WordPress Plugin Vulnerabilities

HUSKY < 1.3.4.4 - Multiple Connections/Stats CSRF

Description

The plugin does not have CSRF checks in various functions, which could allow attackers to make logged in admins perform unwanted actions related to connections and stats features via CSRF attacks

Affects Plugins

Plugin icon
woocommerce-products-filter
Fixed in 1.3.4.4

References

CVE
CVE-2023-50861
URL
https://patchstack.com/database/vulnerability/woocommerce-products-filter/wordpress-husky-plugin-1-3-4-3-cross-site-request-forgery-csrf-vulnerability

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Mika
Verified
No
WPVDB ID
0601d2b1-4eb9-4563-a9e1-8909eaecbcac

Timeline

Publicly Published
2023-12-22 (about 2 years ago)
Added
2024-01-05 (about 2 years ago)
Last Updated
2024-01-05 (about 2 years ago)

Other

Published
Title
Published
2025-07-21
Title
Latest Post Accordian Slider <= 1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2021-02-17
Title
Process Steps Template Designer < 1.3 - CSRF to Stored Cross-Site Scripting (XSS)
Published
2020-03-11
Title
Multiple WebToffee Plugins - Cross-Site Request Forgery (CSRF) Issue
Published
2025-09-05
Title
WP likes <= 3.1.1 - Cross-Site Request Forgery to Cross-Site Scripting
Published
2025-04-09
Title
WPJobBoard < 5.11.1 - Cross-Site Request Forgery