Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-352 (跨站请求伪造(CSRF)) — Vulnerability Class 4751

4751 vulnerabilities classified as CWE-352 (跨站请求伪造(CSRF)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2021-36877 WordPress uListing plugin <= 2.0.5 - Modify User Roles via Cross-Site Request Forgery (CSRF) vulnerability — uListing (WordPress plugin) 4.3 Medium2021-09-27
CVE-2021-36876 WordPress uListing plugin <= 2.0.5 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities — uListing (WordPress plugin) 5.4 Medium2021-09-27
CVE-2021-36878 WordPress uListing plugin <= 2.0.5 - Settings Update via Cross-Site Request Forgery (CSRF) vulnerability — uListing (WordPress plugin) 4.3 Medium2021-09-27
CVE-2021-3819 Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii — firefly-iii/firefly-iii 4.3 -2021-09-27
CVE-2021-22953 Concrete CMS 跨站请求伪造漏洞 — https://github.com/concrete5/concrete5 5.4 -2021-09-23
CVE-2021-22950 Concrete CMS 跨站请求伪造漏洞 — https://github.com/concrete5/concrete5 4.3 -2021-09-23
CVE-2021-22949 Concrete CMS 跨站请求伪造漏洞 — https://github.com/concrete5/concrete5 7.1 -2021-09-23
CVE-2021-41083 CSRF Vulnerability in dada-mail 11.15.1 and below — dada-mail 8.0 High2021-09-20
CVE-2021-24636 Print My Blog < 3.4.2 - Plugin Deactivation via CSRF — Print My Blog – Print, PDF, & eBook Converter WordPress Plugin 8.1 -2021-09-20
CVE-2021-24584 Timetable and Event Schedule by MotoPress < 2.4.2 - Unauthorised Event TimeSlot Update — Timetable and Event Schedule by MotoPress 5.4 -2021-09-20
CVE-2021-39209 Bypassable CSRF protection — glpi 8.8 High2021-09-15
CVE-2021-23026 F5 BIG-IP 跨站请求伪造漏洞 — BIG-IP & BIG-IQ 8.8 -2021-09-14
CVE-2021-23050 F5 BIG-IP 跨站请求伪造漏洞 — BIG-IP Advanced WAF and BIG-IP ASM; NGINX App Protect 6.5 -2021-09-14
CVE-2021-37201 Siemens SINEC NMS 跨站请求伪造漏洞 — SINEC NMS 8.8 -2021-09-14
CVE-2021-24725 Comment Link Remove and Other Comment Tools < 2.1.6 - Arbitrary Comment Deletion via CSRF — Comment Link Remove and Other Comment Tools 6.5 -2021-09-13
CVE-2021-24586 Per Page Add to Head < 1.4.4 - CSRF to Stored XSS — Per page add to head 4.6 -2021-09-13
CVE-2021-24491 Fileviewer <= 2.2 - Arbitrary File Upload/Deletion via CSRF — Fileviewer 8.8 -2021-09-13
CVE-2021-39197 Cross-Site Request Forgery in better_errors — better_errors 6.3 Medium2021-09-07
CVE-2021-24611 Keywords & Meta <= 3.0 - CSRF to Stored Cross-Site Scripting (XSS) — Keyword Meta 6.1 -2021-09-06
CVE-2021-39133 Cross-Site Request Forgery (CSRF) can run untrusted code on Rundeck server — rundeck 7.2 High2021-08-30
CVE-2021-38342 Nested Pages <= 3.1.15 Cross-Site Request Forgery to Arbitrary Post Deletion and Modification — Nested Pages 8.1 High2021-08-30
CVE-2021-32991 Delta Electronics DIAEnergie 跨站请求伪造漏洞 — Delta Electronics DIAEnergie 6.5 -2021-08-30
CVE-2021-24581 Blue Admin <= 21.06.01 - CSRF to Stored Cross-Site Scripting (XSS) — Blue Admin 8.2 -2021-08-30
CVE-2021-3730 Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii — firefly-iii/firefly-iii 4.3 -2021-08-23
CVE-2021-3729 Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii — firefly-iii/firefly-iii 4.3 -2021-08-23
CVE-2021-3728 Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii — firefly-iii/firefly-iii 4.3 -2021-08-23
CVE-2021-34645 Shopping Cart & eCommerce Store <= 5.1.0 Cross-Site Request Forgery to Stored Cross-Site Scripting — Shopping Cart & eCommerce Store 8.8 High2021-08-19
CVE-2021-24380 Shantz WordPress QOTD <= 1.2.2 - Arbitrary Setting Update via CSRF — Shantz WordPress QOTD 4.3 -2021-08-16
CVE-2021-34661 WP Fusion Lite <= 3.37.18 Cross-Site Request Forgery to Data Deletion — WP Fusion Lite 6.1 Medium2021-08-09
CVE-2021-24467 Leaflet Map < 3.0.0 - Arbitrary Settings Update via CSRF Leading to Stored XSS — Leaflet Map 6.5 -2021-08-09

Vulnerabilities classified as CWE-352 (跨站请求伪造(CSRF)) represent 4751 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.