WordPress Plugin Vulnerabilities

Access Code Feeder <= 1.0.3 - CSRF

Description

The plugin does not have CSRF check in some places, which could allow attackers to make logged in users perform unwanted actions

Affects Plugins

Plugin icon
access-code-feeder
No known fix

References

CVE
CVE-2022-38059

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
5.5 (medium)

Miscellaneous

Original Researcher
ptsfence
Verified
No
WPVDB ID
29883be6-8033-430c-8777-1d397406e814

Timeline

Publicly Published
2022-08-25 (about 3 years ago)
Added
2022-09-15 (about 3 years ago)
Last Updated
2022-09-15 (about 3 years ago)

Other

Published
Title
Published
2022-11-09
Title
REST API Authentication < 2.4.1 - Settings Update via CSRF
Published
2026-04-21
Title
Ni WooCommerce Order Export <= 3.1.6 - Cross-Site Request Forgery to Settings Update via ni_order_export_action AJAX Action
Published
2024-05-25
Title
Piotnet Addons For Elementor Pro <= 7.1.17 - Cross-Site Request Forgery
Published
2022-04-28
Title
Hermit <= 3.1.6 - Arbitrary Cache/Source Deletion & Source Creation via CSRF
Published
2025-03-11
Title
Domain Theme <= 1.3 - Cross-Site Request Forgery