WordPress Plugin Vulnerabilities

OG Tags < 2.0.2 - Plugin's Settings Update via CSRF

Description

The plugin is lacking a CSRF check when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Affects Plugins

Plugin icon
og-tags
Fixed in 2.0.2

References

CVE
CVE-2021-20831
URL
https://jvn.jp/en/jp/JVN29428319/

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Ryota Nakazato of Cryptography Laboratory
Verified
No
WPVDB ID
29d132fb-71d6-4291-a2e9-641da6bf2c3d

Timeline

Publicly Published
2021-09-28 (about 4 years ago)
Added
2021-09-28 (about 4 years ago)
Last Updated
2022-04-08 (about 4 years ago)

Other

Published
Title
Published
2024-04-01
Title
SecuPress Free — WordPress Security < 2.2.5.2 - Cross-Site Request Forgery to Banned IP Address
Published
2023-11-14
Title
WooCommerce Canada Post Shipping < 2.8.4 - Cross-Site Request Forgery
Published
2025-01-16
Title
Better Protected Pages <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2025-01-24
Title
ReviewsTap < 1.1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2023-02-28
Title
HT Portfolio < 1.1.6 - Arbitrary Plugin Activation via CSRF