Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-352 (跨站请求伪造(CSRF)) — Vulnerability Class 4751

4751 vulnerabilities classified as CWE-352 (跨站请求伪造(CSRF)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2022-1612 Webriti SMTP Mail <= 1.0 - Arbitrary Settings Update via CSRF — Webriti SMTP Mail 4.3 -2022-06-13
CVE-2022-1608 OnePress Social Locker <= 5.6.2 - Arbitrary Settings Update via CSRF — OnePress Social Locker 4.3 -2022-06-13
CVE-2022-1605 Email Users <= 4.8.8 - Arbitrary Settings Update via CSRF — Email Users 6.5 -2022-06-13
CVE-2022-1594 HC Custom WP-Admin URL <= 1.4 - Arbitrary Settings Update via CSRF — HC Custom WP-Admin URL 4.3 -2022-06-13
CVE-2017-20045 Navetti PricePoint cross-site request forgery — PricePoint 7.3 High2022-06-13
CVE-2017-20020 Solare Solar-Log cross-site request forgery — Solar-Log 5.3 Medium2022-06-09
CVE-2019-25064 CoreHR Core Portal cross-site request forgery — Core Portal 4.3 Medium2022-06-09
CVE-2022-1712 LiveSync for WordPress <= 1.0 - Arbitrary Settings Update via CSRF — LiveSync for WordPress 4.3 -2022-06-06
CVE-2022-1709 Throws SPAM Away < 3.3.1 - Comment Deletion via CSRF — Throws SPAM Away 6.5 -2022-06-06
CVE-2022-1695 WP Simple Adsense Insertion < 2.1 - Inject ads and javascript via CSRF — WP Simple Adsense Insertion 7.4 -2022-06-06
CVE-2022-1577 Database Backup for WordPress < 2.5.2 - Arbitrary Schedule Settings Update via CSRF — Database Backup for WordPress 5.4 -2022-06-06
CVE-2022-1424 Ask Me < 6.8.2 - Multiple CSRF in AJAX Actions — Ask me 6.5 -2022-06-06
CVE-2022-1422 Discy < 5.2 - Restore Default Settings via CSRF — Discy 6.5 -2022-06-06
CVE-2022-1421 Discy < 5.2 - Settings Update via CSRF — Discy 6.5 -2022-06-06
CVE-2020-36534 easyii CMS out cross-site request forgery — CMS 4.3 Medium2022-06-03
CVE-2022-31000 CSRF allows attacker to finalize/unfinalize order adjustments in solidus_backend — solidus 2.3 Low2022-06-01
CVE-2021-36890 WordPress Social Share Buttons by Supsystic plugin <= 2.2.2 - Cross-Site Request Forgery (CSRF) vulnerability — Social Share Buttons by Supsystic (WordPress plugin) 4.3 Medium2022-05-31
CVE-2022-1611 Bulk Page Creator < 1.1.4 - Arbitrary Page Creation via CSRF — Bulk Page Creator 8.8 -2022-05-30
CVE-2022-0642 JivoChat < 1.3.5.4 - Stored Cross-Site Scripting via CSRF — JivoChat Live Chat – WP live chat plugin for WordPress 5.4 -2022-05-30
CVE-2021-34360 CSRF Bypass in Proxy Server — Proxy Server 5.3 Medium2022-05-26
CVE-2022-29431 Remove CPT base <= 5.8 - CSRF leads to CPT base deletion — Remove CPT base (WordPress plugin) 5.4 Medium2022-05-20
CVE-2022-29430 WordPress PNG to JPG plugin <= 4.0 - Cross-Site Request Forgery (CSRF) leading to Persistent Cross-Site Scripting (XSS) vulnerability — PNG to JPG (WordPress plugin) 4.7 Medium2022-05-20
CVE-2022-29427 WordPress Disable Right Click For WP plugin <= 1.1.6 - Cross-Site Request Forgery (CSRF) vulnerability — Disable Right Click For WP (WordPress plugin) 4.3 Medium2022-05-20
CVE-2022-29435 WordPress Code Snippets Extended plugin <= 1.4.7 - Cross-Site Request Forgery (CSRF) vulnerability — Code Snippets Extended (WordPress plugin) 5.4 Medium2022-05-17
CVE-2022-29436 WordPress Code Snippets Extended plugin <= 1.4.7 - Cross-Site Request Forgery (CSRF) vulnerability leading to Persistent Cross-Site Scripting (XSS) — Code Snippets Extended (WordPress plugin) 4.7 Medium2022-05-17
CVE-2022-29429 WordPress Code Snippets Extended plugin <= 1.4.7 - Cross-Site Request Forgery (CSRF) leading to Remote Code Execution (RCE) vulnerability — Code Snippets Extended (WordPress plugin) 8.8 High2022-05-17
CVE-2022-1407 VikBooking Hotel Booking Engine & PMS < 1.5.7 - Stored Cross-Site Scripting via CSRF — VikBooking Hotel Booking Engine & PMS 6.5 -2022-05-16
CVE-2021-27759 HCL Technologies BigFix Platform 数据伪造问题漏洞 — HCL BigFix Inventory 2.3 Low2022-05-06
CVE-2021-27758 HCL BigFix Platform 跨站请求伪造漏洞 — HCL BigFix Inventory 4.3 Medium2022-05-06
CVE-2022-1389 F5 BIG-IP 跨站请求伪造漏洞 — BIG-IP 3.1 Low2022-05-05

Vulnerabilities classified as CWE-352 (跨站请求伪造(CSRF)) represent 4751 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.