WordPress Plugin Vulnerabilities

Custom 404 Pro < 3.7.2 - Logs Deletion via CSRF

Description

The plugin does not have CSRF check when deleting logs, which could allow attackers to make logged in admins perform such action via a CSRF attack

Affects Plugins

Plugin icon
custom-404-pro
Fixed in 3.7.2

References

CVE
CVE-2023-0385

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Marco Wotschka
Verified
No
WPVDB ID
1e7ca070-b37a-41fc-af9a-bc6469073fd9

Timeline

Publicly Published
2023-01-18 (about 3 years ago)
Added
2023-01-18 (about 3 years ago)
Last Updated
2023-01-18 (about 3 years ago)

Other

Published
Title
Published
2024-01-08
Title
MailerLite – WooCommerce integration < 2.0.9 - Cross-Site Request Forgery via Multiple AJAX Functions
Published
2024-07-01
Title
Hestia < 3.1.3 - Cross-Site Request Forgery to Notice Dismissal
Published
2023-06-13
Title
WordPress Contact Forms by Cimatti < 1.5.8 - Cross-Site Request Forgery
Published
2024-04-11
Title
WP Migration Plugin DB & Files – WP Synchro < 1.11.3 - Cross-Site Request Forgery
Published
2024-04-11
Title
Kimili Flash Embed <= 2.5.3 - Cross-Site Request Forgery