CWE-352 (跨站请求伪造(CSRF)) — Vulnerability Class 4754

4754 vulnerabilities classified as CWE-352 (跨站请求伪造(CSRF)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2023-48334	WordPress League Table Plugin <= 1.13 is vulnerable to Cross Site Request Forgery (CSRF) — League Table	5.4	Medium	2023-11-30
CVE-2023-6137	WordPress Frontier Post Plugin <= 6.1 is vulnerable to Cross Site Request Forgery (CSRF) — Frontier Post	5.4	Medium	2023-11-30
CVE-2023-48744	WordPress Availability Calendar Plugin <= 1.2.6 is vulnerable to Cross Site Request Forgery (CSRF) — Availability Calendar	5.4	Medium	2023-11-30
CVE-2023-49076	Pimcore missing token/header to prevent CSRF — customer-data-framework	4.3	Medium	2023-11-30
CVE-2023-5772	Debug Log Manager <= 2.2.0 - Cross-Site Request Forgery — Debug Log Manager – Conveniently Monitor and Inspect Errors	4.3	Medium	2023-11-30
CVE-2023-6251	CSRF in delete_user_message — Checkmk	3.5	Low	2023-11-24
CVE-2023-41792	Lack of Authorization and Stored XSS Via SNMP Trap Editor Page — Pandora FMS	5.9	Medium	2023-11-23
CVE-2023-47790	WordPress Pz-LinkCard Plugin <= 2.4.8 is vulnerable to Cross Site Request Forgery (CSRF) — Pz-LinkCard	7.1	High	2023-11-22
CVE-2023-47825	WordPress WP EXtra Plugin <= 6.4 is vulnerable to Cross Site Request Forgery (CSRF) — WP EXtra	4.3	Medium	2023-11-22
CVE-2023-47824	WordPress Legal Pages Plugin <= 1.3.8 is vulnerable to Cross Site Request Forgery (CSRF) — Legal Pages – Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice Generator	5.4	Medium	2023-11-22
CVE-2023-47819	WordPress Easy Call Now by ThikShare Plugin <= 1.1.0 is vulnerable to Cross Site Request Forgery (CSRF) — Easy Call Now by ThikShare	4.3	Medium	2023-11-22
CVE-2023-39925	WordPress Community by PeepSo Plugin <= 6.1.6.0 is vulnerable to Cross Site Request Forgery (CSRF) — Download Community by PeepSo	5.4	Medium	2023-11-22
CVE-2023-47792	WordPress Big File Uploads Plugin <= 2.1.1 is vulnerable to Cross Site Request Forgery (CSRF) — Big File Uploads – Increase Maximum File Upload Size	4.3	Medium	2023-11-22
CVE-2023-47791	WordPress Leadster Plugin <= 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF) — Leadster	4.3	Medium	2023-11-22
CVE-2023-47785	WordPress LayerSlider Plugin <= 7.7.9 is vulnerable to Cross Site Request Forgery (CSRF) — LayerSlider	7.1	High	2023-11-22
CVE-2023-47781	WordPress Thrive Theme Builder Theme < 3.24.2 is vulnerable to Cross Site Request Forgery (CSRF) — Thrive Theme Builder	8.8	High	2023-11-22
CVE-2023-47775	WordPress wpDiscuz Plugin <= 7.6.11 is vulnerable to Cross Site Request Forgery (CSRF) — Comments — wpDiscuz	4.3	Medium	2023-11-22
CVE-2023-47765	WordPress CodeBard's Patron Button and Widgets for Patreon Plugin <= 2.1.9 is vulnerable to Cross Site Request Forgery (CSRF) — CodeBard's Patron Button and Widgets for Patreon	4.3	Medium	2023-11-22
CVE-2023-47758	WordPress Multi Step Form Plugin <= 1.7.11 is vulnerable to Cross Site Request Forgery (CSRF) — Multi Step Form	5.4	Medium	2023-11-22
CVE-2023-25986	WordPress PayGreen Plugin <= 4.10.2 is vulnerable to Cross Site Request Forgery (CSRF) — PayGreen – Ancienne version	4.3	Medium	2023-11-22
CVE-2023-25987	WordPress YouTube Channel Plugin <= 3.23.3 is vulnerable to Cross Site Request Forgery (CSRF) — My YouTube Channel	4.3	Medium	2023-11-22
CVE-2023-2497	UserPro <= 5.1.0 - Cross-Site Request Forgery to PHP Object Injection — UserPro - Community and User Profile WordPress Plugin	8.8	High	2023-11-22
CVE-2023-6008	UserPro <= 5.1.1 - Cross-Site Request Forgery via multiple functions — UserPro - Community and User Profile WordPress Plugin	6.3	Medium	2023-11-22
CVE-2023-5383	Funnelforms Free <= 3.4 - Cross-Site Request Forgery to Arbitrary Post Duplication — Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free	4.3	Medium	2023-11-22
CVE-2023-2438	UserPro <= 5.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via userpro_save_userdata — UserPro - Community and User Profile WordPress Plugin	6.1	Medium	2023-11-22
CVE-2023-2440	UserPro <= 5.1.1 - Cross-Site Request Forgery to Privilege Escalation — UserPro - Community and User Profile WordPress Plugin	8.8	High	2023-11-22
CVE-2023-5382	Funnelforms Free <= 3.4 - Cross-Site Request Forgery to Arbitrary Post Deletion — Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free	6.5	Medium	2023-11-22
CVE-2023-5537	Delete Usermetas <= 1.1.2 - Cross-Site Request Forgery — Delete Usermetas	4.3	Medium	2023-11-22
CVE-2023-26542	WordPress phpinfo() WP Plugin <= 4.0 is vulnerable to Cross Site Request Forgery (CSRF) — phpinfo() WP	5.4	Medium	2023-11-22
CVE-2023-26535	WordPress Sheets To WP Table Live Sync Plugin <= 2.12.15 is vulnerable to Cross Site Request Forgery (CSRF) — Sheets To WP Table Live Sync	5.4	Medium	2023-11-22

Vulnerabilities classified as CWE-352 (跨站请求伪造(CSRF)) represent 4754 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-352 (跨站请求伪造(CSRF)) — Vulnerability Class 4754