CWE-352 (跨站请求伪造(CSRF)) — Vulnerability Class 4751

4751 vulnerabilities classified as CWE-352 (跨站请求伪造(CSRF)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2024-11640	VikRentCar Car Rental Management System <= 1.4.2 - Cross-Site Request Forgery to Authenticated (Subscriber+) Arbitrary File Upload — VikRentCar Car Rental Management System	8.8	High	2025-03-08
CVE-2024-13774	Wishlist for WooCommerce: Multi Wishlists Per Customer <= 3.1.7 - Cross-Site Request Forgery to Cross-Site Scriping via Wishlist Name — Wishlist for WooCommerce: Multi Wishlists Per Customer	6.1	Medium	2025-03-08
CVE-2024-12634	Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins <= 2.0.59 - Cross-Site Request Forgery to Stored Cross-Site Scripting — Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins	6.1	Medium	2025-03-07
CVE-2025-0748	Homey <= 2.4.3 - Cross-Site Request Forgery to User Verification — Homey	4.3	Medium	2025-03-07
CVE-2025-2042	huang-yk student-manage cross-site request forgery — student-manage	4.3	Medium	2025-03-06
CVE-2025-1383	Podlove Podcast Publisher <= 4.2.2 - Cross-Site Request Forgery via ajax_transcript_delete Function — Podlove Podcast Publisher	4.3	Medium	2025-03-06
CVE-2025-1463	Spreadsheet Integration <= 3.8.2 - Cross-Site Request Forgery to Arbitrary Post Publish — WPGSI: Spreadsheet Integration	4.3	Medium	2025-03-05
CVE-2025-0990	I Am Gloria <= 1.1.4 - Cross-Site Request Forgery — I Am Gloria	4.3	Medium	2025-03-05
CVE-2025-1435	bbPress <= 2.6.11 - Cross-Site Request Forgery to Limited Privilege Escalation — bbPress	6.3	Medium	2025-03-05
CVE-2025-27402	Tuleap is missing CSRF protections on tracker fields administrative operations — tuleap	4.6	Medium	2025-03-04
CVE-2024-13682	Wallet System for WooCommerce – Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction <= 2.6.2 - Cross-Site Request Forgery — Wallet System for WooCommerce – Digital Wallet, Buy Now Pay Later (BNPL), Instant Cashback, Referral program, Partial & Subscription Payments	4.3	Medium	2025-03-04
CVE-2025-1306	Newscrunch <= 1.8.4 - Cross-Site Request Forgery to Arbitrary File Upload — Newscrunch	8.8	High	2025-03-04
CVE-2025-1891	shishuocms cross-site request forgery — shishuocms	4.3	Medium	2025-03-03
CVE-2025-25137	WordPress Social Links plugin <= 1.0.11 - Stored Cross-Site Scripting vulnerability — Social Links	6.5	Medium	2025-03-03
CVE-2025-25121	WordPress Theme Options Z Plugin <= 1.4 - Cross Site Request Forgery (CSRF) vulnerability — Theme Options Z	5.4	High	2025-03-03
CVE-2025-23502	WordPress Curated Search plugin <= 1.2 - CSRF to Stored XSS vulnerability — Curated Search	7.1	High	2025-03-03
CVE-2025-23446	WordPress WP SpaceContent plugin <= 0.4.5 - CSRF to Stored Cross Site Scripting (XSS) vulnerability — WP SpaceContent	7.1	High	2025-03-03
CVE-2025-1813	zj1983 zz cross-site request forgery — zz	4.3	Medium	2025-03-02
CVE-2025-27579	ESP-Miner 跨站请求伪造漏洞 — ESP-MIner	5.4	Medium	2025-03-02
CVE-2024-13518	Simple:Press <= 6.10.12 - Cross-Site Request Forgery to Unauthorized Post Editing — Simple:Press Forum	4.3	Medium	2025-03-01
CVE-2025-1506	Wp Social Login and Register Social Counter <= 3.1.0 - Cross-Site Request Forgery to Settings Update — Wp Social Login and Register Social Counter	4.3	Medium	2025-02-28
CVE-2025-0801	RateMyAgent Official <= 1.4.0 - Cross-Site Request Forgery to API Key Update — RateMyAgent Official	4.3	Medium	2025-02-28
CVE-2025-1687	Cardealer <= 1.6.4 - Cross-Site Request Forgery to User Update via update_user_profile — Car Dealer Automotive WordPress Theme – Responsive	8.8	High	2025-02-27
CVE-2025-1745	LinZhaoguan pb-cms Logout cross-site request forgery — pb-cms	4.3	Medium	2025-02-27
CVE-2024-0392	Cross-Site Request Forgery (CSRF) in WSO2 Enterprise Integrator 6.6.0 Management Console Due to Missing CSRF Token Validation — WSO2 Enterprise Integrator	5.4	Medium	2025-02-27
CVE-2024-13647	School Management System – SakolaWP <= 1.0.8 - Cross-Site Request Forgery to Exam Setting Manipulation — School Management System – SakolaWP	4.3	Medium	2025-02-27
CVE-2025-26925	WordPress Admin Menu Manager plugin <= 1.0.3 - Cross Site Request Forgery (CSRF) vulnerability — Admin Menu Manager	4.3	Medium	2025-02-26
CVE-2024-13560	Subscriptions & Memberships for PayPal <= 1.1.6 - Cross-Site Request Forgery to Arbitrary Post Deletion — Subscriptions & Memberships for PayPal	4.3	Medium	2025-02-26
CVE-2025-26963	WordPress ClickWhale plugin <= 2.4.3 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability — ClickWhale	5.4	Medium	2025-02-25
CVE-2025-26931	WordPress Tribulant Gallery Voting plugin <= 1.2.1 - CSRF to Stored XSS vulnerability — Tribulant Gallery Voting	7.1	High	2025-02-25

Vulnerabilities classified as CWE-352 (跨站请求伪造(CSRF)) represent 4751 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-352 (跨站请求伪造(CSRF)) — Vulnerability Class 4751