CWE-352 (跨站请求伪造(CSRF)) — Vulnerability Class 4751

4751 vulnerabilities classified as CWE-352 (跨站请求伪造(CSRF)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-32477	WordPress WP-Easy Menu plugin <= 0.41 - CSRF to Stored XSS vulnerability — WP-Easy Menu	7.1	High	2025-04-09
CVE-2025-32478	WordPress WP SexyLightBox plugin <= 0.5.3 - CSRF to Stored XSS vulnerability — WP SexyLightBox	7.1	High	2025-04-09
CVE-2025-32479	WordPress Flags Widget plugin <= 1.0.7 - CSRF to Stored XSS vulnerability — Flags Widget	7.1	High	2025-04-09
CVE-2025-32480	WordPress Windows Live Writer plugin <= 0.1 - CSRF to Stored XSS vulnerability — Windows Live Writer	7.1	High	2025-04-09
CVE-2025-32481	WordPress Nino Social Connect plugin <= 2.0 - CSRF to Stored XSS vulnerability — Nino Social Connect	7.1	High	2025-04-09
CVE-2025-32482	WordPress Custom Smilies plugin <= 1.2 - CSRF to Stored XSS vulnerability — Custom Smilies	7.1	High	2025-04-09
CVE-2025-32484	WordPress WP-Planification – WP-Planning plugin <= 2.3.1 - CSRF to Stored XSS vulnerability — WP-Planification	7.1	High	2025-04-09
CVE-2025-32485	WordPress WP Performance Pack plugin <= 2.5.4 - Cross Site Request Forgery (CSRF) Vulnerability — WP Performance Pack	4.3	Medium	2025-04-09
CVE-2025-32494	WordPress reCAPTCHA Jetpack plugin <= 0.2.2 - Cross Site Request Forgery (CSRF) Vulnerability — reCAPTCHA Jetpack	4.3	Medium	2025-04-09
CVE-2025-32497	WordPress Spoiler Block plugin <= 1.7 - CSRF to Stored XSS vulnerability — Spoiler Block	7.1	High	2025-04-09
CVE-2025-32496	WordPress Ultra Demo Importer plugin <= 1.0.5 - CSRF to RCE vulnerability — Ultra Demo Importer	9.6	Critical	2025-04-09
CVE-2025-32498	WordPress VKontakte Cross-Post plugin <= 0.3.2 - CSRF to Stored XSS vulnerability — VKontakte Cross-Post	7.1	High	2025-04-09
CVE-2025-32500	WordPress Codescar Radio Widget plugin <= 0.4.2 - CSRF to Stored Cross Site Scripting (XSS) vulnerability — Codescar Radio Widget	7.1	High	2025-04-09
CVE-2025-32501	WordPress RentSyst plugin <= 2.0.92 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability — Rentsyst	7.1	High	2025-04-09
CVE-2025-32502	WordPress ePaper Lister for Yumpu plugin <= 1.4.0 - CSRF to Stored XSS vulnerability — ePaper Lister for Yumpu	7.1	High	2025-04-09
CVE-2025-32518	WordPress ALD Login Page plugin <= 1.1 - CSRF to Stored XSS vulnerability — ALD Login Page	7.1	High	2025-04-09
CVE-2025-32505	WordPress MultiMailer plugin <= 1.0.3 - CSRF to Stored XSS vulnerability — MultiMailer	7.1	High	2025-04-09
CVE-2025-32547	WordPress All push notification for WP Plugin <= 1.5.3 - CSRF to SQL Injection vulnerability — All push notification for WP	8.2	High	2025-04-09
CVE-2025-32555	WordPress SEO, Nutrition and Print for Recipes by Edamam plugin <= 3.3 - CSRF to Cross-Site Scripting vulnerability — SEO, Nutrition and Print for Recipes by Edamam	7.1	High	2025-04-09
CVE-2025-32559	WordPress REVE Chat plugin <= 6.4.4 - Cross Site Request Forgery (CSRF) vulnerability — REVE Chat	7.1	High	2025-04-09
CVE-2025-32556	WordPress Simple Post Meta Manager Plugin <= 1.0.9 - CSRF to Reflected Cross-Site Scripting vulnerability — Simple Post Meta Manager	7.1	High	2025-04-09
CVE-2025-32563	WordPress WP Calais Auto Tagger plugin <= 2.0 - CSRF to Stored XSS vulnerability — WP Calais Auto Tagger	7.1	High	2025-04-09
CVE-2025-32575	WordPress WP w3all phpBB Plugin <= 2.9.9 - CSRF to Stored XSS vulnerability — WP w3all phpBB	7.1	High	2025-04-09
CVE-2025-32576	WordPress WP shop plugin <= 2.6.1 - CSRF to Arbitrary File Upload vulnerability — WP shop	9.6	Critical	2025-04-09
CVE-2025-32584	WordPress Chat2 plugin <= 4.0 - CSRF to Stored XSS vulnerability — Chat2	7.1	High	2025-04-09
CVE-2025-32591	WordPress WP Abstracts Plugin <= 2.7.5 - CSRF to Stored XSS vulnerability — WP Abstracts	7.1	High	2025-04-09
CVE-2025-32597	WordPress WordPress Events Calendar Plugin – connectDaily plugin <= 1.5.4 - CSRF to Cross-Site Scripting vulnerability — WordPress Events Calendar Plugin – connectDaily	7.1	High	2025-04-09
CVE-2025-32610	WordPress Foliopress WYSIWYG plugin <= 2.6.18 - CSRF to Stored XSS vulnerability — Foliopress WYSIWYG	7.1	High	2025-04-09
CVE-2025-32612	WordPress User Session Synchronizer plugin <= 1.4.0 - CSRF to Stored XSS vulnerability — User Session Synchronizer	7.1	High	2025-04-09
CVE-2025-32616	WordPress Nimbata Call Tracking plugin <= 1.8.0 - Cross Site Request Forgery (CSRF) vulnerability — Nimbata Call Tracking	7.1	High	2025-04-09

Vulnerabilities classified as CWE-352 (跨站请求伪造(CSRF)) represent 4751 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-352 (跨站请求伪造(CSRF)) — Vulnerability Class 4751