WordPress Plugin Vulnerabilities

Mass Delete Unused Tags < 3.0.0 - Tags Deletion via CSRF

Description

The plugin does not have CSRF checks when deleting tag, which could allow attackers to make logged in admins perform such action via a CSRF attack

Affects Plugins

Plugin icon
mass-delete-unused-tags
Fixed in 3.0.0

References

CVE
CVE-2023-27430

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Mika
Verified
No
WPVDB ID
062c209d-f5fc-40d7-9773-c979963d8266

Timeline

Publicly Published
2023-03-10 (about 3 years ago)
Added
2023-05-18 (about 2 years ago)
Last Updated
2023-05-18 (about 2 years ago)

Other

Published
Title
Published
2018-05-28
Title
JS Job <= 1.0.6 - CSRF
Published
2026-04-22
Title
Avada < 7.13.2 - Cross-Site Request Forgery
Published
2023-12-28
Title
Strong Testimonials < 3.1.11 - Settings Update via CSRF
Published
2025-01-16
Title
Add RSS <= 1.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2025-01-07
Title
Affiliate Disclosure Statement <= 0.3 - Cross-Site Request Forgery