WordPress Plugin Vulnerabilities

HT Menu < 1.2.2 - Cross-Site Request Forgery

Description

The plugin does not adequately validate certain requests use nonces, which can lead to a Cross-Site Request Forgery (CSRF) vulnerability.

Affects Plugins

Plugin icon
ht-menu-lite
Fixed in 1.2.2

References

CVE
CVE-2023-23791
URL
https://patchstack.com/database/vulnerability/ht-menu-lite/wordpress-ht-menu-wordpress-mega-menu-builder-for-elementor-plugin-1-2-1-cross-site-request-forgery-csrf-vulnerability

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Lana Codes
Verified
No
WPVDB ID
23cf0136-8407-4ef4-bdbd-6df7b8d6d6a1

Timeline

Publicly Published
2023-03-30 (about 3 years ago)
Added
2023-07-11 (about 2 years ago)
Last Updated
2023-07-11 (about 2 years ago)

Other

Published
Title
Published
2024-04-10
Title
BEAR <= 1.1.4.1 & WOLF <= 1.0.8.1 - Cross-Site Request Forgery to Notice Dismissal
Published
2023-10-03
Title
ShortCodes UI <= 1.9.8 - CSRF
Published
2021-11-01
Title
Email Tracker < 5.2.7 - Arbitrary Email Entry Deletion via CSRF
Published
2024-10-15
Title
Cooked Pro < 1.8.0 - Cross-Site Request Forgery
Published
2023-11-23
Title
MyBookTable Bookstore < 3.3.5 - API Key Update via CSRF