Global Content Blocks – Cross-Site Request Forgery (CSRF)

Affects Plugins

global-content-blocks

No known fix

References

URL

https://sumofpwn.nl/advisory/2016/cross_site_request_forgery_in_global_content_blocks_wordpress_plugin.html

URL

https://seclists.org/bugtraq/2017/Mar/0

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CWE-352

Miscellaneous

Submitter

ethicalhack3r

Submitter twitter

ethicalhack3r

Verified

No

WPVDB ID

08f7bbf1-c18f-44c9-9350-298e96f0b25c

Timeline

Publicly Published

2017-03-01 (about 9 years ago)

Added

2017-03-03 (about 9 years ago)

Last Updated

2019-11-01 (about 6 years ago)

Other

Published

Title

Published

2024-08-20

Title

OTA Sync Booking Engine Widget < 1.3.0 - Settings Update via CSRF

Published

2025-02-03

Title

WP Social Stream <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Published

2024-10-14

Title

Table of Contents Plus < 2411 - Cross-Site Request Forgery

Published

2025-03-11

Title

REST API TO MiniProgram <= 4.7.1 - Cross-Site Request Forgery

Published

2024-12-12

Title

WordPress Filter <= 1.4.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting