Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-352 (跨站请求伪造(CSRF)) — Vulnerability Class 4751

4751 vulnerabilities classified as CWE-352 (跨站请求伪造(CSRF)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-54673 WordPress Chartify plugin <= 3.5.3 - Cross Site Request Forgery (CSRF) vulnerability — Chartify 4.3 Medium2025-08-14
CVE-2025-54674 WordPress Product Configurator for WooCommerce Plugin plugin <= 1.4.4 - Cross Site Request Forgery (CSRF) Vulnerability — Product Configurator for WooCommerce 5.4 Medium2025-08-14
CVE-2025-54672 WordPress Photo Engine Plugin plugin <= 6.4.3 - Cross Site Request Forgery (CSRF) Vulnerability — Photo Engine 4.3 Medium2025-08-14
CVE-2025-54671 WordPress oik plugin <= 4.15.2 - Cross Site Request Forgery (CSRF) vulnerability — oik 4.3 Medium2025-08-14
CVE-2025-49044 WordPress Simple Poll plugin <= 1.1.1 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability — Simple Poll 7.1 High2025-08-14
CVE-2025-8491 Easy restaurant menu manager <= 2.0.2 - Cross-Site Request Forgery to Menu Upload — Easy restaurant menu manager 4.3 Medium2025-08-13
CVE-2025-8891 OceanWP <= 4.0.9 - 4.1.1 - Cross-Site Request Forgery to Ocean Extra Plugin Installation — OceanWP 4.3 Medium2025-08-13
CVE-2025-49555 Adobe Commerce | Cross-Site Request Forgery (CSRF) (CWE-352) — Adobe Commerce 8.1 High2025-08-12
CVE-2025-8814 atjiu pybbs CookieUtil.java setCookie cross-site request forgery — pybbs 4.3 Medium2025-08-10
CVE-2025-8739 zhenfeng13 My-Blog save cross-site request forgery — My-Blog 4.3 Medium2025-08-08
CVE-2025-7202 Cross-Site Request Forgery (CSRF) allowed remote control of Elgato Key Lights — Key Light 4.3AIMediumAI2025-08-06
CVE-2025-5988 Aap-gateway: csrf origin checking is disabled 5.3 Medium2025-08-04
CVE-2025-8505 495300897 wx-shop cross-site request forgery — wx-shop 4.3 Medium2025-08-03
CVE-2025-8335 code-projects Simple Car Rental System cross-site request forgery — Simple Car Rental System 4.3 Medium2025-07-30
CVE-2025-54536 JetBrains TeamCity 跨站请求伪造漏洞 — TeamCity 5.4 Medium2025-07-28
CVE-2025-54529 JetBrains TeamCity 跨站请求伪造漏洞 — TeamCity 3.7 Low2025-07-28
CVE-2025-54528 JetBrains TeamCity 跨站请求伪造漏洞 — TeamCity 5.4 Medium2025-07-28
CVE-2025-8223 jerryshensjf JPACookieShop 蛋糕商城JPA版 AdminTypeCustController.java cross-site request forgery — JPACookieShop 蛋糕商城JPA版 4.3 Medium2025-07-27
CVE-2025-8104 Memory Usage <= 3.98 - Cross-Site Request Forgery to Limited Plugin Installation via wpmemory_install_plugin Function — Memory Usage, Memory Limit, PHP and Server Memory Health Check and Provide Suggestions 4.3 Medium2025-07-27
CVE-2025-8103 WPeMatico RSS Feed Fetcher <= 2.8.7 - Cross-Site Request Forgery to Plugin Deactivation via handle_feedback_submission Function — WPeMatico RSS Feed Fetcher 4.3 Medium2025-07-26
CVE-2025-36728 SimpleHelp Cross Site Request Forgery — Simplehelp 6.3 Medium2025-07-25
CVE-2025-7835 iThoughts Advanced Code Editor <= 1.2.10 - Cross-Site Request Forgery to Settings Update — iThoughts Advanced Code Editor 4.3 Medium2025-07-24
CVE-2025-7690 Affiliate Plus <= 1.3.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting — Affiliate Plus 6.1 Medium2025-07-24
CVE-2025-6214 Omnishop <= 1.0.9 - Cross-Site Request Forgery to Arbitrary User Deletion via /users/delete REST Endpoint — Omnishop – Mobile shop apps complementing your WooCommerce webshop 6.5 Medium2025-07-23
CVE-2025-6054 YANewsflash <= 1.0.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting — YANewsflash 6.1 Medium2025-07-23
CVE-2025-7685 Like & Share My Site <= 0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting — Like & Share My Site 6.1 Medium2025-07-22
CVE-2025-7687 Latest Post Accordian Slider <= 1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting — Latest Post Accordian Slider 6.1 Medium2025-07-22
CVE-2025-7369 Shortcodes Ultimate <= 7.4.2 - Cross-Site Request Forgery to Arbitrary Shortcode Execution — WP Shortcodes Plugin — Shortcodes Ultimate 6.1 Medium2025-07-21
CVE-2025-7834 PHPGurukul Complaint Management System cross-site request forgery — Complaint Management System 4.3 Medium2025-07-19
CVE-2025-7669 Avishi WP PayPal Payment Button <= 2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting — Avishi WP PayPal Payment Button 6.1 Medium2025-07-19

Vulnerabilities classified as CWE-352 (跨站请求伪造(CSRF)) represent 4751 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.