WordPress Plugin Vulnerabilities

WordPress Mobile Pack <= 3.4.1 - Cross-Site Request Forgery

Description

The plugin does not properly validate requests use nonces, leading to a Cross-Site Request Forgery (CSRF) vulnerability.

Affects Plugins

Plugin icon
wordpress-mobile-pack
No known fix

References

CVE
CVE-2023-37391
URL
https://patchstack.com/database/vulnerability/wordpress-mobile-pack/wordpress-wordpress-mobile-pack-plugin-3-4-1-broken-access-control-vulnerability

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
LEE SE HYOUNG
Verified
No
WPVDB ID
21646b2c-9775-4ef1-9c4c-b135d385f51a

Timeline

Publicly Published
2023-07-07 (about 2 years ago)
Added
2023-07-11 (about 2 years ago)
Last Updated
2023-07-11 (about 2 years ago)

Other

Published
Title
Published
2024-04-09
Title
No-Bot Registration < 2.0 - Cross-Site Request Forgery
Published
2022-11-16
Title
Permalink Manager Lite < 2.2.20.2 - Settings Update via CSRF
Published
2025-01-16
Title
Password Protect Plugin for WordPress <= 0.8.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2025-04-14
Title
My auctions allegro < 3.6.34 - Cross-Site Request Forgery
Published
2024-06-27
Title
WP Mobile Menu < 2.8.4.4 - Cross-Site Request Forgery