Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-352 (跨站请求伪造(CSRF)) — Vulnerability Class 4751

4751 vulnerabilities classified as CWE-352 (跨站请求伪造(CSRF)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-65107 Langfuse SSO Account Takeover via CSRF or phishing attack — langfuse 6.5 Medium2025-11-21
CVE-2025-11087 Zegen Core <= 2.0.1 - Cross-Site Request Forgery to Arbitrary File Upload — Zegen Core 8.8 High2025-11-21
CVE-2025-66097 WordPress I Order Terms plugin <= 1.5.0 - Cross Site Request Forgery (CSRF) vulnerability — I Order Terms 4.3 Medium2025-11-21
CVE-2025-66064 WordPress Giveaways and Contests by RafflePress plugin <= 1.12.20 - Cross Site Request Forgery (CSRF) vulnerability — Giveaways and Contests by RafflePress 4.3 Medium2025-11-21
CVE-2025-66061 WordPress Seriously Simple Podcasting plugin <= 3.13.0 - Cross Site Request Forgery (CSRF) vulnerability — Seriously Simple Podcasting 4.3 Medium2025-11-21
CVE-2025-13134 AuthorSure <= 2.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting — AuthorSure 6.1 Medium2025-11-21
CVE-2025-13142 Custom Post Type <= 1.0 - Cross-Site Request Forgery to Custom Post Type Deletion — Custom Post Type 4.3 Medium2025-11-21
CVE-2025-62687 LogStare Collector 跨站请求伪造漏洞 — LogStare Collector (for Windows) 8.3 -2025-11-21
CVE-2025-62346 HCL Glovius Cloud is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability — Glovius Cloud 6.8 Medium2025-11-20
CVE-2025-12535 SureForms <= 1.13.1 - Cross-Site Request Forgery Protection Bypass via Improper Nonce Distribution — SureForms – Contact Form, Payment Form & Other Custom Form Builder 5.3 Medium2025-11-19
CVE-2025-59114 Cross-Site Request Forgery in Windu CMS — Windu CMS 8.8AIHighAI2025-11-18
CVE-2025-59112 Cross-Site Request Forgery in Windu CMS — Windu CMS 4.3AIMediumAI2025-11-18
CVE-2025-59110 Cross-Site Request Forgery in Windu CMS — Windu CMS 8.8AIHighAI2025-11-18
CVE-2025-6670 Cross-Site Request Forgery (CSRF) in Multiple WSO2 Products via HTTP GET in Admin Services — WSO2 Open Banking AM 8.8 High2025-11-18
CVE-2025-12406 Project Honey Pot Spam Trap <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting — Project Honey Pot Spam Trap 6.1 Medium2025-11-18
CVE-2025-12173 WP Admin Microblog <= 3.1.1 - Cross-Site Request Forgery to Message Creation — WP Admin Microblog 4.3 Medium2025-11-18
CVE-2025-12827 Top Friends <= 0.3 - Cross-Site Request Forgery to Settings Update — Top Friends 4.3 Medium2025-11-18
CVE-2025-12404 Like-it <= 2.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting — Like-it 6.1 Medium2025-11-18
CVE-2025-9625 Coil Web Monetization <= 2.0.2 - Cross-Site Request Forgery — Coil Web Monetization 4.3 Medium2025-11-18
CVE-2025-55057 Maxum Rumpus FTP Server 跨站请求伪造漏洞 — FTP Server 4.5 Medium2025-11-17
CVE-2025-13283 Chunghwa Telecom|TenderDocTransfer - Arbitrary File Copy and Paste — TenderDocTransfer 7.1 High2025-11-17
CVE-2025-13282 Chunghwa Telecom|TenderDocTransfer - Arbitrary File Delete — TenderDocTransfer 8.1 High2025-11-17
CVE-2025-13179 Bdtask/CodeCanyon Wholesale Inventory Control and Inventory Management System cross-site request forgery — Wholesale Inventory Control and Inventory Management System 4.3 Medium2025-11-14
CVE-2025-13177 Bdtask/CodeCanyon SalesERP cross-site request forgery — SalesERP 4.3 Medium2025-11-14
CVE-2025-59480 Inadequate validation of SSO redirect credentials permits credential theft — Mattermost 6.1 Medium2025-11-13
CVE-2025-13119 Fabian Ros/SourceCodester Simple E-Banking System cross-site request forgery — Simple E-Banking System 4.3 Medium2025-11-13
CVE-2025-64271 WordPress WP Plugin Manager plugin <= 1.4.7 - Cross Site Request Forgery (CSRF) vulnerability — WP Plugin Manager 4.3 Medium2025-11-13
CVE-2025-64262 WordPress Auto Prune Posts plugin <= 3.0.0 - Cross Site Request Forgery (CSRF) vulnerability — Auto Prune Posts 6.5 Medium2025-11-13
CVE-2025-64482 Tuleap missing CSRF protections in the File Release System — tuleap 4.6 Medium2025-11-12
CVE-2025-64117 Tuleap missing CSRF protection in the management of SVN commit rules and immutable tags — tuleap 4.6 Medium2025-11-12

Vulnerabilities classified as CWE-352 (跨站请求伪造(CSRF)) represent 4751 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.