logoWordPressPluginsThemesAPISubmitContact
search-icon
logo
search-icon
WordPressPluginsThemesAPISubmitContactSecurity Scanner
Register

Ultimate Category Excluder < 1.2 - Cross-Site Request Forgery

Description

The plugin did not check for CSRF nonce in its options page, allowing attacker to perform CSRF attacks against logged in users.

Affects Plugins

ultimate-category-excluder

Fixed in version 1.2

References

CVE

CVE-2020-35135

URL

https://plugins.trac.wordpress.org/changeset/2434070

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CWE-352

Miscellaneous

Original Researcher

SCA AppSec

Verified

No

WPVDB ID

2dee07e5-a931-4bd8-ac21-bb334e492fef

Timeline

Publicly Published

2020-12-11 (about 4 months ago)

Added

2020-12-11 (about 4 months ago)

Last Updated

2020-12-12 (about 4 months ago)

Our Other Services

WPScan WordPress Security Plugin