WordPress Plugin Vulnerabilities

Link Library < 7.2.8 - Library Settings Reset via CSRF

Description

The plugin does not have CSRF check when resetting library settings, allowing attackers to make a logged in admin reset arbitrary settings via a CSRF attack

Proof of Concept

Affects Plugins

Plugin icon
link-library
Fixed in 7.2.8

References

CVE
CVE-2021-25092

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
Krzysztof Zając
Submitter
Krzysztof Zając
Submitter website
https://kazet.cc/
Verified
Yes
WPVDB ID
1cd30913-67c7-46c3-a2de-dcca0c332323

Timeline

Publicly Published
2021-12-30 (about 3 years ago)
Added
2021-12-30 (about 3 years ago)
Last Updated
2022-04-16 (about 3 years ago)

Other

Published
Title
Published
2025-08-14
Title
Kalium <= 3.18.3 - Cross-Site Request Forgery
Published
2024-08-01
Title
Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce < 2.6.19 - Cross-Site Request Forgery
Published
2023-09-04
Title
Leadster < 1.1.3 - Settings Update via CSRF
Published
2023-06-26
Title
POST SMTP Mailer < 2.5.7 - Arbitrary Log Deletion via CSRF
Published
2022-10-31
Title
Restaurant Menu < 2.3.2 - Multiple CSRF