CWE-352 (跨站请求伪造(CSRF)) — Vulnerability Class 4750

4750 vulnerabilities classified as CWE-352 (跨站请求伪造(CSRF)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-25411	WordPress Revision Manager TMC plugin <= 2.8.22 - Cross Site Request Forgery (CSRF) vulnerability — Revision Manager TMC	8.8^AI	High^AI	2026-02-19
CVE-2026-25337	WordPress Coachify theme <= 1.1.5 - Cross Site Request Forgery (CSRF) vulnerability — Coachify	8.8^AI	High^AI	2026-02-19
CVE-2026-25322	WordPress PublishPress Revisions plugin <= 3.7.22 - Cross Site Request Forgery (CSRF) vulnerability — PublishPress Revisions	8.8^AI	High^AI	2026-02-19
CVE-2026-25319	WordPress Zita Elementor Site Library plugin <= 1.6.6 - Cross Site Request Forgery (CSRF) vulnerability — Zita Elementor Site Library	8.8^AI	High^AI	2026-02-19
CVE-2026-1455	Whatsiplus Scheduled Notification for Woocommerce <= 1.0.1 - Cross-Site Request Forgery to 'wsnfw_save_users_settings' AJAX Action — Whatsiplus Scheduled Notification for Woocommerce	4.3	Medium	2026-02-19
CVE-2025-14167	Remove Post Type Slug <= 1.0.2 - Cross-Site Request Forgery to Settings Update — Remove Post Type Slug	4.3	Medium	2026-02-19
CVE-2025-13438	Page Title, Description & Open Graph Updater <= 1.02 - Cross-Site Request Forgery to Arbitrary Page Title Modification — Page Title, Description & Open Graph Updater	4.3	Medium	2026-02-19
CVE-2025-13413	Country Blocker for AdSense <= 1.0 - Cross-Site Request Forgery to Settings Update — Country Blocker for AdSense	4.3	Medium	2026-02-19
CVE-2025-12821	NewsBlogger <= 0.2.5.6 - 0.2.6.1 - Cross-Site Request Forgery to Arbitrary Plugin Installation — NewsBlogger	8.8	High	2026-02-19
CVE-2025-12172	Mailchimp List Subscribe Form <= 2.0.0 - Cross-Site Request Forgery to Mailchimp List Change — Mailchimp List Subscribe Form	4.3	Medium	2026-02-19
CVE-2019-25359	SD.NET RIM 4.7.3c - 'idtyp' SQL Injection — SD.NET RIM	8.2	High	2026-02-18
CVE-2026-2658	newbee-ltd newbee-mall Multiple Endpoints cross-site request forgery — newbee-mall	4.3	Medium	2026-02-18
CVE-2026-2112	Dam Spam <= 1.0.8 - Cross-Site Request Forgery to Arbitrary Pending Comment Deletion — Dam Spam	4.3	Medium	2026-02-18
CVE-2026-1072	Keybase.io Verification <= 1.4.5 - Cross-Site Request Forgery to Settings Update — Keybase.io Verification	4.3	Medium	2026-02-18
CVE-2026-2023	WP Plugin Info Card <= 6.2.0 - Cross-Site Request Forgery to Arbitrary Custom Plugin Entry Creation — WP Plugin Info Card	4.3	Medium	2026-02-18
CVE-2025-27904	Multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and Windows — DB2 Recovery Expert for LUW	6.5	Medium	2026-02-17
CVE-2025-36018	Multiple Vulnerabilities in IBM Concert Software. — Concert	6.5	Medium	2026-02-17
CVE-2026-1394	WP Quick Contact Us <= 1.0 - Cross-Site Request Forgery to Settings Update — WP Quick Contact Us	4.3	Medium	2026-02-14
CVE-2025-14852	MDirector Newsletter <= 4.5.8 - Cross-Site Request Forgery to Plugin Settings Update — MDirector Newsletter WordPress Plugin	4.3	Medium	2026-02-14
CVE-2025-14873	LatePoint – Calendar Booking Plugin for Appointments and Events <= 5.2.5 - Cross-Site Request Forgery — LatePoint – Calendar Booking Plugin for Appointments and Events	4.3	Medium	2026-02-14
CVE-2026-1983	SEATT: Simple Event Attendance <= 1.5.0 - Cross-Site Request Forgery to Arbitrary Event Deletion — SEATT: Simple Event Attendance	4.3	Medium	2026-02-14
CVE-2026-26075	Cross-Site Request Forgery (CSRF) in FastGPT — FastGPT	5.3^AI	Medium^AI	2026-02-12
CVE-2019-25313	FlexNet Publisher 11.12.1 - Cross-Site Request Forgery (Add Local Admin) — FlexNet Publisher	4.0	Medium	2026-02-11
CVE-2026-1215	MMA Call Tracking <= 2.3.15 - Cross-Site Request Forgery to Plugin Settings Update — MMA Call Tracking	4.3	Medium	2026-02-11
CVE-2026-24885	Kanboard Affected by Cross-Site Request Forgery (CSRF) via Content-Type Misconfiguration in Project Role Assignment — kanboard	5.7	Medium	2026-02-10
CVE-2026-25812	PlaciPy is Missing CSRF Protection on State-Changing Endpoints — assessment-placipy	6.5^AI	Medium^AI	2026-02-09
CVE-2025-66595	Yokogawa FAST/TOOLS 安全漏洞 — FAST/TOOLS	8.8^AI	High^AI	2026-02-09
CVE-2026-1082	TITLE ANIMATOR <= 1.0 - Cross-Site Request Forgery to Settings Update — TITLE ANIMATOR	4.3	Medium	2026-02-07
CVE-2020-37079	Wing FTP Server < 6.2.7 - Cross-site Request Forgery — Wing FTP Server	4.3	Medium	2026-02-06
CVE-2020-37106	Business Live Chat Software 1.0 - Cross-Site Request Forgery (Add Admin) — Business Live Chat Software	5.3	Medium	2026-02-06

Vulnerabilities classified as CWE-352 (跨站请求伪造(CSRF)) represent 4750 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-352 (跨站请求伪造(CSRF)) — Vulnerability Class 4750