WordPress Plugin Vulnerabilities

Alkubot < 3.0.0 - Unauthorised AJAX call via CSRF

Description

The plugin did not properly check for CSRF in its successfulBargain AJAX action, allowing attacker to make users place arbitrary product in their cart

Affects Plugins

Plugin icon
alkubot
Fixed in 3.0.0

References

URL
https://plugins.trac.wordpress.org/changeset/2510073/

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
WPScanTeam
Verified
Yes
WPVDB ID
07df461c-98f1-4b61-b589-dd167f903ea8

Timeline

Publicly Published
2021-06-30 (about 4 years ago)
Added
2021-06-30 (about 4 years ago)
Last Updated
2021-06-30 (about 4 years ago)

Other

Published
Title
Published
2023-01-27
Title
Exclusive Addons Elementor < 2.6.2 - Arbitrary Uninstall Reason Feedback via CSRF
Published
2021-07-05
Title
WooCommerce Extra Cost <= 2.6 - CSRF Bypass
Published
2026-01-23
Title
Star Review Manager <= 1.2.2 - Cross-Site Request Forgery to Settings Update
Published
2024-01-08
Title
Metform Elementor Contact Form Builder < 3.8.2 - Cross-Site Request Forgery
Published
2014-08-01
Title
Top 10 <= 1.9.2 - Setting Manipulation CSRF