CWE-352 (跨站请求伪造(CSRF)) — Vulnerability Class 4750

4750 vulnerabilities classified as CWE-352 (跨站请求伪造(CSRF)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-53444	WordPress Userpro plugin < 5.1.11 - Cross Site Request Forgery (CSRF) vulnerability — Userpro	4.3	Medium	2026-04-15
CVE-2026-1852	Product Pricing Table by WooBeWoo <= 1.1.0 - Cross-Site Request Forgery to Stored XSS and Pricing Table Deletion — Product Pricing Table by WooBeWoo	6.1	Medium	2026-04-15
CVE-2026-40764	WordPress Contact Form by WPForms plugin <= 1.10.0.2 - Cross Site Request Forgery (CSRF) vulnerability — Contact Form by WPForms	8.1	-	2026-04-15
CVE-2026-28741	CSRF Protection Bypass Allows Updating a User's Authentication Method — Mattermost	6.8	Medium	2026-04-15
CVE-2026-4091	OPEN-BRAIN <= 0.5.0 - Cross-Site Request Forgery — OPEN-BRAIN	6.1	Medium	2026-04-15
CVE-2026-4002	Petje.af <= 2.1.8 - Cross-Site Request Forgery to Account Deletion via 'petjeaf_disconnect' AJAX Action — Petje.af	4.3	Medium	2026-04-15
CVE-2026-6293	Inquiry form to posts or pages <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'inq_header' Parameter — Inquiry form to posts or pages	4.3	Medium	2026-04-15
CVE-2026-40041	Pachno 1.0.6 Cross-Site Request Forgery via State-Changing Endpoints — Pachno	4.3	Medium	2026-04-13
CVE-2019-25708	Heatmiser Wifi Thermostat 1.7 Cross-Site Request Forgery — Heatmiser Wifi Thermostat	4.3	Medium	2026-04-12
CVE-2019-25693	ResourceSpace 8.6 SQL Injection via collection_edit.php — ResourceSpace	7.1	High	2026-04-12
CVE-2026-6109	FoundationAgents MetaGPT Mineflayer HTTP API index.js evaluateCode cross-site request forgery — MetaGPT	4.3	Medium	2026-04-12
CVE-2026-1924	Aruba HiSpeed Cache <= 3.0.4 - Cross-Site Request Forgery to Plugin Settings Reset — Aruba HiSpeed Cache	4.3	Medium	2026-04-10
CVE-2026-34721	Zammad has Cross-site request forgery (CSRF) in OAuth callback endpoints — zammad	8.8^AI	High^AI	2026-04-08
CVE-2026-0811	Advanced CF7 DB <= 2.0.9 - Cross-Site Request Forgery to Form Entry Deletion — Advanced Contact form 7 DB	5.4	Medium	2026-04-08
CVE-2026-1672	BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net <= 1.1.5 - Cross-Site Request Forgery to Product Data Modification — BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net	6.5	Medium	2026-04-08
CVE-2026-1673	BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net <= 1.1.5 - Cross-Site Request Forgery to Taxonomy Term Deletion — BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net	4.3	Medium	2026-04-08
CVE-2026-39710	WordPress RT-Theme 18 \| Extensions plugin <= 2.5 - Cross Site Request Forgery (CSRF) vulnerability — RT-Theme 18 \| Extensions	8.8^AI	High^AI	2026-04-08
CVE-2026-39671	WordPress Extra Fees Plugin for WooCommerce plugin <= 4.3.3 - Cross Site Request Forgery (CSRF) vulnerability — Extra Fees Plugin for WooCommerce	8.1^AI	High^AI	2026-04-08
CVE-2026-39641	WordPress Blackfyre theme <= 2.5.4 - Cross Site Request Forgery (CSRF) vulnerability — Blackfyre	8.8^AI	High^AI	2026-04-08
CVE-2026-39640	WordPress Theme Editor plugin <= 3.2 - Cross Site Request Forgery (CSRF) to Remote Code Execution vulnerability — Theme Editor	8.3^AI	High^AI	2026-04-08
CVE-2026-39635	WordPress Grand Magazine theme <= 3.5.5 - Cross Site Request Forgery (CSRF) vulnerability — Grand Magazine	8.8^AI	High^AI	2026-04-08
CVE-2026-39633	WordPress Grand Car Rental theme <= 3.6.9 - Cross Site Request Forgery (CSRF) vulnerability — Grand Car Rental	8.8^AI	High^AI	2026-04-08
CVE-2026-39634	WordPress Grand Portfolio theme <= 3.3 - Cross Site Request Forgery (CSRF) vulnerability — Grand Portfolio	8.8^AI	High^AI	2026-04-08
CVE-2026-39632	WordPress Grand Blog theme <= 3.1 - Cross Site Request Forgery (CSRF) vulnerability — Grand Blog	8.8^AI	High^AI	2026-04-08
CVE-2026-39620	WordPress Appointment theme <= 3.5.5 - Cross Site Request Forgery (CSRF) to Arbitrary File Upload vulnerability — Appointment	8.8^AI	High^AI	2026-04-08
CVE-2026-39618	WordPress NewsExo theme <= 7.1 - Cross Site Request Forgery (CSRF) vulnerability — NewsExo	8.8^AI	High^AI	2026-04-08
CVE-2026-39621	WordPress SpicePress theme <= 2.3.2.5 - CSRF to Arbitrary Plugin Installation vulnerability — SpicePress	8.8^AI	High^AI	2026-04-08
CVE-2026-39619	WordPress Busiprof theme <= 2.5.2 - Cross Site Request Forgery (CSRF) to Arbitrary File Upload vulnerability — Busiprof	8.8^AI	High^AI	2026-04-08
CVE-2026-39617	WordPress Bluestreet theme <= 1.7.3 - Cross Site Request Forgery (CSRF) to Arbitrary Plugin Installation vulnerability — Bluestreet	8.8^AI	High^AI	2026-04-08
CVE-2026-39603	WordPress Grand Photography theme <= 5.7.8 - Cross Site Request Forgery (CSRF) vulnerability — Grand Photography	8.8^AI	High^AI	2026-04-08

Vulnerabilities classified as CWE-352 (跨站请求伪造(CSRF)) represent 4750 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-352 (跨站请求伪造(CSRF)) — Vulnerability Class 4750