WordPress Plugin Vulnerabilities

Sucuri Security < 1.8.34 - Event log Entry Creation via CSRF

Description

The plugin does not have CSRF check when creating event log entries, which could allow attackers to make logged in users to create arbitrary event entry

Affects Plugins

Plugin icon
sucuri-scanner
Fixed in 1.8.34

References

CVE
CVE-2022-29489

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Rafie Muhammad aka Yeraisci
Verified
No
WPVDB ID
1b0faa61-65bf-4c47-8111-2caabdc40036

Timeline

Publicly Published
2022-09-14 (about 3 years ago)
Added
2022-09-17 (about 3 years ago)
Last Updated
2022-09-17 (about 3 years ago)

Other

Published
Title
Published
2024-01-23
Title
Ultimate Noindex Nofollow Tool <= 1.1.2 - Settings Update via CSRF
Published
2025-06-19
Title
Knowledge Base – Knowledge Base Maker <= 1.1.8 - Cross-Site Request Forgery
Published
2024-11-13
Title
Hacklog DownloadManager <= 2.1.4 - Cross-Site Request Forgery to Arbitrary File Upload
Published
2024-11-12
Title
Kognetiks Chatbot for WordPress < 2.1.9 - Cross-Site Request Forgery to Authenticated (Subscriber+) Assistant Modification
Published
2023-10-26
Title
EasyRecipe <= 3.5.3251 - Cross-Site Request Forgery