WordPress Plugin Vulnerabilities

WP Abstracts < 2.6.3 - Cross-Site Request Forgery

Description

The plugin does not sufficiently verify requests use nonces, leading to a CSRF vulnerability.

Affects Plugins

Plugin icon
wp-abstracts-manuscripts-manager
Fixed in 2.6.3

References

CVE
CVE-2023-36517
URL
https://patchstack.com/database/vulnerability/wp-abstracts-manuscripts-manager/wordpress-wp-abstracts-plugin-2-6-2-cross-site-request-forgery-csrf-vulnerability

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
qilin_99
Verified
No
WPVDB ID
202effa1-7950-485b-9f2f-ecaff2cce405

Timeline

Publicly Published
2023-06-27 (about 2 years ago)
Added
2023-07-11 (about 2 years ago)
Last Updated
2023-08-07 (about 2 years ago)

Other

Published
Title
Published
2025-04-09
Title
Social Crowd <= 0.9.6.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2018-12-19
Title
WP Ultimate CSV Importer <= 5.6 - CSRF
Published
2026-04-21
Title
WP Responsive Popup + Optin <= 1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'wpo_image_url' Parameter
Published
2021-07-02
Title
Woostify < 1.9.2 - CSRF Bypass
Published
2025-03-31
Title
Elfsight Testimonials Slider <= 1.0.1 - Cross-Site Request Forgery to Settings Update