WordPress Plugin Vulnerabilities

WP Spell Check < 7.1.10 - Cross-Site Request Forgery (CSRF)

Description

The plugin was affected by a CSRF vulnerability, allowing attackers to force logged in users perform unwanted actions, which could lead to Cross-Site Scripting (XSS).

Affects Plugins

Plugin icon
wp-spell-check
Fixed in 7.1.10

References

CVE
CVE-2019-6027
URL
https://jvn.jp/en/jp/JVN26838191/index.html
URL
https://plugins.trac.wordpress.org/changeset/2127548/wp-spell-check

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
8.8 (high)

Miscellaneous

Original Researcher
Takuya Yamaguchi
Verified
No
WPVDB ID
00393552-acdb-4a66-888c-8048a4b167c5

Timeline

Publicly Published
2019-11-26 (about 6 years ago)
Added
2019-11-26 (about 6 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2024-04-08
Title
LifterLMS < 7.5.1 - Cross-Site Request Forgery
Published
2014-08-01
Title
foursquare-checkins - CSRF
Published
2021-06-21
Title
Staff Directory < 4.0 - Cross-Site Request Forgery (CSRF)
Published
2025-01-16
Title
Custom Widget Classes <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2024-04-12
Title
WP Client Reports < 1.0.23 - Cross-Site Request Forgery