Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-352 (跨站请求伪造(CSRF)) — Vulnerability Class 4751

4751 vulnerabilities classified as CWE-352 (跨站请求伪造(CSRF)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2021-43777 Vulnerability in Redash OAuth2 flows due to misuse of state field (should be a nonce) — redash 6.8 Medium2021-11-23
CVE-2021-24668 MAZ Loader < 1.4.1 - Arbitrary Loader Deletion via CSRF — MAZ Loader – Preloader Builder for WordPress 6.5 -2021-11-23
CVE-2021-24641 Images to WebP < 1.9 - Multiple Cross Site Request Forgery (CSRF) — Images to WebP 8.1 -2021-11-23
CVE-2021-43559 Moodle 跨站请求伪造漏洞 — moodle 8.8 -2021-11-22
CVE-2021-34358 CSRF Vulnerability in QmailAgent — QmailAgent 6.8 Medium2021-11-20
CVE-2021-39198 The disqualify lead action may be executed without CSRF token check — crm 4.2 Medium2021-11-19
CVE-2021-39353 Easy Registration Forms <= 2.1.1 Cross-Site Request Forgery to Stored Cross-Site Scripting — Easy Registration Forms 8.8 High2021-11-19
CVE-2021-3957 Cross-Site Request Forgery (CSRF) in kevinpapst/kimai2 — kevinpapst/kimai2 4.3 -2021-11-19
CVE-2021-3963 Cross-Site Request Forgery (CSRF) in kevinpapst/kimai2 — kevinpapst/kimai2 4.3 -2021-11-19
CVE-2021-3976 Cross-Site Request Forgery (CSRF) in kevinpapst/kimai2 — kevinpapst/kimai2 4.3 -2021-11-19
CVE-2021-36908 WordPress WP Reset PRO Premium Plugin <= 5.98 - Cross-Site Request Forgery (CSRF) vulnerability — WP Reset PRO 8.8 High2021-11-18
CVE-2021-41274 Authentication Bypass by CSRF Weakness — solidus_auth_devise 9.3 Critical2021-11-17
CVE-2021-41275 Authentication Bypass by CSRF Weakness — spree_auth_devise 9.3 Critical2021-11-17
CVE-2021-41273 Cross-Site Request Forgery allowing sending of test emails and generation of node auto-deployment keys — panel 4.3 Medium2021-11-17
CVE-2021-24852 MouseWheel Smooth Scroll < 5.7 - Plugin's Setting Update via CSRF — MouseWheel Smooth Scroll 6.5 -2021-11-17
CVE-2021-24804 Simple JWT Login < 3.2.1 - Arbitrary Settings Update to Site Takeover via CSRF — Simple JWT Login – Login and Register to WordPress using JWT 8.8 -2021-11-17
CVE-2021-24802 Colorful Categories < 2.0.15 - Arbitrary Colors Update via CSRF — Colorful Categories 4.3 -2021-11-17
CVE-2021-24776 WP Performance Score Booster < 2.1 - Settings Change via CSRF — WP Performance Score Booster – Optimize Speed, Enable Cache & Page Preload 4.3 -2021-11-17
CVE-2021-25965 Calibre-web - Admin Account Takeover via Cross-Site Request Forgery (CSRF) — calibreweb 8.8 High2021-11-16
CVE-2021-25976 Piranha CMS - Site-wide Cross-Site Request Forgery (CSRF) — Piranha 8.1 High2021-11-16
CVE-2021-3683 Cross-Site Request Forgery (CSRF) in star7th/showdoc — star7th/showdoc 6.5 -2021-11-13
CVE-2021-3775 Cross-Site Request Forgery (CSRF) in star7th/showdoc — star7th/showdoc 6.5 -2021-11-13
CVE-2021-3776 Cross-Site Request Forgery (CSRF) in star7th/showdoc — star7th/showdoc 6.5 -2021-11-13
CVE-2021-3921 Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii — firefly-iii/firefly-iii 4.3 -2021-11-13
CVE-2021-3931 Cross-Site Request Forgery (CSRF) in snipe/snipe-it — snipe/snipe-it 4.3 -2021-11-13
CVE-2021-3932 Cross-Site Request Forgery (CSRF) in area17/twill — area17/twill 4.3 -2021-11-13
CVE-2021-24832 WP SEO Redirect 301 < 2.3.2 - Redirect Deletion via CSRF — WP SEO Redirect 301 6.5 -2021-11-08
CVE-2021-24806 wpDiscuz < 7.3.4 - Arbitrary Comment Addition/Edition/Deletion via CSRF — Comments – wpDiscuz 6.5 -2021-11-08
CVE-2021-24767 Redirect 404 Error Page to Homepage or Custom Page with Logs < 1.7.9 - Log Deletion via CSRF — Redirect 404 Error Page to Homepage or Custom Page with Logs 6.5 -2021-11-08
CVE-2021-24766 404 to 301 < 3.0.9 - Logs Deletion via CSRF — 404 to 301 – Redirect, Log and Notify 404 Errors 4.3 -2021-11-08

Vulnerabilities classified as CWE-352 (跨站请求伪造(CSRF)) represent 4751 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.