CWE-352 (跨站请求伪造(CSRF)) — Vulnerability Class 4753

4753 vulnerabilities classified as CWE-352 (跨站请求伪造(CSRF)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2024-37458	WordPress Highlight theme <= 1.0.29 - Cross Site Request Forgery (CSRF) vulnerability — Highlight	4.3	Medium	2025-01-02
CVE-2024-37467	WordPress Hestia theme <= 3.1.2 - Cross Site Request Forgery (CSRF) vulnerability — Hestia	4.3	Medium	2025-01-02
CVE-2024-37451	WordPress Travel Agency theme <= 1.4.9 - Cross Site Request Forgery (CSRF) vulnerability — Travel Agency	4.3	Medium	2025-01-02
CVE-2024-37450	WordPress Benevolent theme <= 1.3.4 - Cross Site Request Forgery (CSRF) vulnerability — Benevolent	4.3	Medium	2025-01-02
CVE-2024-37448	WordPress OnePress theme <= 2.3.6 - Cross Site Request Forgery (CSRF) vulnerability — OnePress	4.3	Medium	2025-01-02
CVE-2024-37441	WordPress NewsMash theme <= 1.0.34 - Cross Site Request Forgery (CSRF) vulnerability — NewsMash	4.3	Medium	2025-01-02
CVE-2024-37435	WordPress Perfect Portfolio theme <= 1.2.0 - Cross Site Request Forgery (CSRF) vulnerability — Perfect Portfolio	4.3	Medium	2025-01-02
CVE-2024-37431	WordPress Mesmerize theme <= 1.6.120 - Cross Site Request Forgery (CSRF) vulnerability — Mesmerize	4.3	Medium	2025-01-02
CVE-2024-37426	WordPress Elegant Pink theme 1.3.0 - Cross Site Request Forgery (CSRF) vulnerability — Elegant Pink	4.3	Medium	2025-01-02
CVE-2024-37421	WordPress JobScout theme <= 1.1.4 - Cross Site Request Forgery (CSRF) vulnerability — JobScout	4.3	Medium	2025-01-02
CVE-2024-37417	WordPress Coachify theme <= 1.0.7 - Cross Site Request Forgery (CSRF) vulnerability — Coachify	4.3	Medium	2025-01-02
CVE-2024-37413	WordPress Preschool and Kindergarten theme <= 1.2.1 - Cross Site Request Forgery (CSRF) vulnerability — Preschool and Kindergarten	4.3	Medium	2025-01-02
CVE-2024-37412	WordPress Blossom Shop theme <= 1.1.7 - Cross Site Request Forgery (CSRF) vulnerability — Blossom Shop	4.3	Medium	2025-01-02
CVE-2024-37274	WordPress WP Mobile Menu plugin <= 2.8.4.3 - Cross Site Request Forgery (CSRF) vulnerability — WP Mobile Menu	4.3	Medium	2025-01-02
CVE-2024-37272	WordPress Travel Monster theme <= 1.1.2 - Cross Site Request Forgery (CSRF) vulnerability — Travel Monster	4.3	Medium	2025-01-02
CVE-2024-37243	WordPress Vandana Lite theme <= 1.1.9 - Cross Site Request Forgery (CSRF) vulnerability — Vandana Lite	4.3	Medium	2025-01-02
CVE-2024-37242	WordPress Newspack Newsletters plugin <= 2.13.2 - Cross Site Request Forgery (CSRF) vulnerability — Newspack Newsletters	4.3	Medium	2025-01-02
CVE-2024-37240	WordPress Falang multilanguage for WordPress plugin <= 1.3.51 - Cross Site Request Forgery (CSRF) vulnerability — Falang multilanguage	4.3	Medium	2025-01-02
CVE-2024-37238	WordPress WPAdverts plugin <= 2.1.2 - Cross Site Request Forgery (CSRF) vulnerability — WPAdverts	4.3	Medium	2025-01-02
CVE-2024-37236	WordPress Loco Translate plugin <= 2.6.9 - Cross Site Request Forgery (CSRF) vulnerability — Loco Translate	4.3	Medium	2025-01-02
CVE-2024-37235	WordPress Groundhogg plugin <= 3.4.2.3 - Cross Site Request Forgery (CSRF) vulnerability — Groundhogg	4.3	Medium	2025-01-02
CVE-2024-37104	WordPress Chic Lite theme <= 1.1.3 - Cross Site Request Forgery (CSRF) vulnerability — Chic Lite	4.3	Medium	2025-01-02
CVE-2024-37103	WordPress Education Zone theme <= 1.3.4 - Cross Site Request Forgery (CSRF) vulnerability — Education Zone	4.3	Medium	2025-01-02
CVE-2024-37093	WordPress MasterStudy LMS plugin <= 3.2.1 - Cross Site Request Forgery (CSRF) vulnerability — MasterStudy LMS	4.3	Medium	2025-01-02
CVE-2024-37102	WordPress Vilva theme <= 1.2.2 - Cross Site Request Forgery (CSRF) vulnerability — Vilva	4.3	Medium	2025-01-02
CVE-2024-56207	WordPress EditionGuard for WooCommerce – eBook Sales with DRM plugin <= 3.4.2 - CSRF to Privilege Escalation vulnerability — EditionGuard for WooCommerce – eBook Sales with DRM	8.8	High	2024-12-31
CVE-2024-56206	WordPress gap-hub-user-role. plugin <= 3.4.1 - CSRF to Broken Authentication vulnerability — gap-hub-user-role	8.8	High	2024-12-31
CVE-2024-56204	WordPress Sinking Dropdowns plugin <= 1.25 - CSRF to Privilege Escalation vulnerability — Sinking Dropdowns	8.8	High	2024-12-31
CVE-2024-56203	WordPress Wayne Audio Player plugin <= 1.0 - CSRF to Privilege Escalation vulnerability — Wayne Audio Player	8.8	High	2024-12-31
CVE-2024-56218	WordPress Contact Form 7 - Dynamic Text Extension plugin <= 5.0.1 - Cross Site Request Forgery (CSRF) vulnerability — Contact Form 7 – Dynamic Text Extension	4.3	Medium	2024-12-31

Vulnerabilities classified as CWE-352 (跨站请求伪造(CSRF)) represent 4753 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-352 (跨站请求伪造(CSRF)) — Vulnerability Class 4753