CWE-352 (跨站请求伪造(CSRF)) — Vulnerability Class 4754

4754 vulnerabilities classified as CWE-352 (跨站请求伪造(CSRF)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2023-51486	WordPress WooCommerce PDF Invoice Builder, Create invoices, packing slips and more plugin <= 1.2.101 - Cross Site Request Forgery (CSRF) vulnerability — WooCommerce PDF Invoice Builder	5.4	Medium	2024-03-16
CVE-2023-51487	WordPress ARI Stream Quiz – WordPress Quizzes Builder plugin <= 1.2.32 - Cross Site Request Forgery (CSRF) vulnerability — ARI Stream Quiz	5.4	Medium	2024-03-16
CVE-2023-51489	WordPress Crowdsignal Polls & Ratings plugin <= 3.0.11 - Cross Site Request Forgery (CSRF) vulnerability — Crowdsignal Dashboard – Polls, Surveys & more	5.4	Medium	2024-03-16
CVE-2023-51491	WordPress Depicter Slider plugin <= 2.0.6 - Cross Site Request Forgery (CSRF) vulnerability — Depicter Slider	5.4	Medium	2024-03-16
CVE-2023-51510	WordPress Export Media URLs plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability — Export Media URLs	4.3	Medium	2024-03-16
CVE-2023-51521	WordPress Quiz And Survey Master plugin <= 8.1.18 - Cross Site Request Forgery (CSRF) vulnerability — Quiz And Survey Master	5.4	Medium	2024-03-16
CVE-2023-51407	WordPress Split Test For Elementor plugin <= 1.6.9 - Cross Site Request Forgery (CSRF) vulnerability — Split Test For Elementor	4.3	Medium	2024-03-16
CVE-2023-51522	WordPress Paid Membership Subscriptions plugin <= 2.10.4 - Cross Site Request Forgery (CSRF) vulnerability — Paid Member Subscriptions	4.3	Medium	2024-03-15
CVE-2023-51369	WordPress Customize My Account for WooCommerce plugin <= 1.8.3 - Cross Site Request Forgery (CSRF) vulnerability — Customize My Account for WooCommerce	4.3	Medium	2024-03-15
CVE-2023-50886	WordPress Legal Pages plugin <= 1.3.7 - CSRF + Broken Access Control vulnerability — Legal Pages	4.3	Medium	2024-03-15
CVE-2023-51525	WordPress WP Simple Booking Calendar plugin <= 2.0.8.4 - Cross Site Request Forgery (CSRF) vulnerability — WP Simple Booking Calendar	4.3	Medium	2024-03-15
CVE-2023-50861	WordPress HUSKY plugin <= 1.3.4.3 - Cross Site Request Forgery (CSRF) vulnerability — HUSKY – Products Filter for WooCommerce (formerly WOOF)	4.3	Medium	2024-03-15
CVE-2024-2483	Surya2Developer Hostel Management Service Password Change change-password.php cross-site request forgery — Hostel Management Service	4.3	Medium	2024-03-15
CVE-2024-27265	IBM Integration Bus for z/OS cross-site request forgery — Integration Bus for z/OS	4.5	Medium	2024-03-14
CVE-2024-28195	Cross-Site Request Forgery (CSRF) vulnerability in API and login in your_spotify — your_spotify	8.1	High	2024-03-13
CVE-2024-1489	SMS Alert Order Notifications – WooCommerce <= 3.6.9 - Cross-Site Request Forgery — SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart Recovery	4.3	Medium	2024-03-13
CVE-2024-0827	Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio <= 3.6.4 - Cross-Site Request Forgery — Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio	4.3	Medium	2024-03-13
CVE-2024-0830	Comments Extra Fields For Post,Pages and CPT <= 5.0 - Cross-Site Request Forgery — Comments Extra Fields For Post,Pages and CPT	4.3	Medium	2024-03-13
CVE-2024-0592	Related Posts for WordPress <= 2.2.1 - Cross-Site Request Forgery — Related Posts for WordPress	5.4	Medium	2024-03-13
CVE-2024-1642	MainWP Dashboard <= 4.6.0.1 - Cross-Site Request Forgery via posting_bulk — MainWP Dashboard: Self-hosted WordPress Management for Agencies	4.3	Medium	2024-03-13
CVE-2024-2416	Cross-Site Request Forgery vulnerability in Movistar 4G router — Router Movistar 4G	6.5	Medium	2024-03-13
CVE-2024-1214	Easy Social Feed <= 6.5.4 - Cross-Site Request Forgery — Easy Social Feed – Social Photos Gallery and Post Feed for WordPress	4.3	Medium	2024-03-12
CVE-2024-1213	Easy Social Feed <= 6.5.4 - Cross-Site Request Forgery — Easy Social Feed – Social Photos Gallery and Post Feed for WordPress	5.4	Medium	2024-03-12
CVE-2024-1503	Tutor LMS – eLearning and online course solution <= 2.6.1 - Cross-Site Request Forgery to Plugin Deactivation and Data Erase — Tutor LMS – eLearning and online course solution	4.3	Medium	2024-03-12
CVE-2023-4629	LadiApp <= 4.4 - Cross-Site Request Forgery via save_config() — LadiApp: Landing Page, PopupX, Marketing Automation, Affiliate Marketing…	4.3	Medium	2024-03-12
CVE-2023-4729	LadiApp: Landing Page, PopupX, Marketing Automation, Affiliate Marketing… <= 4.4 - Cross-Site Request Forgery via publish_lp() — LadiApp: Landing Page, PopupX, Marketing Automation, Affiliate Marketing…	4.3	Medium	2024-03-12
CVE-2023-4731	LadiApp: Landing Page, PopupX, Marketing Automation, Affiliate Marketing… <= 4.4 - Cross-Site Request Forgery via init_endpoint — LadiApp: Landing Page, PopupX, Marketing Automation, Affiliate Marketing…	4.3	Medium	2024-03-12
CVE-2023-4628	LadiApp <= 4.4 - Cross-Site Request Forgery via ladiflow_save_hook() — LadiApp: Landing Page, PopupX, Marketing Automation, Affiliate Marketing…	4.3	Medium	2024-03-12
CVE-2024-2354	Dreamer CMS toEdit cross-site request forgery — CMS	4.3	Medium	2024-03-10
CVE-2024-2316	Bdtask Hospital AutoManager Update Bill Page cross-site request forgery — Hospital AutoManager	4.3	Medium	2024-03-08

Vulnerabilities classified as CWE-352 (跨站请求伪造(CSRF)) represent 4754 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-352 (跨站请求伪造(CSRF)) — Vulnerability Class 4754