CWE-352 (跨站请求伪造(CSRF)) — Vulnerability Class 4753

4753 vulnerabilities classified as CWE-352 (跨站请求伪造(CSRF)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-24717	WordPress Modal Window Plugin <= 6.1.4 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability — Modal Window	5.4	Medium	2025-01-24
CVE-2025-24715	WordPress Counter Box Plugin <= 2.0.5 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability — Counter Box	5.4	Medium	2025-01-24
CVE-2025-24713	WordPress Button Generator – easily Button Builder Plugin <= 3.1.1 - Cross Site Request Forgery (CSRF) vulnerability — Button Generator – easily Button Builder	5.4	Medium	2025-01-24
CVE-2025-24720	WordPress Sticky Buttons Plugin <= 4.1.1 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability — Sticky Buttons	5.4	Medium	2025-01-24
CVE-2025-24696	WordPress Gutenberg Blocks and Page Layouts Plugin <= 1.9.6 - Cross Site Request Forgery (CSRF) vulnerability — Attire Blocks	4.3	Medium	2025-01-24
CVE-2025-24712	WordPress Radius Blocks – WordPress Gutenberg Blocks Plugin <= 2.1.2 - Cross Site Request Forgery (CSRF) vulnerability — Radius Blocks	5.4	Medium	2025-01-24
CVE-2025-24698	WordPress Essential Real Estate plugin <= 5.1.8 - Cross Site Request Forgery (CSRF) vulnerability — Essential Real Estate	4.3	Medium	2025-01-24
CVE-2025-24711	WordPress Popup Box Plugin <= 3.2.4 - Cross Site Request Forgery (CSRF) vulnerability — Popup Box	5.4	Medium	2025-01-24
CVE-2025-24714	WordPress Bubble Menu Plugin <= 4.0.2 - Cross Site Request Forgery (CSRF) vulnerability — Bubble Menu – circle floating menu	5.4	Medium	2025-01-24
CVE-2025-24647	WordPress WooCommerce Cloak Affiliate Links plugin <= 1.0.35 - Cross Site Request Forgery (CSRF) vulnerability — WooCommerce Cloak Affiliate Links	5.4	Medium	2025-01-24
CVE-2025-24623	WordPress Really Simple Security plugin <= 9.1.4 - Cross Site Request Forgery (CSRF) vulnerability — Really Simple SSL	4.3	Medium	2025-01-24
CVE-2025-24622	WordPress Job Board Manager plugin <= 2.1.59 - Cross Site Request Forgery (CSRF) vulnerability — Job Board Manager	5.4	Medium	2025-01-24
CVE-2025-24636	WordPress MachForm Shortcode plugin <= 1.4.1 - CSRF to Stored XSS vulnerability — MachForm Shortcode	7.1	High	2025-01-24
CVE-2025-24562	WordPress KBucket plugin <= 4.1.6 - CSRF to Stored Cross-Site Scripting vulnerability — KBucket	7.1	High	2025-01-24
CVE-2025-24572	WordPress WP Fast Total Search plugin <= 1.78.258 - Cross Site Request Forgery (CSRF) vulnerability — WP Fast Total Search	6.5	Medium	2025-01-24
CVE-2025-24543	WordPress Ultimate Coming Soon & Maintenance plugin <= 1.0.9 - Cross Site Request Forgery (CSRF) vulnerability — Ultimate Coming Soon & Maintenance	4.3	Medium	2025-01-24
CVE-2025-24546	WordPress Ultimate Coming Soon & Maintenance plugin <= 1.0.9 - Cross Site Request Forgery (CSRF) vulnerability — Ultimate Coming Soon & Maintenance	5.4	Medium	2025-01-24
CVE-2025-24561	WordPress ReviewsTap plugin <= 1.1.2 - CSRF to Stored Cross-Site Scripting vulnerability — ReviewsTap	7.1	High	2025-01-24
CVE-2025-24555	WordPress Subscription DNA plugin <= 2.1 - CSRF to Stored XSS vulnerability — Subscription DNA	7.1	High	2025-01-24
CVE-2025-24568	WordPress Starter Templates plugin <= 4.4.9 - Cross Site Request Forgery (CSRF) vulnerability — Starter Templates	4.3	Medium	2025-01-24
CVE-2024-13683	Automate Hub Free by Sperse.IO <= 1.7.0 - Cross-Site Request Forgery to Activation Status Update — Automate Hub Free by Sperse.IO	4.3	Medium	2025-01-24
CVE-2025-22768	WordPress Rocket Media Library Mime Type plugin <= 2.1.0 - CSRF to Stored Cross Site Scripting (XSS) vulnerability — Rocket Media Library Mime Type	7.1	High	2025-01-23
CVE-2024-13511	Variation Swatches for WooCommerce 1.0.8 - 1.3.2 - Cross-Site Request Forgery to Plugin Settings Reset — Variation Swatches for WooCommerce	4.3	Medium	2025-01-23
CVE-2025-23803	WordPress Snippy Plugin <= 1.4.1 - CSRF to Cross Site Scripting (XSS) vulnerability — Snippy	7.1	High	2025-01-22
CVE-2025-23806	WordPress Ultimate Subscribe Plugin <=1.3 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability — Ultimate Subscribe	6.1	-	2025-01-22
CVE-2025-23996	WordPress AnyRoad plugin <= 1.3.2 - Cross Site Request Forgery (CSRF) vulnerability — AnyRoad	4.3	Medium	2025-01-21
CVE-2024-53829	Cross-Site Request Forgery in CodeChecker API — CodeChecker	8.2	High	2025-01-21
CVE-2025-24001	WordPress PPO Call To Actions plugin <= 0.1.3 - CSRF to Stored XSS vulnerability — PPO Call To Actions	7.1	High	2025-01-21
CVE-2024-13444	wp-greet <= 6.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting — wp-greet	6.1	Medium	2025-01-21
CVE-2024-12005	WP-BibTeX <= 3.0.1 - Cross-Site Request Forgery to Stored and Reflected Cross-Site Scripting — WP-BibTeX	6.1	Medium	2025-01-21

Vulnerabilities classified as CWE-352 (跨站请求伪造(CSRF)) represent 4753 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-352 (跨站请求伪造(CSRF)) — Vulnerability Class 4753