Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-352 (跨站请求伪造(CSRF)) — Vulnerability Class 4753

4753 vulnerabilities classified as CWE-352 (跨站请求伪造(CSRF)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-39657 WordPress Sender plugin <= 2.6.18 - Cross Site Request Forgery (CSRF) vulnerability — Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce 4.3 Medium2024-08-26
CVE-2024-43116 WordPress Simple Local Avatars plugin <= 2.7.10 - Cross Site Request Forgery (CSRF) vulnerability — Simple Local Avatars 4.3 Medium2024-08-26
CVE-2024-43117 WordPress Hummingbird plugin <= 3.9.1 - Cross Site Request Forgery (CSRF) vulnerability — Hummingbird 4.3 Medium2024-08-26
CVE-2024-43265 WordPress Analytify plugin <= 5.3.1 - CSRF Leading to Optout Vulnerability — Analytify 4.3 Medium2024-08-26
CVE-2024-43269 WordPress Backup and Restore WordPress plugin <= 1.50 - Cross Site Request Forgery (CSRF) vulnerability — Backup and Restore WordPress 4.3 Medium2024-08-26
CVE-2024-43287 WordPress Brevo plugin <= 3.1.82 - Cross Site Request Forgery (CSRF) vulnerability — Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue 4.3 Medium2024-08-26
CVE-2024-43295 WordPress WP Data Access plugin <= 5.5.7 - Cross Site Request Forgery (CSRF) vulnerability — WP Data Access 4.3 Medium2024-08-26
CVE-2024-43299 WordPress SpeedyCache plugin <= 1.1.8 - Cross Site Request Forgery (CSRF) vulnerability — SpeedyCache 5.4 Medium2024-08-26
CVE-2024-43301 WordPress Fonts plugin <= 3.7.7 - Cross Site Request Forgery (CSRF) to Stored XSSvulnerability — Fonts 7.1 High2024-08-26
CVE-2024-43316 WordPress Stripe Payments For WooCommerce plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) vulnerability — Stripe Payments For WooCommerce by Checkout 4.3 Medium2024-08-26
CVE-2024-43325 WordPress Dark Mode for WP Dashboard plugin <= 1.2.3 - Cross Site Request Forgery vulnerability — Dark Mode for WP Dashboard 4.3 Medium2024-08-26
CVE-2024-43336 WordPress WP User Manager – User Profile Builder & Membership plugin <= 2.9.10 - Cross Site Request Forgery (CSRF) vulnerability — WP User Manager 4.3 Medium2024-08-26
CVE-2024-43337 WordPress Brave plugin <= 0.7.0 - Cross Site Request Forgery (CSRF) vulnerability — Brave Popup Builder 4.3 Medium2024-08-26
CVE-2024-43340 WordPress AFI – The Easiest Integration Plugin plugin <= 1.89.4 - Cross Site Request Forgery (CSRF) vulnerability — Advanced Form Integration 4.3 Medium2024-08-26
CVE-2024-43356 WordPress oik plugin <= 4.12.0 - Arbitrary File Deletion vulnerability — oik 4.3 Medium2024-08-26
CVE-2024-43339 WordPress WordPress Webinar Plugin – WebinarPress plugin <= 1.33.20 - Cross Site Request Forgery (CSRF) vulnerability — WebinarPress 5.4 Medium2024-08-26
CVE-2024-8120 ImageRecycle pdf & image compression <= 3.1.14 - Cross-Site Request in Several AJAX Actions — ImageRecycle pdf & image compression 4.7 Medium2024-08-24
CVE-2024-7568 Favicon Generator <= 1.5 - Cross-Site Request Forgery to Arbitrary File Deletion — Favicon Generator (CLOSED) 9.6 Critical2024-08-24
CVE-2024-43787 Hono CSRF middleware can be bypassed using crafted Content-Type header — hono 5.0 Medium2024-08-22
CVE-2024-39744 IBM Sterling Connect:Direct Web Services cross-site request forgery — Sterling Connect:Direct Web Services 4.3 Medium2024-08-22
CVE-2024-40886 One-click Client-Side Path Traversal Leading to CSRF in User Management admin page — Mattermost 4.6 Medium2024-08-22
CVE-2024-20486 Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability — Cisco Identity Services Engine Software 6.5 Medium2024-08-21
CVE-2024-7647 OTA Sync Booking Engine Widget 1.2.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting — OTA Sync Booking Engine Widget 6.1 Medium2024-08-21
CVE-2024-7850 BP Profile Search <= 5.7.5 - Cross-Site Request Forgery to Reflected Cross-Site Scripting — BP Profile Search 6.1 Medium2024-08-20
CVE-2023-3408 Bricks <= 1.8.1 - Cross-Site Request Forgery via save_settings — Bricks 4.3 Medium2024-08-17
CVE-2023-3409 Bricks <= 1.8.1 - Cross-Site Request Forgery via reset_settings — Bricks 5.4 Medium2024-08-17
CVE-2023-1604 Short URL <= 1.6.8 - Cross-Site Request Forgery via configuration_page — Short URL 4.7 Medium2024-08-17
CVE-2024-7501 Download Plugins and Themes from Dashboard <= 1.8.7 - Cross-Site Request Forgery — Download Plugins and Themes in ZIP from Dashboard 4.2 Medium2024-08-16
CVE-2024-7422 Theme My Login <= 7.1.7 - Cross-Site Request Forgery to Settings Update — Theme My Login 4.3 Medium2024-08-16
CVE-2024-42476 oauth CSRF vulnerability — oauth 6.5 Medium2024-08-15

Vulnerabilities classified as CWE-352 (跨站请求伪造(CSRF)) represent 4753 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.