WatuPRO < 4.9.0.8 – Cross-Site Request Forgery (CSRF) | CVE 2015-9418

Affects Plugins

watupro

Fixed in 4.9.0.8

References

CVE

CVE-2015-9418

URL

https://advisories.dxw.com/advisories/csrf-in-watu-pro-allows-unauthenticated-attackers-to-delete-quizzes/

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CWE-352

CVSS

4.3 (medium)

Miscellaneous

Submitter

pvdl

Verified

No

WPVDB ID

11d26e06-ff60-4b5e-91ea-7308ec24717c

Timeline

Publicly Published

2015-09-01 (about 10 years ago)

Added

2015-09-01 (about 10 years ago)

Last Updated

2020-09-22 (about 5 years ago)

Other

Published

Title

Published

2023-09-05

Title

Outbound Link Manager <= 1.2 - Settings Update via CSRF

Published

2025-09-05

Title

WN Flipbox Pro <= 2.1 - Cross-Site Request Forgery

Published

2022-09-26

Title

Frontend File Manager < 21.4 - Arbitrary Settings Update via CSRF

Published

2024-07-09

Title

Cliengo – Chatbot <= 3.0.1 - Cross-Site Request Forgery

Published

2024-04-11

Title

WP Matterport Shortcode < 2.2.0 - Cross-Site Request Forgery