Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-352 (跨站请求伪造(CSRF)) — Vulnerability Class 4751

4751 vulnerabilities classified as CWE-352 (跨站请求伪造(CSRF)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-14615 DASHBOARD BUILDER <= 1.5.7 - Cross-Site Request Forgery to SQL Injection — DASHBOARD BUILDER – WordPress plugin for Charts and Graphs 7.1 High2026-01-14
CVE-2025-14389 WPBlogSyn <= 1.0 - Cross-Site Request Forgery to Arbitrary Remote Sync Configuration Update — WPBlogSyn 4.3 Medium2026-01-14
CVE-2026-0493 Cross-Site Request Forgery (CSRF) vulnerability in SAP Fiori App (Intercompany Balance Reconciliation) — SAP Fiori App (Intercompany Balance Reconciliation) 4.3 Medium2026-01-13
CVE-2026-22800 PILOS affected by a CSRF via GET request allows unintentional termination of all active video conferences — PILOS 2.4 Low2026-01-12
CVE-2025-14976 User Registration & Membership <= 4.4.8 - Cross-Site Request Forgery to Arbitrary Post Deletion — User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder 5.4 Medium2026-01-10
CVE-2026-22194 GestSup <= 3.2.56 CSRF Allows Privileged Actions — GestSup 8.8 -2026-01-09
CVE-2025-13749 Clearfy <= 2.4.0 - Cross-Site Request Forgery to Update Notification Tampering — Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer 4.3 Medium2026-01-09
CVE-2025-68158 Authlib: 1-click Account Takeover — authlib 5.7 Medium2026-01-08
CVE-2019-25259 Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 Cross-Site Request Forgery — Leica Geosystems GR10/GR25/GR30/GR50 GNSS 5.3 Medium2026-01-07
CVE-2025-14077 Simcast <= 1.0.0 - Cross-Site Request Forgery to Settings Update — Simcast 4.3 Medium2026-01-07
CVE-2025-13990 Mamurjor Employee Info <= 1.0.0 - Cross-Site Request Forgery to Arbitrary Employee and Related Data Manipulation — Mamurjor Employee Info 4.3 Medium2026-01-07
CVE-2025-14465 Sticky Action Buttons <= 1.1 - Cross-Site Request Forgery to Plugin Settings Update — Sticky Action Buttons 4.3 Medium2026-01-07
CVE-2025-13521 WP Status Notifier <= 1.0 - Cross-Site Request Forgery to Settings Update — WP Status Notifier 4.3 Medium2026-01-07
CVE-2025-13520 MTCaptcha WordPress Plugin <= 2.7.2 - Cross-Site Request Forgery to Settings Update — MTCaptcha WordPress Plugin 4.3 Medium2026-01-07
CVE-2025-13527 xShare <= 1.0.1 - Cross-Site Request Forgery to 'rs_plugin_reset' Parameter — xShare 4.3 Medium2026-01-07
CVE-2025-14999 Latest Tabs <= 1.5 - Cross-Site Request Forgery to Plugin's Settings Update — Latest Tabs 4.3 Medium2026-01-07
CVE-2025-13519 SVG Map Plugin <= 1.0.0 - Cross-Site Request Forgery to Settings Update and Stored Cross-Site Scripting — SVG Map by Smjrifle 6.1 Medium2026-01-07
CVE-2025-14845 NS IE Compatibility Fixer <= 2.1.5 - Cross-Site Request Forgery to Plugin Settings Update — NS Ie Compatibility Fixer 4.3 Medium2026-01-07
CVE-2025-13657 HelpDesk contact form plugin <= 1.1.5 - Cross-Site Request Forgery to Settings Update via handle_query_args — HelpDesk Contact Form 4.3 Medium2026-01-07
CVE-2025-14904 Newsletter Email Subscribe <= 2.4 - Cross-Site Request Forgery to Plugin Settings Update — Newsletter Email Subscribe 4.3 Medium2026-01-07
CVE-2025-14468 AMP for WP – Accelerated Mobile Pages <= 1.1.9 - Cross-Site Request Forgery to Comment Submission — AMP for WP – Accelerated Mobile Pages 4.3 Medium2026-01-07
CVE-2020-36918 iDS6 DSSPro Digital Signage System 6.2 Cross-Site Request Forgery via User Management — iDS6 DSSPro Digital Signage System 4.3 Medium2026-01-06
CVE-2020-36908 Secure Computing SnapGear Management Console SG560 3.1.5 Cross-Site Request Forgery via Admin Users — SnapGear Management Console SG560 5.3 Medium2026-01-06
CVE-2020-36906 P5 FNIP-8x16A FNIP-4xSH 1.0.20 Cross-Site Request Forgery via User Management — FNIP-8x16A 4.3 Medium2026-01-06
CVE-2025-53344 WordPress Thim Core Plugin <= 2.3.3 - Cross Site Request Forgery (CSRF) Vulnerability — Thim Core 4.3 Medium2026-01-05
CVE-2023-52212 WordPress WP Job Manager plugin <= 2.0.0 - Cross Site Request Forgery (CSRF) vulnerability — WP Job Manager 5.4 Medium2026-01-05
CVE-2026-21430 Emlog: CSRF chained with stored XSS leads to ATO — emlog 8.3 -2026-01-02
CVE-2025-15405 PHPEMS cross-site request forgery — PHPEMS 4.3 Medium2026-01-01
CVE-2025-31054 WordPress Bloggie theme <= 2.0.8 - Cross Site Scripting (XSS) Vulnerability — Bloggie 7.1 High2025-12-31
CVE-2025-62101 WordPress Pardakht Delkhah plugin <= 3.0.0 - Cross Site Request Forgery (CSRF) vulnerability — Pardakht Delkhah 4.3 Medium2025-12-31

Vulnerabilities classified as CWE-352 (跨站请求伪造(CSRF)) represent 4751 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.