CWE-352 (跨站请求伪造(CSRF)) — Vulnerability Class 4751

4751 vulnerabilities classified as CWE-352 (跨站请求伪造(CSRF)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-48342	WordPress Dynamic Pricing & Discounts Lite for WooCommerce plugin <= 2.0.3 - Cross Site Request Forgery (CSRF) vulnerability — Dynamic Pricing & Discounts Lite for WooCommerce	5.4	Medium	2025-05-19
CVE-2025-48285	WordPress Falang multilanguage plugin <= 1.3.61 - Cross Site Request Forgery (CSRF) Vulnerability — Falang multilanguage	4.3	Medium	2025-05-19
CVE-2025-48284	WordPress Japanized For WooCommerce plugin <= 2.6.40 - Cross Site Request Forgery (CSRF) Vulnerability — Japanized For WooCommerce	5.4	Medium	2025-05-19
CVE-2025-48265	WordPress Year Make Model Search for WooCommerce plugin <= 1.0.11 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability — Year Make Model Search for WooCommerce	4.3	Medium	2025-05-19
CVE-2025-48264	WordPress Product Code for WooCommerce plugin <= 1.5.0 - CSRF to Database Update vulnerability — Product Code for WooCommerce	4.3	Medium	2025-05-19
CVE-2025-48259	WordPress WP Mapa Politico España plugin <= 3.8.0 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability — WP Mapa Politico España	4.3	Medium	2025-05-19
CVE-2025-48255	WordPress Broadcast Live Video – Live Streaming : WebRTC, HLS, RTSP, RTMP plugin <= 6.2.4 - Cross Site Request Forgery (CSRF) Vulnerability — Broadcast Live Video	4.3	Medium	2025-05-19
CVE-2025-48243	WordPress reCAPTCHA for all plugin <= 2.26 - Cross Site Request Forgery (CSRF) Vulnerability — reCAPTCHA for all	4.3	Medium	2025-05-19
CVE-2025-48238	WordPress AWcode Toolkit plugin <= 1.0.18 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability — AWcode Toolkit	7.1	High	2025-05-19
CVE-2025-48233	WordPress Affiliates Manager Google reCAPTCHA Integration plugin <= 1.0.6 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability — Affiliates Manager Google reCAPTCHA Integration	7.1	High	2025-05-19
CVE-2025-4887	SourceCodester Online Student Clearance System cross-site request forgery — Online Student Clearance System	4.3	Medium	2025-05-18
CVE-2025-4194	AlT Monitoring <= 1.0.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting — AlT Monitoring	6.1	Medium	2025-05-17
CVE-2025-4189	Audio Comments Plugin <= 1.0.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting — Audio Comments Plugin	6.1	Medium	2025-05-17
CVE-2025-31068	WordPress Seven Stars theme <= 1.4.4 - Cross Site Request Forgery (CSRF) Vulnerability — Seven Stars	4.3	Medium	2025-05-16
CVE-2025-31639	WordPress Spare theme <= 1.7 - Cross Site Request Forgery (CSRF) Vulnerability — Spare	4.3	Medium	2025-05-16
CVE-2025-31915	WordPress Pixel Form BuilderPlugin & Autoresponder plugin <= 1.0.3 - Cross Site Request Forgery (CSRF) vulnerability — Pixel WordPress Form BuilderPlugin & Autoresponder	5.4	Medium	2025-05-16
CVE-2025-31921	WordPress WP Ultimate Tours Builder plugin <= 1.055 - Cross Site Request Forgery (CSRF) Vulnerability — WP Ultimate Tours Builder	4.3	Medium	2025-05-16
CVE-2025-31922	WordPress CSS3 Accordions for WordPress plugin <= 3.0 - CSRF to Stored XSS vulnerability — CSS3 Accordions for WordPress	7.1	High	2025-05-16
CVE-2025-32245	WordPress Featured Posts Scroll plugin <= 1.25 - CSRF to Stored Cross Site Scripting (XSS) vulnerability — Featured Posts Scroll	7.1	Medium	2025-05-16
CVE-2025-32310	WordPress QuickCal plugin <= 1.0.15 - CSRF to Privilege Escalation vulnerability — QuickCal - Appointment Booking Calendar for WordPress	8.8	High	2025-05-16
CVE-2025-48146	WordPress SEO Flow by LupsOnline plugin <= 2.2.1 - CSRF to Stored XSS vulnerability — SEO Flow by LupsOnline	7.1	High	2025-05-16
CVE-2025-48144	WordPress Import Export For WooCommerce plugin <= 1.6.2 - CSRF to Stored XSS vulnerability — Import Export For WooCommerce	7.1	High	2025-05-16
CVE-2025-48115	WordPress ValidateCertify plugin <= 1.6.4 - Cross Site Request Forgery (CSRF) vulnerability — ValidateCertify	4.3	Medium	2025-05-16
CVE-2025-48114	WordPress ShayanWeb Admin FontChanger plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability — ShayanWeb Admin FontChanger	7.1	High	2025-05-16
CVE-2025-32922	WordPress WP2LEADS plugin <= 3.5.0 - Cross Site Request Forgery (CSRF) vulnerability — WP2LEADS	7.1	High	2025-05-15
CVE-2025-47708	Enterprise MFA - TFA for Drupal - Critical - Cross Site Request Forgery - SA-CONTRIB-2025-054 — Enterprise MFA - TFA for Drupal	8.8^AI	High^AI	2025-05-14
CVE-2025-47701	Restrict route by IP - Critical - Cross Site Request Forgery - SA-CONTRIB-2025-047 — Restrict route by IP	8.8^AI	High^AI	2025-05-14
CVE-2025-46721	nosurf vulnerable to CSRF due to non-functional same-origin request checks — nosurf	8.1^AI	High^AI	2025-05-13
CVE-2025-46743	Cross-Site Request Forgery — SEL Blueframe OS	6.3	Medium	2025-05-12
CVE-2025-4375	Cross-Site Request Forgery vulnerability in Pro Cloud Server's WebEA — Pro Cloud Server	8.1^AI	High^AI	2025-05-09

Vulnerabilities classified as CWE-352 (跨站请求伪造(CSRF)) represent 4751 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-352 (跨站请求伪造(CSRF)) — Vulnerability Class 4751