PixTypes < 1.4.15 – Cross-Site Request Forgery | CVE 2023-25487

Affects Plugins

Fixed in 1.4.15

References

CVE

CVE-2023-25487

URL

https://patchstack.com/database/vulnerability/pixtypes/wordpress-pixtypes-plugin-1-4-14-cross-site-request-forgery-csrf-vulnerability

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CWE-352

CVSS

4.3 (medium)

Miscellaneous

Original Researcher

Mika

Verified

No

WPVDB ID

3504fd2e-d5c9-4d88-b2fd-9ccdbe2e61fd

Timeline

Publicly Published

2023-04-07 (about 3 years ago)

Added

2023-07-11 (about 2 years ago)

Last Updated

2023-07-11 (about 2 years ago)

Other

Published

Title

Published

2023-07-05

Title

ARMember < 4.0.6 - ARMember Cross-Site Request Forgery

Published

2025-02-18

Title

WP Media Category Management 2.0 - 2.3.3 - Cross-Site Request Forgery to Settings Update

Published

2025-10-10

Title

Course Redirects for Learndash Plugin <= 0.4 - Cross-Site Request Forgery

Published

2021-09-13

Title

Software License Manager < 4.5.1 - Arbitrary Domain Deletion via CSRF

Published

2023-07-11

Title

MyCurator Content Curation < 3.75 - Cross-Site Request Forgery