Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-352 (跨站请求伪造(CSRF)) — Vulnerability Class 4751

4751 vulnerabilities classified as CWE-352 (跨站请求伪造(CSRF)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-9311 Cross-Site Request Forgery to XSS in haotian-liu/llava — haotian-liu/llava 8.1 -2025-03-20
CVE-2025-1473 CSRF in mlflow/mlflow — mlflow/mlflow 8.8 -2025-03-20
CVE-2024-6841 CSRF in vanna-ai/vanna — vanna-ai/vanna 8.8 -2025-03-20
CVE-2024-10906 Cross-Site Request Forgery (CSRF) in eosphoros-ai/db-gpt — eosphoros-ai/db-gpt 8.8 -2025-03-20
CVE-2024-8065 CSRF in danswer-ai/danswer — danswer-ai/danswer 8.1 -2025-03-20
CVE-2024-7035 Cross-Site Request Forgery (CSRF) in open-webui/open-webui — open-webui/open-webui 8.1 -2025-03-20
CVE-2024-8489 CSRF due to overly permissive CORS headers in modelscope/agentscope — modelscope/agentscope 6.5 -2025-03-20
CVE-2024-9847 Cross-Site Request Forgery (CSRF) in flatpressblog/flatpress — flatpressblog/flatpress 6.5 -2025-03-20
CVE-2024-7760 CSRF in aimhubio/aim — aimhubio/aim 8.8 -2025-03-20
CVE-2024-10481 Cross-Site Request Forgery (CSRF) in comfyanonymous/comfyui — comfyanonymous/comfyui 8.8 -2025-03-20
CVE-2025-1314 Custom Twitter Feeds <= 2.2.5 - Cross-Site Request Forgery to Cache Reset via ctf_clear_cache_admin Function — Custom Twitter Feeds – A Tweets Widget or X Feed Widget 4.3 Medium2025-03-20
CVE-2024-13933 FoodBakery | Delivery Restaurant Directory WordPress Theme <= 4.7 - Cross-Site Request Forgery in Multiple Functions — FoodBakery | Delivery Restaurant Directory WordPress Theme 8.8 High2025-03-19
CVE-2025-2420 猫宁i Morning cross-site request forgery — Morning 4.3 Medium2025-03-17
CVE-2025-26899 WordPress Recapture for WooCommerce Plugin <= 1.0.43 - CSRF to Settings Change vulnerability — Recapture for WooCommerce 6.5 Medium2025-03-15
CVE-2025-1530 Tripetto <= 8.0.9 - Cross-Site Request Forgery to Arbitrary Results Deletion — WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto 4.3 Medium2025-03-15
CVE-2024-13913 InstaWP Connect – 1-click WP Staging & Migration <= 0.1.0.83 - Cross-Site Request Forgery to Local File Inclusion — InstaWP Connect – 1-click WP Staging & Migration 8.8 High2025-03-14
CVE-2025-1764 LoginPress <= 3.3.1 - Cross-Site Request Forgery to Arbitrary Options Update — LoginPress | wp-login Custom Login Page Customizer 7.5 High2025-03-14
CVE-2025-27792 Opal vulnerable to CSRF protection bypass — opal 8.1 -2025-03-11
CVE-2025-28868 WordPress ZipList Recipe plugin <= 3.1 - Cross Site Request Forgery (CSRF) vulnerability — ZipList Recipe 4.3 Medium2025-03-11
CVE-2025-28941 WordPress SPAM-BYBYE Plugin <= 2.2.4 - Cross Site Request Forgery (CSRF) vulnerability — Spam Byebye 4.3 Medium2025-03-11
CVE-2025-28940 WordPress Back To Top Plugin <= 2.0 - Cross Site Request Forgery (CSRF) vulnerability — Back To Top 4.3 Medium2025-03-11
CVE-2025-28933 WordPress MaxA/B plugin <= 2.2.2 - CSRF to Stored XSS vulnerability — MaxA/B 7.1 High2025-03-11
CVE-2025-28932 WordPress Insert Code plugin <= 2.4 - CSRF to Stored XSS vulnerability — Insert Code 7.1 High2025-03-11
CVE-2025-28931 WordPress WordPress Hashtags plugin <= 0.3.2 - CSRF to Stored XSS vulnerability — Hashtags 7.1 High2025-03-11
CVE-2025-28927 WordPress Display Template Name plugin <= 1.7.1 - Cross Site Request Forgery (CSRF) vulnerability — Display Template Name 4.3 Medium2025-03-11
CVE-2025-28925 WordPress WATI Chat and Notification plugin <= 1.1.2 - CSRF to Stored Cross Site Scripting (XSS) vulnerability — WATI Chat and Notification 7.1 High2025-03-11
CVE-2025-28922 WordPress Go To Top plugin <= 0.0.8 - CSRF to Stored XSS vulnerability — Go To Top 7.1 High2025-03-11
CVE-2025-28923 WordPress No Disposable Email plugin <= 2.5.1 - CSRF to Stored XSS vulnerability — No Disposable Email 7.1 High2025-03-11
CVE-2025-28913 WordPress WP Add Active Class To Menu Item plugin <=1.0 - Cross Site Request Forgery (CSRF) vulnerability — WP Add Active Class To Menu Item 4.3 Medium2025-03-11
CVE-2025-28912 WordPress Custom Dashboard Page plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability — Custom Dashboard Page 4.3 Medium2025-03-11

Vulnerabilities classified as CWE-352 (跨站请求伪造(CSRF)) represent 4751 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.