Plugin	8.1^AI	High^AI	2026-01-21
CVE-2025-36411	Multiple vulnerabilities found in IBM ApplinX. — ApplinX	3.5	Low	2026-01-20
CVE-2026-1051	Newsletter – Send awesome emails from WordPress <= 9.1.0 - Cross-Site Request Forgery to Newsletter Unsubscription — Newsletter – Send awesome emails from WordPress	4.3	Medium	2026-01-20
CVE-2026-1169	birkir prime cross-site request forgery — prime	4.3	Medium	2026-01-19
CVE-2026-1153	technical-laohu mpay cross-site request forgery — mpay	4.3	Medium	2026-01-19
CVE-2026-1148	SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System cross-site request forgery — Patients Waiting Area Queue Management System	4.3	Medium	2026-01-19
CVE-2026-1142	PHPGurukul News Portal cross-site request forgery — News Portal	4.3	Medium	2026-01-19
CVE-2021-47820	Ubee EVW327 - 'Enable Remote Access' Cross-Site Request Forgery (CSRF) — Ubee EVW327	5.3	Medium	2026-01-16
CVE-2025-14853	LEAV Last Email Address Validator <= 1.7.1 - Cross-Site Request Forgery to Plugin Settings Update — LEAV Last Email Address Validator	4.3	Medium	2026-01-16
CVE-2021-47800	b2evolution 7.2.2 - 'edit account details' Cross-Site Request Forgery (CSRF) — b2evolution	5.3	Medium	2026-01-15
CVE-2026-23622	CSRF Protection Bypass: Sensitive endpoints accept GET requests, enabling admin account takeover — easyappointments	8.8^AI	High^AI	2026-01-15
CVE-2021-47754	Arunna 1.0.0 - 'Multiple' Cross-Site Request Forgery (CSRF) — Arunna	6.5	Medium	2026-01-15
CVE-2025-15376	Stopwords for comments <= 1.1 - Missing Authorization to Cross-Site Request Forgery — Stopwords for comments	4.3	Medium	2026-01-14
CVE-2025-14846	SocialChamp with WordPress <= 1.3.5 - Cross-Site Request Forgery to Plugin Settings Update — Auto Post to Social Media from Social Champ	4.3	Medium	2026-01-14
CVE-2025-15377	Sosh Share Buttons <= 1.1.0 - Cross-Site Request Forgery — Sosh Share Buttons	4.3	Medium	2026-01-14

Vulnerabilities classified as CWE-352 (跨站请求伪造(CSRF)) represent 4751 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-352 (跨站请求伪造(CSRF)) — Vulnerability Class 4751