CWE-352 (跨站请求伪造(CSRF)) — Vulnerability Class 4751

4751 vulnerabilities classified as CWE-352 (跨站请求伪造(CSRF)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-15550	birkir prime <= 0.4.0.beta.0 - Cross-Site Request Forgery in GraphQL — prime	5.3	Medium	2026-01-29
CVE-2020-37007	Liman 0.7 - Cross-Site Request Forgery (Change Password) — Liman	5.3	Medium	2026-01-29
CVE-2025-14472	Acquia Content Hub - Moderately critical - Cross-Site Request Forgery - SA-CONTRIB-2025-125 — Acquia Content Hub	8.8^AI	High^AI	2026-01-28
CVE-2025-13982	Login Time Restriction - Moderately critical - Cross-Site Request Forgery - SA-CONTRIB-2025-120 — Login Time Restriction	8.8^AI	High^AI	2026-01-28
CVE-2025-14795	Stop Spammers Classic <= 2026.1 - Cross-Site Request Forgery via Email Allowlist — Stop Spammers Classic	4.3	Medium	2026-01-28
CVE-2025-59901	authenticated reflected XSS vulnerability in Sync Breeze Enterprise Server — Sync Breeze Enterprise Server	5.4^AI	Medium^AI	2026-01-28
CVE-2025-59894	Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server — Sync Breeze Enterprise Server	8.0^AI	High^AI	2026-01-28
CVE-2025-59893	Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server — Sync Breeze Enterprise Server	8.0^AI	High^AI	2026-01-28
CVE-2025-59892	Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server — Sync Breeze Enterprise Server	8.0^AI	High^AI	2026-01-28
CVE-2025-59891	Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server — Sync Breeze Enterprise Server	8.8^AI	High^AI	2026-01-28
CVE-2025-14616	Recooty <= 1.0.6 - Cross-Site Request Forgery to Settings Update — Recooty – Job Widget (Old Dashboard)	4.3	Medium	2026-01-28
CVE-2026-1398	Change WP URL <= 1.0 - Cross-Site Request Forgery to Settings Update — Change WP URL	4.3	Medium	2026-01-28
CVE-2026-1380	Bitcoin Donate Button <= 1.0 - Cross-Site Request Forgery to Settings Update — Bitcoin Donate Button	4.3	Medium	2026-01-28
CVE-2026-1377	imwptip <= 1.1 - Cross-Site Request Forgery to Settings Update — imwptip	4.3	Medium	2026-01-28
CVE-2026-24408	sigstore has CSRF possibility in OIDC authentication during signing — sigstore-python	-	-	2026-01-26
CVE-2026-24432	Tenda W30E V2 Missing CSRF Protections for Administrative Actions — W30E V2	8.8^AI	High^AI	2026-01-26
CVE-2025-13205	SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity <= 2.5.2 - Cross-Site Request Forgery to Survey Cloning — SurveyJS: Drag & Drop Form Builder	4.3	Medium	2026-01-24
CVE-2025-13194	SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity <= 2.5.2 - Cross-Site Request Forgery to Survey Renaming — SurveyJS: Drag & Drop Form Builder	4.3	Medium	2026-01-24
CVE-2026-1208	Friendly Functions for Welcart <= 1.2.5 - Cross-Site Request Forgery to Settings Update — Friendly Functions for Welcart	4.3	Medium	2026-01-24
CVE-2025-13139	SurveyJS: Drag & Drop WordPress Form Builder <= 2.5.2 - Cross-Site Request Forgery to Survey Creation — SurveyJS: Drag & Drop Form Builder	4.3	Medium	2026-01-24
CVE-2025-14630	AdminQuickbar <= 1.9.3 - Cross-Site Request Forgery to Settings Update — AdminQuickbar	4.3	Medium	2026-01-24
CVE-2025-14907	Moderate Selected Posts <= 1.4 - Cross-Site Request Forgery to Plugin Settings Update — Moderate Selected Posts	4.3	Medium	2026-01-24
CVE-2026-1088	Login Page Editor <= 1.2 - Cross-Site Request Forgery to Settings Update — Login Page Editor	4.3	Medium	2026-01-24
CVE-2026-1081	Set Bulk Post Categories <= 1.1 - Cross-Site Request Forgery to Bulk Post Category Update — Set Bulk Post Categories	4.3	Medium	2026-01-24
CVE-2026-1075	ZT Captcha <= 1.0.4 - Cross-Site Request Forgery to Settings Update — ZT Captcha	4.3	Medium	2026-01-24
CVE-2026-1076	Star Review Manager <= 1.2.2 - Cross-Site Request Forgery to Settings Update — Star Review Manager	4.3	Medium	2026-01-24
CVE-2025-14906	WP Youtube Video Gallery <= 1.0 - Cross-Site Request Forgery to Plugin Settings Update — WP Youtube Video Gallery	4.3	Medium	2026-01-24
CVE-2025-14903	Simple Crypto Shortcodes <= 1.0.2 - Cross-Site Request Forgery to Plugin Settings Update — Simple Crypto Shortcodes	4.3	Medium	2026-01-24
CVE-2026-1070	Alex User Counter <= 6.0 - Cross-Site Request Forgery to Settings Update — Alex User Counter	4.3	Medium	2026-01-24
CVE-2026-24596	WordPress Related Posts Thumbnails plugin for WordPress plugin <= 4.3.2 - Cross Site Request Forgery (CSRF) vulnerability — Related Posts Thumbnails Plugin for WordPress	4.3	Medium	2026-01-23

Vulnerabilities classified as CWE-352 (跨站请求伪造(CSRF)) represent 4751 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-352 (跨站请求伪造(CSRF)) — Vulnerability Class 4751