CWE-352 (跨站请求伪造(CSRF)) — Vulnerability Class 4751

4751 vulnerabilities classified as CWE-352 (跨站请求伪造(CSRF)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-25145	WordPress Infusionsoft Analytics Plugin <= 2.0 - Cross-Site Request Forgery (CSRF) vulnerability — Infusionsoft Analytics	5.4	Medium	2025-02-07
CVE-2025-25126	WordPress ZMSEO plugin <= 1.14.1 - CSRF to Stored XSS vulnerability — ZMSEO	7.1	High	2025-02-07
CVE-2025-25128	WordPress Facilita Form Tracker plugin <= 1.0 - CSRF to Stored XSS vulnerability — Facilita Form Tracker	7.1	High	2025-02-07
CVE-2025-25146	WordPress Songkick Concerts and Festivals plugin <= 0.9.7 - Cross Site Request Forgery (CSRF) vulnerability — Songkick Concerts and Festivals	4.3	Medium	2025-02-07
CVE-2025-25123	WordPress Easy Related Posts plugin <= 2.0.2 - CSRF to Stored XSS vulnerability — Easy Related Posts	7.1	High	2025-02-07
CVE-2025-25125	WordPress Fyrebox Quizzes plugin <= 3.1 - CSRF to Stored XSS vulnerability — Fyrebox Quizzes	7.1	High	2025-02-07
CVE-2025-25103	WordPress Indeed API Plugin <= 0.5 - CSRF to Settings Change vulnerability — Indeed API	4.3	Medium	2025-02-07
CVE-2025-25101	WordPress Munk Sites plugin <= 1.0.7 - CSRF to Arbitrary Plugin Installation vulnerability — Munk Sites	9.6	Critical	2025-02-07
CVE-2025-25107	WordPress OneStore Sites plugin <= 0.1.1 - CSRF to Arbitrary Plugin Installation vulnerability — OneStore Sites	9.6	Critical	2025-02-07
CVE-2025-25106	WordPress Starter Templates by FancyWP plugin <= 2.0.0 - CSRF to Arbitrary Plugin Installation vulnerability — Starter Templates by FancyWP	9.6	Critical	2025-02-07
CVE-2025-25088	WordPress WP Keyword Monitor Plugin <=1.0.5 - CSRF to Stored XSS vulnerability — WP Keyword Monitor	7.1	High	2025-02-07
CVE-2025-25111	WordPress WP Spell Check plugin <= 9.21 - Cross Site Request Forgery (CSRF) vulnerability — WP Spell Check	5.4	Medium	2025-02-07
CVE-2025-25104	WordPress URL-Preview-Box plugin <= 1.20 - CSRF to Stored XSS vulnerability — URL-Preview-Box	7.1	High	2025-02-07
CVE-2025-25093	WordPress Child Themes Helper plugin <= 2.2.7 - CSRF to Arbitrary File Deletion vulnerability — Child Themes Helper	6.1	Medium	2025-02-07
CVE-2025-25071	WordPress Vignette Ads plugin <= 0.2 - CSRF to Stored XSS vulnerability — Vignette Ads	7.1	High	2025-02-07
CVE-2025-25075	WordPress Show notice or message on admin area plugin <= 2.0 - CSRF to Stored XSS vulnerability — Show notice or message on admin area	7.1	High	2025-02-07
CVE-2025-25074	WordPress WP Social Stream plugin <= 1.1 - CSRF to Stored XSS vulnerability — WP Social Stream	7.1	High	2025-02-07
CVE-2025-25072	WordPress WP Admin Custom Page plugin <= 1.5.0 - CSRF to Stored XSS vulnerability — WP Admin Custom Page	7.1	High	2025-02-07
CVE-2025-1084	Mindskip xzs-mysql 学之思开源考试系统 cross-site request forgery — xzs-mysql 学之思开源考试系统	4.3	Medium	2025-02-06
CVE-2025-1074	Webkul QloApps URL mylogout cross-site request forgery — QloApps	4.3	Medium	2025-02-06
CVE-2024-49795	IBM ApplinX Cross-Site Request Forgery — ApplinX	4.3	Medium	2025-02-05
CVE-2024-49794	IBM ApplinX Cross-Site Request Forgery — ApplinX	4.3	Medium	2025-02-05
CVE-2024-35138	IBM Security Verify Access cross-site request forgery — Security Verify Access Appliance	6.5	Medium	2025-02-04
CVE-2024-13510	ShopSite <= 1.5.10 - Cross-Site Request Forgery to Stored Cross-Site Scripting — ShopSite	6.1	Medium	2025-02-04
CVE-2024-13356	DSGVO All in one for WP <= 4.6 - Cross-Site Request Forgery to Account Deletion — DSGVO All in one for WP	6.5	Medium	2025-02-04
CVE-2025-24982	WordPress plugin Activity Log WinterLock 跨站请求伪造漏洞 — Activity Log WinterLock	4.3	-	2025-02-04
CVE-2025-22703	WordPress Forge – Front-End Page Builder plugin <= 1.4.6 - CSRF to Stored Cross Site Scripting (XSS) vulnerability — Forge – Front-End Page Builder	7.1	High	2025-02-03
CVE-2025-22688	WordPress Unlimited Page Sidebars plugin <= 0.2.6 - CSRF to Stored XSS vulnerability — Unlimited Page Sidebars	7.1	High	2025-02-03
CVE-2025-22685	WordPress Tags to Keywords plugin <= 1.0.1 - CSRF to Stored XSS vulnerability — Tags to Keywords	7.1	High	2025-02-03
CVE-2025-22690	WordPress DigiTimber cPanel Integration plugin <= 1.4.6 - CSRF to Stored XSS vulnerability — DigiTimber cPanel Integration	7.1	High	2025-02-03

Vulnerabilities classified as CWE-352 (跨站请求伪造(CSRF)) represent 4751 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-352 (跨站请求伪造(CSRF)) — Vulnerability Class 4751