CWE-352 (跨站请求伪造(CSRF)) — Vulnerability Class 4751

4751 vulnerabilities classified as CWE-352 (跨站请求伪造(CSRF)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-12202	ajayrandhawa User-Management-PHP-MYSQL web cross-site request forgery — User-Management-PHP-MYSQL web	4.3	Medium	2025-10-27
CVE-2025-11976	FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, ActiveCampaign etc.) <= 1.1.23.0 - Cross-Site Request Forgery to Sync Rule Creation — FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, ActiveCampaign etc.)	4.3	Medium	2025-10-25
CVE-2025-12095	Simple Registration for WooCommerce <= 1.5.8 - Cross-Site Request Forgery to Privilege Escalation via Role Request Approval — Simple Registration for WooCommerce	8.8	High	2025-10-25
CVE-2025-12028	IndieAuth <= 4.5.4 - Cross-Site Request Forgery to Account Takeover via Stolen OAuth Tokens — IndieAuth	8.8	High	2025-10-24
CVE-2025-12072	Disable Content Editor For Specific Template <= 2.0 - Cross-Site Request Forgery to Template Configuration Update — Disable Content Editor For Specific Template	4.3	Medium	2025-10-24
CVE-2025-62061	WordPress Product Catalog Simple plugin <= 1.8.4 - Cross Site Request Forgery (CSRF) vulnerability — Product Catalog Simple	4.3	Medium	2025-10-22
CVE-2025-62009	WordPress UPC/EAN/GTIN Code Generator plugin <= 2.0.2 - Cross Site Request Forgery (CSRF) vulnerability — UPC/EAN/GTIN Code Generator	4.3	Medium	2025-10-22
CVE-2025-62005	WordPress SUMO Memberships for WooCommerce plugin < 7.8.0 - Cross Site Request Forgery (CSRF) vulnerability — SUMO Memberships for WooCommerce	7.1	High	2025-10-22
CVE-2025-60208	WordPress Advanced Custom Fields : CPT Options Pages plugin <= 2.0.9 - Cross Site Request Forgery (CSRF) vulnerability — Advanced Custom Fields : CPT Options Pages	8.8^AI	High^AI	2025-10-22
CVE-2025-60168	WordPress HotelRunner Booking Widget Plugin <= 1.6 - Cross Site Request Forgery (CSRF) Vulnerability — HotelRunner Booking Widget	6.1^AI	Medium^AI	2025-10-22
CVE-2025-60132	WordPress Video Blogster Lite Plugin <= 1.2 - Cross Site Request Forgery (CSRF) Vulnerability — Video Blogster Lite	7.1	High	2025-10-22
CVE-2025-60134	WordPress WP Media Categories Plugin <= 2.1.0 - Cross Site Request Forgery (CSRF) Vulnerability — WP Media Categories	4.3	Medium	2025-10-22
CVE-2025-49373	WordPress Evergreen Content Poster plugin <= 1.4.5 - Cross Site Request Forgery (CSRF) vulnerability — Evergreen Content Poster	4.3	Medium	2025-10-22
CVE-2025-48099	WordPress Search & Filter plugin <= 1.2.17 - Cross Site Request Forgery (CSRF) to Open Redirect vulnerability — Search & Filter	8.8^AI	High^AI	2025-10-22
CVE-2025-10588	PixelYourSite <= 11.1.2 – Cross-Site Request Forgery to GDPR Options Modification — PixelYourSite – Your smart PIXEL (TAG) & API Manager	4.3	Medium	2025-10-22
CVE-2025-62771	Mercku M6a 跨站请求伪造漏洞 — M6a	7.5	High	2025-10-22
CVE-2025-47410	Apache Geode: CSRF attacks through GET requests to the Management and Monitoring REST API that can execute gfsh commands on the target system — Apache Geode	8.8^AI	High^AI	2025-10-18
CVE-2025-9890	Theme Editor <= 3.0 - Cross-Site Request Forgery to Remote Code Execution — Theme Editor	8.8	High	2025-10-18
CVE-2025-41254	Spring Framework STOMP CSRF Vulnerability — Spring Framework	4.3	Medium	2025-10-16
CVE-2025-10700	Ally - Web Accessibility & Usability <= 3.8.0 - Cross-Site Request Forgery to Plugin Settings Update — Ally – Web Accessibility & Usability	4.3	Medium	2025-10-16
CVE-2025-10312	Theme Importer <= 1.0 - Cross-Site Request Forgery — Theme Importer	4.3	Medium	2025-10-15
CVE-2025-10300	TopBar <= 1.0.0 - Cross-Site Request Forgery to Settings Update — TopBar	4.3	Medium	2025-10-15
CVE-2025-10301	FunKItools <= 1.0.2 - Cross-Site Request Forgery to Settings Update — FunKItools	4.3	Medium	2025-10-15
CVE-2025-59428	EspoCRM allows arbitrary user creation via stored SVG injection and CSRF — espocrm	5.4	Medium	2025-10-14
CVE-2025-7330	Rockwell Automation 1783-NATR Cross-Site Request Forgery Vulnerability — Comms - 1783-NATR	7.1^AI	High^AI	2025-10-14
CVE-2025-42908	Cross-Site Request Forgery (CSRF) vulnerability in SAP NetWeaver Application Server for ABAP — SAP NetWeaver Application Server for ABAP	5.4	Medium	2025-10-14
CVE-2025-10376	Course Redirects for Learndash Plugin <= 0.4 - Cross-Site Request Forgery — Course Redirects for Learndash Plugin	4.3	Medium	2025-10-11
CVE-2025-10375	Web Accessibility By accessiBe <= 2.10 - Cross-Site Request Forgery — Web Accessibility by accessiBe	4.3	Medium	2025-10-11
CVE-2025-8606	GSheetConnector For Gravity Forms <= 1.3.23 - Cross-Site Request Forgery to Arbitrary Plugin Activation/Deactivation — GSheetConnector for Gravity Forms – Send Gravity Forms Entries to Google Sheets in Real-Time	2.4	Low	2025-10-11
CVE-2025-9626	Page Blocks <= 1.1.0 - Cross-Site Request Forgery — Page Blocks	4.3	Medium	2025-10-11

Vulnerabilities classified as CWE-352 (跨站请求伪造(CSRF)) represent 4751 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-352 (跨站请求伪造(CSRF)) — Vulnerability Class 4751