Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-352 (跨站请求伪造(CSRF)) — Vulnerability Class 4753

4753 vulnerabilities classified as CWE-352 (跨站请求伪造(CSRF)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-49672 WordPress Google Docs RSVP plugin <= 2.0.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability — Google Docs RSVP 7.1 High2024-10-29
CVE-2024-46872 Client-Side Path Traversal Leading to CSRF in Playbooks — Mattermost 4.6 Medium2024-10-29
CVE-2024-10448 code-projects Blood Bank Management System delete.php cross-site request forgery — Blood Bank Management System 4.3 Medium2024-10-28
CVE-2024-9598 AMP for WP – Accelerated Mobile Pages <= 1.0.99.1 - Cross-Site Request Forgery to Privilege Escalation — AMP for WP – Accelerated Mobile Pages 8.8 High2024-10-25
CVE-2024-47879 OpenRefine's PreviewExpressionCommand, which is eval, lacks protection against cross-site request forgery (CSRF) — OpenRefine 7.6 High2024-10-24
CVE-2024-9943 MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.4 - Cross-Site Request Forgery to Vendor Updates — MultiVendorX – WooCommerce Multivendor Marketplace Solutions 6.3 Medium2024-10-24
CVE-2024-10045 Transients Manager <= 2.0.6 - Cross-Site Request Forgery — Transients Manager 4.3 Medium2024-10-23
CVE-2024-26273 Liferay Portal和Liferay DXP 安全漏洞 — Portal 8.8 High2024-10-22
CVE-2024-26272 Liferay Portal和Liferay DXP 安全漏洞 — Portal 8.8 High2024-10-22
CVE-2024-8980 Liferay Portal 安全漏洞 — Portal 9.6 Critical2024-10-22
CVE-2024-26271 Liferay Portal和Liferay DXP 安全漏洞 — Portal 8.8 High2024-10-22
CVE-2024-9588 Category and Taxonomy Meta Fields <= 1.0.0 - Cross-Site Request Forgery to Taxonomy Meta Add/Delete — Category and Taxonomy Meta Fields 5.4 Medium2024-10-22
CVE-2024-43945 WordPress LatePoint plugin <= 4.9.91 - Cross Site Request Forgery (CSRF) vulnerability — LatePoint 6.5 Medium2024-10-21
CVE-2024-47634 WordPress CartBounty plugin <= 8.2 - Cross Site Request Forgery (CSRF) vulnerability — CartBounty – Save and recover abandoned carts for WooCommerce 5.4 Medium2024-10-20
CVE-2024-49250 WordPress Table of Contents Plus plugin <= 2408 - Cross Site Request Forgery (CSRF) vulnerability — Table of Contents Plus 4.3 Medium2024-10-20
CVE-2024-49272 WordPress Social Auto Poster plugin <= 5.3.15 - Cross Site Request Forgery (CSRF) vulnerability — Social Auto Poster 4.3 Medium2024-10-20
CVE-2024-49274 WordPress VOD Infomaniak plugin <= 1.5.7 - Cross Site Request Forgery (CSRF) vulnerability — VOD Infomaniak 5.4 Medium2024-10-20
CVE-2024-49275 WordPress IdeaPush plugin <= 8.69 - Cross Site Request Forgery (CSRF) vulnerability — IdeaPush 4.3 Medium2024-10-20
CVE-2024-49290 WordPress Cooked Pro plugin < 1.8.0 - Cross Site Request Forgery (CSRF) vulnerability — Cooked Pro 4.3 Medium2024-10-20
CVE-2024-49306 WordPress WP Content Copy Protection & No Right Click plugin <= 3.5.9 - Cross Site Request Forgery (CSRF) vulnerability — WP Content Copy Protection & No Right Click 4.3 Medium2024-10-20
CVE-2024-49627 WordPress WordPress Image SEO plugin <= 1.1.4 - Cross Site Request Forgery (CSRF) vulnerability — WordPress Image SEO 4.3 Medium2024-10-20
CVE-2024-49628 WordPress Most And Least Read Posts Widget plugin <= 2.5.18 - Cross Site Request Forgery (CSRF) vulnerability — Most And Least Read Posts Widget 4.3 Medium2024-10-20
CVE-2024-49335 WordPress GoogleDrive folder list plugin <= 2.2.2 - CSRF to Stored Cross Site Scripting (XSS) vulnerability — GoogleDrive folder list 7.1 High2024-10-20
CVE-2024-49605 WordPress Community Lite Video Chat plugin <= 2.2 - CSRF to Stored XSS vulnerability — AVChat Video Chat 7.1 High2024-10-20
CVE-2024-49629 WordPress Endless Posts Navigation plugin <= 2.2.7 - CSRF to Stored XSS vulnerability — Endless Posts Navigation 7.1 High2024-10-20
CVE-2024-49615 WordPress SafetyForms plugin <= 1.0.0 - CSRF to SQL Injection vulnerability — SafetyForms 8.2 High2024-10-20
CVE-2024-49617 WordPress Back Link Tracker plugin <= 1.0.0 - CSRF to SQL Injection vulnerability — Back Link Tracker 8.2 High2024-10-20
CVE-2024-49621 WordPress APA Register Newsletter Form plugin <= 1.0.0 - CSRF to SQL Injection vulnerability — APA Register Newsletter Form 8.2 High2024-10-20
CVE-2024-49622 WordPress Apa Banner Slider plugin <= 1.0.0 - CSRF to SQL Injection vulnerability — Apa Banner Slider 8.2 High2024-10-20
CVE-2023-6243 EventON PRO - WordPress Virtual Event Calendar Plugin <= 4.6.8 - Cross-Site Request Forgery via admin_test_email — EventON (Pro) - WordPress Virtual Event Calendar Plugin 4.3 Medium2024-10-19

Vulnerabilities classified as CWE-352 (跨站请求伪造(CSRF)) represent 4753 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.