WordPress Plugin Vulnerabilities

WP BrowserUpdate < 4.5 - Settings Update via CSRF

Description

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Affects Plugins

Plugin icon
wp-browser-update
Fixed in 4.5

References

CVE
CVE-2023-31078

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
qilin_99
Verified
No
WPVDB ID
28122baf-aae3-49d5-a409-554ece0255b1

Timeline

Publicly Published
2023-04-24 (about 3 years ago)
Added
2023-08-18 (about 2 years ago)
Last Updated
2023-08-18 (about 2 years ago)

Other

Published
Title
Published
2014-08-01
Title
GuiForm 1.4.10 - class/class-ajax.php Entry Saving CSRF
Published
2025-11-03
Title
MapMap <= 1.1 - Cross-Site Request Forgery to Settings Update and Stored Cross-Site Scripting
Published
2023-01-27
Title
Quick Restaurant Menu < 2.1.0 - Menu Items Update via CSRF
Published
2023-12-27
Title
GPT3 AI Content Writer < 1.8.13 - Cross-Site Request Forgery
Published
2024-04-26
Title
Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation < 2.16.0 - Cross-Site Request Forgery to Notice Dismissal