CWE-352 (跨站请求伪造(CSRF)) — Vulnerability Class 4751

4751 vulnerabilities classified as CWE-352 (跨站请求伪造(CSRF)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-30565	WordPress banner-manager plugin <= 16.04.19 - CSRF to Stored XSS vulnerability — banner-manager	7.1	High	2025-03-24
CVE-2025-30564	WordPress Custom Script Integration plugin <= - 2.1 Cross Site Request Forgery (CSRF) Vulnerability — Custom Script Integration	7.1	High	2025-03-24
CVE-2025-30561	WordPress CAS Maestro plugin <= 1.1.3 - CSRF to Stored XSS vulnerability — CAS Maestro	7.1	High	2025-03-24
CVE-2025-30560	WordPress jQuery Dropdown Menu plugin <= 3.0 - CSRF to Stored XSS vulnerability — jQuery Dropdown Menu	7.1	High	2025-03-24
CVE-2025-30558	WordPress ANAC XML Render plugin <= 1.5.7 - CSRF to Stored XSS vulnerability — ANAC XML Render	7.1	High	2025-03-24
CVE-2025-30557	WordPress Easy 301 Redirects plugin <= 1.33 - Cross Site Request Forgery (CSRF) vulnerability — Easy 301 Redirects	4.3	Medium	2025-03-24
CVE-2025-30556	WordPress Fix Rss Feeds plugin <= 3.1 - Cross Site Request Forgery (CSRF) vulnerability — Fix Rss Feeds	4.3	Medium	2025-03-24
CVE-2025-30555	WordPress WordPres 同步微博 plugin <= 1.1.0 - CSRF to Stored XSS vulnerability — WordPres 同步微博	7.1	High	2025-03-24
CVE-2025-30552	WordPress WordPress Admin Bar Improved plugin <= 3.3.5 - CSRF to Stored XSS vulnerability — WordPress Admin Bar Improved	7.1	High	2025-03-24
CVE-2025-30550	WordPress CallPhone'r plugin <= 1.1.1 - CSRF to Stored XSS vulnerability — CallPhone'r	7.1	High	2025-03-24
CVE-2025-30549	WordPress Yummly Rich Recipes plugin <= 4.2 - Cross Site Request Forgery (CSRF) vulnerability — Yummly Rich Recipes	4.3	Medium	2025-03-24
CVE-2025-30546	WordPress Cackle plugin <= 4.33 - Cross Site Request Forgery (CSRF) vulnerability — Cackle	4.3	Medium	2025-03-24
CVE-2025-30542	WordPress WP SoundCloud Ultimate plugin <= 1.5 - Cross Site Request Forgery (CSRF) vulnerability — SoundCloud Ultimate	4.3	Medium	2025-03-24
CVE-2025-30541	WordPress Info Boxes Shortcode And Widgets plugin <= 1.15 - Cross Site Request Forgery (CSRF) vulnerability — Info Boxes Shortcode and Widget	4.3	Medium	2025-03-24
CVE-2025-30538	WordPress Simple Optimizer plugin <= 1.2.7 - Cross Site Request Forgery (CSRF) vulnerability — Simple Optimizer	4.3	Medium	2025-03-24
CVE-2025-30535	WordPress External image replace plugin <= 1.0.8 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability — External image replace	4.3	Medium	2025-03-24
CVE-2025-30534	WordPress Image Captcha plugin <= 1.2 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability — Image Captcha	4.3	Medium	2025-03-24
CVE-2025-30531	WordPress WP Ride Booking plugin <= 2.4 - Cross Site Request Forgery (CSRF) Vulnerability — WP Ride Booking	4.3	Medium	2025-03-24
CVE-2025-30529	WordPress Auto Load Next Post plugin <= 1.5.14 - Cross Site Request Forgery (CSRF) vulnerability — Auto Load Next Post	4.3	Medium	2025-03-24
CVE-2025-30528	WordPress Awesome Logos plugin <= 1.2 - CSRF to SQL Injection vulnerability — Awesome Logos	9.3	Critical	2025-03-24
CVE-2025-30526	WordPress Typekit plugin <= 1.2.3 - Cross Site Request Forgery (CSRF) vulnerability — Typekit plugin for WordPress	4.3	Medium	2025-03-24
CVE-2025-30522	WordPress Contact Form 7 Material Design plugin <= 1.0.0 - CSRF to Stored XSS vulnerability — Contact Form 7 Material Design	7.1	High	2025-03-24
CVE-2025-30521	WordPress GP Back To Top plugin <= 3.0 - Cross Site Request Forgery (CSRF) vulnerability — GP Back To Top	4.3	Medium	2025-03-24
CVE-2024-13768	CITS Support svg, webp Media and TTF,OTF File Upload, Use Custom Fonts <= 4.2 - Cross-Site Request Forgery to Font Assignment Deletion — CITS Support svg, webp Media and TTF,OTF File Upload, Use Custom Fonts	4.3	Medium	2025-03-22
CVE-2025-0807	CITS Support svg, webp Media and TTF,OTF File Upload, Use Custom Fonts <= 4.2 - Cross-Site Request Forgery to Settings Update — CITS Support svg, webp Media and TTF,OTF File Upload, Use Custom Fonts	4.3	Medium	2025-03-22
CVE-2024-8736	Denial of Service (DoS) via Multipart Boundary in parisneo/lollms-webui — parisneo/lollms-webui	6.5	-	2025-03-20
CVE-2024-7806	Remote Code Execution by Non-Admin Users via CSRF in open-webui/open-webui — open-webui/open-webui	8.8	-	2025-03-20
CVE-2024-8026	CSRF due to overly permissive CORS headers in netease-youdao/qanything — netease-youdao/qanything	8.8	-	2025-03-20
CVE-2024-9365	Cross-Site Request Forgery (CSRF) in polyaxon/polyaxon — polyaxon/polyaxon	7.1	-	2025-03-20
CVE-2024-10819	CSRF to XSS in binary-husky/gpt_academic — binary-husky/gpt_academic	8.8	-	2025-03-20

Vulnerabilities classified as CWE-352 (跨站请求伪造(CSRF)) represent 4751 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-352 (跨站请求伪造(CSRF)) — Vulnerability Class 4751