WordPress Plugin Vulnerabilities

Simple Membership <= 3.8.4 - Cross-Site Request Forgery (CSRF)

Description

CSRF issue in the Bulk Operation menu tab

Proof of Concept

Affects Plugins

Plugin icon
simple-membership
Fixed in 3.8.5

References

CVE
CVE-2019-14328
URL
https://packetstormsecurity.com/files/#153801/

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
8.8 (high)

Miscellaneous

Original Researcher
rubyman
Submitter
rubyman
Submitter website
https://www.linkedin.com/in/mehdi-esmaeilpour-a9b633141/
Submitter twitter
https://twitter.com/rrubymann
Verified
No
WPVDB ID
1735ca00-d6fe-46d0-b00c-a55bededdf1c

Timeline

Publicly Published
2019-07-27 (about 6 years ago)
Added
2019-07-27 (about 6 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2024-08-26
Title
WP Armour Extended < 1.32 - Cross-Site Request Forgery
Published
2025-12-22
Title
Premium Addons for Elementor < 4.11.54 - Arbitrary Template Creation via CSRF
Published
2014-08-01
Title
Sahifa 2.4.0 - Site Setting Reset CSRF
Published
2021-06-30
Title
Journey Analytics < 1.0.13 - Unauthorised AJAX call via CSRF
Published
2025-03-11
Title
Hashtags <= 0.3.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting