WordPress Plugin Vulnerabilities

SEO Scout <= 0.9.83 - Settings Update via CSRF

Description

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Affects Plugins

Plugin icon
ab-rankings-testing-tool
No known fix

References

CVE
CVE-2022-36358

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
ptsfence
Verified
No
WPVDB ID
26cb01ec-4781-4369-bf42-ffd4ea2d7b82

Timeline

Publicly Published
2022-08-25 (about 3 years ago)
Added
2022-08-25 (about 3 years ago)
Last Updated
2022-08-25 (about 3 years ago)

Other

Published
Title
Published
2025-01-07
Title
News Publisher Autopilot <= 2.1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2025-03-28
Title
The Visitor Counter <= 1.4.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2022-07-18
Title
Easy Username Updater < 1.0.5 - Arbitrary Username Update via CSRF
Published
2025-11-03
Title
Top Bar Notification <= 1.12 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2023-11-20
Title
Floating Action Button < 1.2.2 - Cross-Site Request Forgery