探索與 CSRF 漏洞相關的 CVE。本清單預設優先展示最新揭露,並支援依 CVSS 與 EPSS 風險分數進一步篩選。
涵蓋最新漏洞揭露與趨勢,協助安全團隊快速識別高風險問題與被利用可能性。
目前為 CSRF 類型、涵蓋所有公開年份的 CVE。 檢視完整 CVE 清單
| CVE | 描述 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|
| CVE-2026-57766 | Unauthenticated Cross Site Request Forgery (CSRF) in WPIDE – File Manager & Code Editor <= 3.5.6 versions. | 8.8 | 無 | 2026-07-02 | 2026-07-02 |
| CVE-2026-57761 | Unauthenticated Cross Site Request Forgery (CSRF) in SEOWP <= 3.12.2 versions. | 7.1 | 無 | 2026-07-02 | 2026-07-02 |
| CVE-2026-57759 | Unauthenticated Cross Site Request Forgery (CSRF) in ProfileGrid <= 5.9.9.7 versions. | 8.8 | 無 | 2026-07-02 | 2026-07-02 |
| CVE-2026-57758 | Unauthenticated Cross Site Request Forgery (CSRF) in Permalink Manager for WooCommerce <= 1.0.8.2 versions. | 7.1 | 無 | 2026-07-02 | 2026-07-02 |
| CVE-2026-57757 | Unauthenticated Cross Site Request Forgery (CSRF) in pCloud WP Backup <= 2.0.2 versions. | 7.1 | 無 | 2026-07-02 | 2026-07-02 |
| CVE-2026-57751 | Unauthenticated Cross Site Request Forgery (CSRF) in Heateor Social Login <= 1.1.39 versions. | 8.1 | 無 | 2026-07-02 | 2026-07-02 |
| CVE-2026-57747 | Unauthenticated Cross Site Request Forgery (CSRF) in Booked <= 3.0.0 versions. | 6.5 | 無 | 2026-07-02 | 2026-07-02 |
| CVE-2026-57690 | Unauthenticated Cross Site Request Forgery (CSRF) in Werkstatt <= 4.7.2 versions. | 4.3 | 無 | 2026-07-02 | 2026-07-02 |
| CVE-2026-57723 | Cross-Site Request Forgery (CSRF) vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS allows Path Traversal. This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through 1.8.12. | 7.4 | 0.12% | 2026-07-01 | 2026-07-01 |
| CVE-2026-12158 | The RegistrationMagic – User Registration Forms Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.0.9.1. This is due to missing or incorrect nonce validation on the process_request function. This makes it possible for unauthenticated attackers to escalate the privileges of an arbitrary form submitter to administrator by creating a malicious Chronos automation task that is executed via WordPress cron via a forged request granted they c | 8.8 | 0.21% | 2026-07-01 | 2026-07-01 |
| CVE-2026-58518 | Cross-Site request forgery (CSRF) vulnerability in The Wikimedia Foundation Mediawiki - RedirectManager Extension allows Cross Site Request Forgery. This issue affects Mediawiki - RedirectManager Extension: from * before 1.3.3. | 6.9 | 0.16% | 2026-07-01 | 2026-07-01 |
| CVE-2026-11981 | The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.15.3 This is due to missing nonce validation on the give_set_notification_status_handler() function. This makes it possible for unauthenticated attackers to disable donation email notifications via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 4.3 | 0.15% | 2026-07-01 | 2026-07-01 |
| CVE-2026-14016 | Inappropriate implementation in SVG in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | 6.5 | 0.17% | 2026-06-30 | 2026-07-01 |
| CVE-2026-13963 | Inappropriate implementation in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | 3.1 | 0.13% | 2026-06-30 | 2026-07-02 |
| CVE-2026-13952 | Inappropriate implementation in PerformanceAPIs in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | 4.3 | 0.15% | 2026-06-30 | 2026-07-02 |
| CVE-2026-13946 | Inappropriate implementation in ScriptInjections in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | 4.3 | 0.15% | 2026-06-30 | 2026-07-02 |
| CVE-2026-13944 | Inappropriate implementation in DataTransfer in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | 3.1 | 0.13% | 2026-06-30 | 2026-07-02 |
| CVE-2026-13887 | Inappropriate implementation in NFC in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | 6.5 | 0.21% | 2026-06-30 | 2026-07-01 |
| CVE-2026-13826 | Inappropriate implementation in Autofill in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) | 6.5 | 0.21% | 2026-06-30 | 2026-07-01 |
| CVE-2026-35096 | KTM System e-BOK is vulnerable to Cross‑Site Request Forgery (CSRF) in both the email-change and password-change functionalities. An attacker can craft a malicious website that, when visited by an authenticated user, automatically sends a forged POST request to the application. This allows the attacker to trigger an unauthorized email or password change on behalf of the victim without their knowledge or interaction. This issue was fixed in the patch published in June 2026. | 5.1 | 0.16% | 2026-06-30 | 2026-06-30 |