Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-352 (跨站请求伪造(CSRF)) — Vulnerability Class 4751

4751 vulnerabilities classified as CWE-352 (跨站请求伪造(CSRF)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2021-25053 WP Coder < 2.5.2 - RFI leading to RCE via CSRF — WP Coder – add custom html, css and js code 8.8 -2022-01-10
CVE-2021-25051 Modal Window < 5.2.2 - RFI leading to RCE via CSRF — Modal Window – create popup modal window 8.8 -2022-01-10
CVE-2021-25032 PublishPress Capabilities < 2.3.1 - Unauthenticated Arbitrary Options Update to Blog Compromise — PublishPress Capabilities – User Role Access, Editor Permissions, Admin Menus 9.8 -2022-01-10
CVE-2021-4168 Cross-Site Request Forgery (CSRF) in star7th/showdoc — star7th/showdoc 6.5 -2021-12-26
CVE-2021-4162 Cross-Site Request Forgery (CSRF) in archivy/archivy — archivy/archivy 4.3 -2021-12-25
CVE-2021-36886 WordPress Contact Form 7 Database Addon – CFDB7 plugin <= 1.2.5.9 - Cross-Site Request Forgery (CSRF) vulnerability — Contact Form 7 Database Addon – CFDB7 (WordPress plugin) 6.5 Medium2021-12-22
CVE-2021-43846 CSRF forgery protection bypass for Spree::OrdersController#populate — solidus 5.3 Medium2021-12-20
CVE-2021-36887 WordPress tarteaucitron.js – Cookies legislation & GDPR plugin <= 1.5.4 - Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS) — tarteaucitron.js – Cookies legislation & GDPR (WordPress plugin) 6.1 Medium2021-12-20
CVE-2021-4131 Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat — livehelperchat/livehelperchat 4.3 -2021-12-18
CVE-2021-4130 Cross-Site Request Forgery (CSRF) in snipe/snipe-it — snipe/snipe-it 4.3 -2021-12-18
CVE-2021-41260 Missing CSRF checks in Galette — galette 8.2 High2021-12-16
CVE-2021-4123 Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat — livehelperchat/livehelperchat 4.3 -2021-12-16
CVE-2021-24922 Pixel Cat Lite < 2.6.2 - CSRF to Stored Cross-Site Scripting — Pixel Cat – Conversion Pixel Manager 8.2 -2021-12-13
CVE-2021-24818 WP Limits <= 1.0 - Plugin's Settings Update via CSRF — Wp Limits 4.3 -2021-12-13
CVE-2021-24795 Filter Portfolio Gallery <= 1.5 - Arbitrary Gallery Deletion via CSRF — Filter Portfolio Gallery 6.5 -2021-12-13
CVE-2021-24784 WP Admin Logo Changer <= 1.0 - Plugin's Settings Update via CSRF — WP Admin Logo Changer 6.5 -2021-12-13
CVE-2021-24780 Single Post Exporter <= 1.1.1 - Plugin's Settings Update via CSRF — Single Post Exporter 4.3 -2021-12-13
CVE-2021-4092 Cross-Site Request Forgery (CSRF) in yetiforcecompany/yetiforcecrm — yetiforcecompany/yetiforcecrm 4.3 -2021-12-11
CVE-2021-4082 Cross-Site Request Forgery (CSRF) in pimcore/pimcore — pimcore/pimcore 4.3 -2021-12-10
CVE-2021-4033 Cross-Site Request Forgery (CSRF) in kevinpapst/kimai2 — kevinpapst/kimai2 4.3 -2021-12-09
CVE-2021-4049 Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat — livehelperchat/livehelperchat 4.3 -2021-12-07
CVE-2021-35242 A valid CSRF token is present in response to an invalid request — Serv-U Server 8.3 High2021-12-06
CVE-2021-4005 Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii — firefly-iii/firefly-iii 4.3 -2021-12-04
CVE-2021-3944 Cross-Site Request Forgery (CSRF) in bookstackapp/bookstack — bookstackapp/bookstack 6.5 -2021-12-02
CVE-2021-3993 Cross-Site Request Forgery (CSRF) in star7th/showdoc — star7th/showdoc 6.5 -2021-12-01
CVE-2021-4015 Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii — firefly-iii/firefly-iii 4.3 -2021-12-01
CVE-2021-4017 Cross-Site Request Forgery (CSRF) in star7th/showdoc — star7th/showdoc 6.5 -2021-12-01
CVE-2021-42364 Stetic <= 1.0.6 Cross-Site Request Forgery to Stored Cross-Site Scripting — Stetic 8.8 High2021-11-29
CVE-2021-42358 Contact Form With Captcha <= 1.6.2 Cross-Site Request Forgery to Reflected Cross-Site Scripting — Contact Form With Captcha 8.8 High2021-11-29
CVE-2021-24749 URL Shortify < 1.5.1 - Arbitrary Link/Group Deletion via CSRF — URL Shortify – Simple, Powerful and Easy URL Shortener Plugin For WordPress 6.5 -2021-11-29

Vulnerabilities classified as CWE-352 (跨站请求伪造(CSRF)) represent 4751 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.