CWE-352 (跨站请求伪造(CSRF)) — Vulnerability Class 4751

4751 vulnerabilities classified as CWE-352 (跨站请求伪造(CSRF)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-47491	WordPress Contact Form Widget plugin <= 1.4.6 - Cross Site Request Forgery (CSRF) Vulnerability — Contact Form Widget	7.4	High	2025-05-07
CVE-2025-47473	WordPress PW WooCommerce Bulk Edit plugin <= 2.134 - Cross Site Request Forgery (CSRF) Vulnerability — PW WooCommerce Bulk Edit	5.4	Medium	2025-05-07
CVE-2025-47470	WordPress GPT3 AI Content Writer plugin <= 1.9.14 - Cross Site Request Forgery (CSRF) to Prompt Generation vulnerability — GPT3 AI Content Writer	4.3	Medium	2025-05-07
CVE-2025-47468	WordPress Hash Form plugin <= 1.2.8 - Cross Site Request Forgery (CSRF) Vulnerability — Hash Form	4.3	Medium	2025-05-07
CVE-2025-47466	WordPress Ultimate WP Mail plugin <= 1.3.4 - Cross Site Request Forgery (CSRF) Vulnerability — Ultimate WP Mail	5.4	Medium	2025-05-07
CVE-2025-47462	WordPress Challan plugin <= 3.7.58 - CSRF to Privilege Escalation vulnerability — Challan	8.8	High	2025-05-07
CVE-2025-47459	WordPress WP Fundraising Donation and Crowdfunding Platform plugin <= 1.7.3 - Cross Site Request Forgery (CSRF) Vulnerability — FundEngine	4.3	Medium	2025-05-07
CVE-2025-47451	WordPress Product Quantity Dropdown For Woocommerce plugin <= 1.2 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability — Product Quantity Dropdown For Woocommerce	4.3	Medium	2025-05-07
CVE-2025-47448	WordPress WP Hotel Booking plugin <= 2.1.9 - Cross Site Request Forgery (CSRF) Vulnerability — WP Hotel Booking	4.3	Medium	2025-05-07
CVE-2025-47446	WordPress Listamester plugin <= 2.3.6 - Cross Site Request Forgery (CSRF) Vulnerability — Listamester	4.3	Medium	2025-05-07
CVE-2025-47447	WordPress Cool Author Box plugin <= 3.0.0 - Cross Site Request Forgery (CSRF) Vulnerability — Cool Author Box	4.3	Medium	2025-05-07
CVE-2025-0669	BOINC Server Cross-Site Request Forgery — BOINC Server	8.8^AI	High^AI	2025-05-07
CVE-2025-4327	MRCMS cross-site request forgery — MRCMS	4.3	Medium	2025-05-06
CVE-2025-4337	AHAthat Plugin <= 1.6 - Cross-Site Request Forgery to AHA Page Deletion — AHAthat Plugin	4.3	Medium	2025-05-06
CVE-2025-4282	SourceCodester/oretnom23 Stock Management System Users.php cross-site request forgery — Stock Management System	4.3	Medium	2025-05-05
CVE-2025-4198	Alink Tap <= 1.3.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting — Alink Tap	6.1	Medium	2025-05-03
CVE-2025-4199	Abundatrade Plugin <= 1.8.02 - Cross-Site Request Forgery to Stored Cross-Site Scripting — Abundatrade Plugin	6.1	Medium	2025-05-03
CVE-2025-4188	Advanced Reorder Image Text Slider <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting — Advanced Reorder Image Text Slider	6.1	Medium	2025-05-03
CVE-2024-11142	CSRF in Gosoft Software's Proticaret E-Commerce — Proticaret E-Commerce	8.8	High	2025-05-02
CVE-2025-2168	Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider <= 2.4.1 - Cross-Site Request Forgery to Limited User Meta Update — Ultimate Store Kit – Addon For WooCommerce, EDD and Elementor	4.3	Medium	2025-05-01
CVE-2025-1305	NewsBlogger <= 0.2.5.4 - Cross-Site Request Forgery to Arbitrary Plugin Installation — NewsBlogger	8.8	High	2025-05-01
CVE-2025-3997	dazhouda lecms Personal Information Page index.php cross-site request forgery — lecms	4.3	Medium	2025-04-28
CVE-2025-3979	dazhouda lecms Password Change index.php cross-site request forgery — lecms	4.3	Medium	2025-04-27
CVE-2025-3964	withstars Books-Management-System Article del cross-site request forgery — Books-Management-System	4.3	Medium	2025-04-27
CVE-2025-3959	withstars Books-Management-System reader_delete.html cross-site request forgery — Books-Management-System	4.3	Medium	2025-04-27
CVE-2025-3638	Moodle: csrf risk in brickfield tool's analysis request action	8.8	-	2025-04-25
CVE-2025-3635	Moodle: csrf risk in moodle user tours manager allows tour duplication	3.5	Low	2025-04-25
CVE-2025-46547	Sherpa Orchestrator 跨站请求伪造漏洞 — Orchestrator	5.4	Medium	2025-04-25
CVE-2025-46498	WordPress Zalo Official Live Chat plugin <= 1.0.0 - Cross Site Request Forgery (CSRF) Vulnerability — Zalo Official Live Chat	5.4	Medium	2025-04-24
CVE-2025-46507	WordPress Unsafe Mimetypes plugin <= 0.1.4 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability — Unsafe Mimetypes	7.1	High	2025-04-24

Vulnerabilities classified as CWE-352 (跨站请求伪造(CSRF)) represent 4751 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-352 (跨站请求伪造(CSRF)) — Vulnerability Class 4751