WordPress Plugin Vulnerabilities

WP Better Permalinks <= 3.0.4 - CSRF allowing Option Update

Description

The WP Better Permalinks WordPress plugin was affected by a CSRF allowing Option Update security vulnerability.

Affects Plugins

Plugin icon
wp-better-permalinks
Fixed in 3.0.5

References

CVE
CVE-2019-15835
URL
https://plugins.trac.wordpress.org/changeset?reponame=&new=2113279%40wp-better-permalinks&old=2107687%40wp-better-permalinks

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
8.8 (high)

Miscellaneous

Verified
No
WPVDB ID
35d4182b-6e27-4356-977d-a40c478ca8d5

Timeline

Publicly Published
2019-06-27 (about 6 years ago)
Added
2019-06-27 (about 6 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2025-11-13
Title
Plugin Manager < 1.4.8 - Cross-Site Request Forgery
Published
2024-12-12
Title
Like in Vk.com <= 0.5.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2025-02-17
Title
Reset < 1.7 - Cross-Site Request Forgery to Database Reset
Published
2025-03-27
Title
wpShopGermany IT-RECHT KANZLEI < 2.1 - Cross-Site Request Forgery
Published
2025-03-28
Title
ShowTime Slideshow <= 1.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting