WordPress Plugin Vulnerabilities

Ultimate Noindex Nofollow Tool II < 1.3.4 - Settings Update via CSRF

Description

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Affects Plugins

Plugin icon
ultimate-noindex-nofollow-tool-ii
Fixed in 1.3.4

References

CVE
CVE-2023-30474

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Abdi Pranata
Verified
No
WPVDB ID
0a359c2c-fa51-451a-a91b-a34b52527e0c

Timeline

Publicly Published
2023-04-13 (about 2 years ago)
Added
2023-04-16 (about 2 years ago)
Last Updated
2023-04-16 (about 2 years ago)

Other

Published
Title
Published
2023-01-04
Title
Logaster Logo Generator <= 1.3 - Cross-Site Request Forgery (CSRF)
Published
2022-09-11
Title
RD Station < 5.2.1 - Multiple CSRF
Published
2014-08-01
Title
Developer Formatter 2013.0.1.40 - devformatter.php Multiple Action CSRF
Published
2021-07-05
Title
CSRF Bypass in Multiple Plugins
Published
2025-04-24
Title
Vasaio QR Code <= 1.2.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting