WordPress Plugin Vulnerabilities

Add From Server < 3.3.2 - Cross-Site Request Forgery (CSRF)

Description

An attacker can use this issue to add illegal content to the victims server, or add very large files to the victim's server to exhaust the amount of available disk space.

Affects Plugins

Plugin icon
add-from-server
Fixed in 3.3.2

References

CVE
CVE-2016-10914
URL
https://seclists.org/fulldisclosure/2016/Aug/40
URL
https://sumofpwn.nl/advisory/2016/cross_site_request_forgery_vulnerability_in_add_from_server_wordpress_plugin.html

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
067f8708-9f82-43db-84b2-8806b945017b

Timeline

Publicly Published
2016-08-08 (about 9 years ago)
Added
2016-08-12 (about 9 years ago)
Last Updated
2020-08-12 (about 5 years ago)

Other

Published
Title
Published
2025-12-31
Title
Social Profilr <= 1.0 - Cross-Site Request Forgery
Published
2023-11-19
Title
Customer Reviews for WooCommerce < 5.38.2 - Cross-Site Request Forgery via manual review reminders
Published
2024-06-12
Title
Himer - Social Questions and Answers < 2.1.1 - Multiple CSRF on the Group Section
Published
2025-08-20
Title
Sign-up Sheets < 2.3.3.1 - Cross-Site Request Forgery
Published
2023-09-11
Title
WooCommerce Subscriptions < 4.6.0 - Subscription Suspension/Activation via CSRF