WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Ultimate Category Excluder < 1.2 - Cross-Site Request Forgery

Description

The plugin did not check for CSRF nonce in its options page, allowing attacker to perform CSRF attacks against logged in users.

Affects Plugins

ultimate-category-excluder
Fixed in version 1.2

References

CVE
CVE-2020-35135
URL
https://plugins.trac.wordpress.org/changeset/2434070

Classification

Type

CSRF

OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352

Miscellaneous

Original Researcher

SCA AppSec

Verified

No

WPVDB ID
2dee07e5-a931-4bd8-ac21-bb334e492fef

Timeline

Publicly Published

2020-12-11 (about 2 years ago)

Added

2020-12-11 (about 2 years ago)

Last Updated

2020-12-12 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin