WordPress Plugin Vulnerabilities

RD Station < 5.2.1 - Multiple CSRF

Description

The plugin does not have CSRF check in some places, which could allow attackers to make logged in users perform unwanted actions

Affects Plugins

Plugin icon
integracao-rd-station
Fixed in 5.2.1

References

CVE
CVE-2022-38139

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
Rasi Afeef
Verified
No
WPVDB ID
2bb6cf3d-3197-409f-8c26-ace4bfabd408

Timeline

Publicly Published
2022-09-11 (about 3 years ago)
Added
2022-09-14 (about 3 years ago)
Last Updated
2022-11-14 (about 3 years ago)

Other

Published
Title
Published
2020-09-16
Title
Cool Timeline < 2.0.3 - Cross-Site Request Forgery
Published
2026-02-18
Title
Remove Post Type Slug <= 1.0.2 - Cross-Site Request Forgery to Settings Update
Published
2024-04-12
Title
AffiEasy < 1.1.6 - Cross-Site Request Forgery
Published
2025-01-16
Title
Flying Twitter Birds <= 1.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2014-08-01
Title
Store Locator < 2.12 - Cross-Site Request Forgery