Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-352 (跨站请求伪造(CSRF)) — Vulnerability Class 4750

4750 vulnerabilities classified as CWE-352 (跨站请求伪造(CSRF)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-1785 Code Snippets <= 3.9.4 - Cross-Site Request Forgery to Cloud Snippet Download/Update Actions — Code Snippets 4.3 Medium2026-02-06
CVE-2020-37149 Edimax Technology EW-7438RPn-v3 Mini 1.27 - Cross-Site Request Forgery (CSRF) to Command Execution — EW-7438RPn Mini 8.1 High2026-02-05
CVE-2020-37145 HRSALE 1.1.8 - Cross-Site Request Forgery (Add Admin) — HRSALE 4.3 Medium2026-02-05
CVE-2020-37144 Exagate Sysguard 6001 - Cross-Site Request Forgery (Add Admin) — Sysguard 6001 5.3 Medium2026-02-05
CVE-2020-37118 P5 FNIP-8x16A FNIP-4xSH 1.0.20 - Cross-Site Request Forgery (Add Admin) — FNIP-8x16A 3.5 Low2026-02-05
CVE-2024-40685 IBM Operations Analytics - Log Analysis is affected by CSRF Token Replay Attack — Operations Analytics - Log Analysis 4.3 Medium2026-02-04
CVE-2026-1835 lcg0124 BootDo cross-site request forgery — BootDo 4.3 Medium2026-02-04
CVE-2020-37096 Edimax EW-7438RPn - Cross-Site Request Forgery (MAC Filtering) — EW-7438RPn Mini 5.3 Medium2026-02-03
CVE-2020-37091 Maian Support Helpdesk 4.3 - Cross-Site Request Forgery (Add Admin) — Maian Support Helpdesk 5.3 Medium2026-02-03
CVE-2026-25151 Qwik City has a CSRF Protection Bypass via Content-Type Header Validation — qwik 5.9 Medium2026-02-03
CVE-2026-25155 [qwik-city] CSRF protection middleware does not work properly for content type header with parameters (eg. multipart/form-data) — qwik 5.9 Medium2026-02-03
CVE-2026-24434 Tenda AC7 Web Interface Lacks CSRF Protections for Admin Actions — Tenda AC7 6.5AIMediumAI2026-02-03
CVE-2026-24666 Open eClass is Vulnerable to CSRF in Teacher-Restricted Endpoints Allows Unauthorized Actions — openeclass 6.5 Medium2026-02-03
CVE-2026-25024 WordPress ThirstyAffiliates plugin <= 3.11.9 - Cross Site Request Forgery (CSRF) vulnerability — ThirstyAffiliates 8.8AIHighAI2026-02-03
CVE-2026-25015 WordPress UsersWP plugin <= 1.2.53 - Cross Site Request Forgery (CSRF) vulnerability — UsersWP 8.8AIHighAI2026-02-03
CVE-2026-25014 WordPress Enter Addons plugin <= 2.3.2 - Cross Site Request Forgery (CSRF) vulnerability — Enter Addons 8.8AIHighAI2026-02-03
CVE-2026-24986 WordPress Simple Membership WP user Import plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) vulnerability — Simple Membership WP user Import 8.8AIHighAI2026-02-03
CVE-2026-24966 WordPress Copyscape Premium plugin <= 1.4.1 - Cross Site Request Forgery (CSRF) vulnerability — Copyscape Premium 8.8AIHighAI2026-02-03
CVE-2026-24962 WordPress Sigmize plugin <= 0.0.9 - Cross Site Request Forgery (CSRF) vulnerability — Sigmize 8.8AIHighAI2026-02-03
CVE-2026-24942 WordPress WpEvently plugin <= 5.1.1 - Cross Site Request Forgery (CSRF) vulnerability — WpEvently 8.8AIHighAI2026-02-03
CVE-2026-20704 ELECOM WRC-X1500GS-B和ELECOM WRC-X1500GSA-B 跨站请求伪造漏洞 — WRC-X1500GS-B 8.8AIHighAI2026-02-03
CVE-2026-1447 Mail Mint <= 1.19.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting — Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails 5.4 Medium2026-02-03
CVE-2026-25221 PolarLearn has Multiple Login CSRFs via Missing OAuth state Parameter (GitHub & Google) — PolarLearn 8.1AIHighAI2026-02-02
CVE-2026-24007 Tuleap is missing CSRF protection in the Overview inconsistent items — tuleap 4.6 Medium2026-02-02
CVE-2026-1745 SourceCodester Medical Certificate Generator App cross-site request forgery — Medical Certificate Generator App 4.3 Medium2026-02-02
CVE-2026-1165 Popup Box <= 6.1.1 - Cross-Site Request Forgery to Popup Status Change — Popup Box – Create Countdown, Coupon, Video, Contact Form Popups 4.3 Medium2026-01-31
CVE-2020-37054 Navigate CMS 2.8.7 - Cross-Site Request Forgery — Navigate CMS 4.3 Medium2026-01-30
CVE-2020-37046 Sistem Informasi Pengumuman Kelulusan Online 1.0 - Cross-Site Request Forgery — Sistem Informasi Pengumuman Kelulusan Online 5.3 Medium2026-01-30
CVE-2020-37026 Sickbeard 0.1 - Cross-Site Request Forgery — Sickbeard 5.3 Medium2026-01-30
CVE-2025-15550 birkir prime <= 0.4.0.beta.0 - Cross-Site Request Forgery in GraphQL — prime 5.3 Medium2026-01-29

Vulnerabilities classified as CWE-352 (跨站请求伪造(CSRF)) represent 4750 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.