Insert Html Snippet <= 1.2 – Cross-Site Request Forgery (CSRF)

Affects Plugins

insert-html-snippet

Fixed in 1.2.1

References

URL

https://seclists.org/fulldisclosure/2016/Nov/161

URL

https://sumofpwn.nl/advisory/2016/cross_site_request_forgery_in_insert_html_snippet_wordpress_plugin.html

URL

https://plugins.trac.wordpress.org/changeset/1536764/insert-html-snippet

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CWE-352

Miscellaneous

Submitter

ethicalhack3r

Submitter twitter

ethicalhack3r

Verified

No

WPVDB ID

0e64fa9b-5242-441f-9e8f-66e08aa0b65e

Timeline

Publicly Published

2016-11-29 (about 9 years ago)

Added

2016-11-29 (about 9 years ago)

Last Updated

2019-11-01 (about 6 years ago)

Other

Published

Title

Published

2014-08-01

Title

GTranslate 1.0.12 - gtranslate.php Widget Code Editing CSRF

Published

2015-07-14

Title

BuddyPress Activity Plus < 1.6.2 - Cross-Site Request Forgery (CSRF)

Published

2025-05-19

Title

Japanized For WooCommerce < 2.6.41 - Cross-Site Request Forgery

Published

2024-01-05

Title

WP Job Manager < 2.1.0 - Cross-Site Request Forgery

Published

2025-03-31

Title

PostmarkApp Email Integrator <= 2.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting