WordPress Plugin Vulnerabilities

WishSuite < 1.3.4 - Cross-Site Request Forgery

Description

Cross-Site Request Forgery (CSRF) vulnerability in HasTheme WishSuite plugin <= 1.3.3 versions.

Affects Plugins

Plugin icon
wishsuite
Fixed in 1.3.4

References

CVE
CVE-2023-23731

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Lana Codes
Verified
No
WPVDB ID
08d71191-5d6c-43e2-964a-eda9ab7f7b37

Timeline

Publicly Published
2023-07-11 (about 2 years ago)
Added
2023-07-11 (about 2 years ago)
Last Updated
2023-07-11 (about 2 years ago)

Other

Published
Title
Published
2023-05-30
Title
Feather Login Page < 1.1.2 - Cross-Site Request Forgery to Privilege Escalation
Published
2025-01-24
Title
Ultimate Coming Soon & Maintenance < 1.1.0 - Cross-Site Request Forgery
Published
2021-06-17
Title
WP Fluent Forms < 3.6.67 - Cross-Site Request Forgery (CSRF)
Published
2014-08-01
Title
Related Posts 2.7.1 - Cross-Site Request Forgery
Published
2021-10-04
Title
BP Better Messages < 1.9.9.41 - Multiple CSRF