CWE-352 (跨站请求伪造(CSRF)) — Vulnerability Class 4751

4751 vulnerabilities classified as CWE-352 (跨站请求伪造(CSRF)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-53268	WordPress Import external attachments plugin <= 1.5.12 - Cross Site Request Forgery (CSRF) Vulnerability — Import external attachments	4.3	Medium	2025-06-27
CVE-2025-53267	WordPress Hide Admin Bar From Front End plugin <= 1.0.0 - Cross Site Request Forgery (CSRF) Vulnerability — Hide Admin Bar From Front End	4.3	Medium	2025-06-27
CVE-2025-53265	WordPress Virusdie plugin <= 1.1.3 - Cross Site Request Forgery (CSRF) Vulnerability — Virusdie	5.4	Medium	2025-06-27
CVE-2025-53264	WordPress ONet Regenerate Thumbnails plugin <= 1.5 - Cross Site Request Forgery (CSRF) Vulnerability — ONet Regenerate Thumbnails	4.3	Medium	2025-06-27
CVE-2025-53262	WordPress Writesonic plugin <= 1.0.5 - Cross Site Request Forgery (CSRF) vulnerability — Writesonic	5.4	Medium	2025-06-27
CVE-2025-53263	WordPress Address Autocomplete via Google for Gravity Forms plugin <= 1.3.4 - Cross Site Request Forgery (CSRF) Vulnerability — Address Autocomplete via Google for Gravity Forms	5.4	Medium	2025-06-27
CVE-2025-53261	WordPress WP YouTube Live plugin <= 1.10.0 - Cross Site Request Forgery (CSRF) vulnerability — WP YouTube Live	4.3	Medium	2025-06-27
CVE-2025-53254	WordPress Cyrlitera plugin <= 1.3.0 - Cross Site Request Forgery (CSRF) vulnerability — Cyrlitera	4.3	Medium	2025-06-27
CVE-2025-53203	WordPress WooCommerce PDF Invoice Builder plugin <= 1.2.148 - Cross Site Request Forgery (CSRF) Vulnerability — WooCommerce PDF Invoice Builder	4.3	Medium	2025-06-27
CVE-2025-53197	WordPress Cookiebot plugin <= 4.5.8 - Cross Site Request Forgery (CSRF) Vulnerability — Cookiebot	4.3	Medium	2025-06-27
CVE-2025-53193	WordPress Burst Statistics plugin <= 2.0.6 - Cross Site Request Forgery (CSRF) Vulnerability — Burst Statistics	4.3	Medium	2025-06-27
CVE-2025-32281	WordPress DarkMySite plugin <= 1.2.8 - Cross Site Request Forgery (CSRF) vulnerability — DarkMySite	4.3	Medium	2025-06-27
CVE-2025-5936	VR Calendar <= 2.4.7 - Cross-Site Request Forgery to Calendar Sync — VR Calendar	4.3	Medium	2025-06-27
CVE-2025-48921	Open Social - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-079 — Open Social	8.8^AI	High^AI	2025-06-26
CVE-2025-48497	iroha Board 跨站请求伪造漏洞 — iroha Board	7.1^AI	High^AI	2025-06-26
CVE-2025-5932	Homerunner <= 1.0.30 - Cross-Site Request Forgery to Settings Update — Homerunner	4.3	Medium	2025-06-26
CVE-2025-6664	CodeAstro Patient Record Management System cross-site request forgery — Patient Record Management System	4.3	Medium	2025-06-25
CVE-2025-50179	Tuleap missing CSRF protection on tracker reports manipulation — tuleap	4.6	Medium	2025-06-25
CVE-2025-48991	Tuleap missing CSRF protection on tracker canned responses administration — tuleap	4.6	Medium	2025-06-25
CVE-2025-6478	CodeAstro Expense Management System cross-site request forgery — Expense Management System	4.3	Medium	2025-06-22
CVE-2025-6476	SourceCodester Gym Management System cross-site request forgery — Gym Management System	4.3	Medium	2025-06-22
CVE-2024-4994	Cross-Site Request Forgery (CSRF) in GitLab — GitLab	8.1	High	2025-06-20
CVE-2025-49965	WordPress PixelBeds Channel Manager and Hotel Booking Engine plugin <= 1.0 - Cross Site Request Forgery (CSRF) Vulnerability — PixelBeds Channel Manager and Hotel Booking Engine	4.3	Medium	2025-06-20
CVE-2025-49964	WordPress ClipLink plugin <= 1.1 - Cross Site Request Forgery (CSRF) Vulnerability — ClipLink	4.3	Medium	2025-06-20
CVE-2025-49966	WordPress Oganro Travel Portal Search Widget for HotelBeds APITUDE API plugin <= 1.0 - Cross Site Request Forgery (CSRF) Vulnerability — Oganro Travel Portal Search Widget for HotelBeds APITUDE API	4.3	Medium	2025-06-20
CVE-2025-49967	WordPress Live Sports Streamthunder plugin <= 2.1 - Cross Site Request Forgery (CSRF) Vulnerability — Live Sports Streamthunder	4.3	Medium	2025-06-20
CVE-2025-49968	WordPress XML Travel Portal Widget plugin <= 2.0 - Cross Site Request Forgery (CSRF) Vulnerability — XML Travel Portal Widget	4.3	Medium	2025-06-20
CVE-2025-49972	WordPress TM Replace Howdy plugin <= 1.4.2 - Cross Site Request Forgery (CSRF) Vulnerability — TM Replace Howdy	4.3	Medium	2025-06-20
CVE-2025-49975	WordPress JobWP plugin <= 2.4.0 - Cross Site Request Forgery (CSRF) Vulnerability — JobWP	4.3	Medium	2025-06-20
CVE-2025-49977	WordPress WP Inventory Manager plugin <= 2.3.4 - Cross Site Request Forgery (CSRF) vulnerability — WP Inventory Manager	4.3	Medium	2025-06-20

Vulnerabilities classified as CWE-352 (跨站请求伪造(CSRF)) represent 4751 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-352 (跨站请求伪造(CSRF)) — Vulnerability Class 4751