CWE-352 (跨站请求伪造(CSRF)) — Vulnerability Class 4751

4751 vulnerabilities classified as CWE-352 (跨站请求伪造(CSRF)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2022-25778	Unload handlers may unintentionally defeat CSRF guards — GateManager	4.2	Medium	2022-05-04
CVE-2022-0191	Ad Invalid Click Protector (AICP) < 1.2.7 - Arbitrary Ban Deletion via CSRF — Ad Invalid Click Protector (AICP)	4.3	-	2022-05-02
CVE-2022-29451	WordPress Rara One Click Demo Import plugin <= 1.2.9 - Cross-Site Request Forgery (CSRF) leads to Arbitrary File Upload vulnerability — Rara One Click Demo Import (WordPress plugin)	8.8	High	2022-04-29
CVE-2022-29414	WordPress Subscribe To Comments Reloaded plugin <= 211130 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities — Subscribe To Comments Reloaded (WordPress plugin)	5.4	Medium	2022-04-29
CVE-2022-29412	WordPress Hermit 音乐播放器 plugin <= 3.1.6 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities — Hermit 音乐播放器 (WordPress plugin)	5.4	Medium	2022-04-28
CVE-2022-29413	WordPress Hermit 音乐播放器 plugin <= 3.1.6 - Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) vulnerability — Hermit 音乐播放器 (WordPress plugin)	4.7	Medium	2022-04-28
CVE-2022-27860	WordPress Footer Text plugin <= 2.0.3 - Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) vulnerability — Footer Text (WordPress plugin)	6.1	Medium	2022-04-28
CVE-2022-24879	Malfunction of Cross-Site Request Forgery token validation — shopware	7.5	High	2022-04-28
CVE-2021-24805	DW Question & Answer Pro <= 1.3.4 - Multiple CSRF — DW Question Answer Pro	6.5	-	2022-04-25
CVE-2021-32929	Uffizio GPS Tracker Cross-site Request Forgery — GPS Tracker	4.3	Medium	2022-04-22
CVE-2022-20787	Cisco Unified Communications Products Cross-Site Request Forgery Vulnerability — Cisco Unified Communications Manager	5.7	Medium	2022-04-21
CVE-2021-4096	Fancy Product Designer <= 4.7.5 - Cross-Site Request Forgery to Arbitrary File Upload — Fancy Product Designer	8.8	High	2022-04-19
CVE-2022-0707	Easy Digital Downloads < 2.11.6 - Arbitrary Payment Note Insertion via CSRF — Easy Digital Downloads – Simple eCommerce for Selling Digital Files	4.3	-	2022-04-18
CVE-2022-23975	WordPress Access Demo Importer plugin <= 1.0.7 - Cross-Site Request Forgery (CSRF) vulnerability leading to Arbitrary Plugin Activation — Access Demo Importer (WordPress plugin)	6.5	Medium	2022-04-18
CVE-2022-23976	WordPress Access Demo Importer plugin <= 1.0.7 - Cross-Site Request Forgery (CSRF) vulnerability leading to Data Reset (Posts / Pages / Media) — Access Demo Importer (WordPress plugin)	8.1	High	2022-04-18
CVE-2022-27850	WordPress Simple Ajax Chat plugin <= 20220115 - Multiple Cross-Site Request Forgery (CSRF) vulnerability — Simple Ajax Chat (WordPress plugin)	5.4	Medium	2022-04-15
CVE-2022-27851	WordPress Use Any Font plugin <= 6.1.7 - Cross-Site Request Forgery (CSRF) vulnerability — Use Any Font \| Custom Font Uploader (WordPress plugin)	5.4	Medium	2022-04-15
CVE-2022-20735	Cisco SD-WAN vManage Software Cross-Site Request Forgery Vulnerability — Cisco SD-WAN vManage	6.5	Medium	2022-04-15
CVE-2022-27846	WordPress Yoo Slider plugin <= 2.0.0 - Cross-Site Request Forgery (CSRF) vulnerability leading to Slider Creation / Modification — Yoo Slider – Image Slider & Video Slider (WordPress plugin)	4.3	Medium	2022-04-13
CVE-2022-27847	WordPress Yoo Slider plugin <= 2.0.0 - Cross-Site Request Forgery (CSRF) vulnerability leading to Template Import — Yoo Slider – Image Slider & Video Slider (WordPress plugin)	4.3	Medium	2022-04-13
CVE-2021-36914	WordPress CalderaWP License Manager plugin <= 1.2.11 - Cross-Site Request Forgery (CSRF) vulnerability leading to Reflected Cross-Site Scripting (XSS) — CalderaWP License Manager (WordPress plugin)	6.1	Medium	2022-04-12
CVE-2022-0141	Visual Form Builder < 3.0.8 - Entries Deletion/Restoration via CSRF — Visual Form Builder	8.1	-	2022-04-12
CVE-2022-25754	多款 Siemens 产品跨站请求伪造漏洞 — SCALANCE X302-7 EEC (230V)	7.5	-	2022-04-12
CVE-2022-25614	WordPress eRoom plugin <= 1.3.7 - Cross-Site Request Forgery (CSRF) leading to Sync with Zoom Meetings vulnerability — eRoom – Zoom Meetings & Webinar (WordPress plugin)	4.3	Medium	2022-04-11
CVE-2022-25615	WordPress eRoom plugin <= 1.3.8 - Cross-Site Request Forgery (CSRF) vulnerability leading to Cache Deletion — eRoom – Zoom Meetings & Webinar (WordPress plugin)	4.3	Medium	2022-04-11
CVE-2022-0914	Export All URLs < 4.3 - Private/Draft Post/Page Title Disclosure via CSRF — Export All URLs	6.5	-	2022-04-11
CVE-2021-41245	Possible Cross-Site Request Forgery in Combodo iTop — iTop	6.5	Medium	2022-04-05
CVE-2022-0830	FormBuilder <= 1.08 - Stored Cross-Site Scripting via CSRF — FormBuilder	6.5	-	2022-04-04
CVE-2022-0088	Cross-Site Request Forgery (CSRF) in yourls/yourls — yourls/yourls	6.5	-	2022-04-03
CVE-2022-0770	Translate WordPress with GTranslate < 2.9.9 - CSRF to Account Takeover — Translate WordPress with GTranslate	8.1	-	2022-03-28

Vulnerabilities classified as CWE-352 (跨站请求伪造(CSRF)) represent 4751 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-352 (跨站请求伪造(CSRF)) — Vulnerability Class 4751