WordPress Plugin Vulnerabilities

Robots.txt optimization < 1.4.6 - Cross-Site Request Forgery

Description

The plugin does not adequately verify requests use nonces, making it susceptible to Cross-Site Request Forgery (CSRF) attacks.

Affects Plugins

Plugin icon
better-robots-txt
Fixed in 1.4.6

References

CVE
CVE-2023-25706
URL
https://patchstack.com/database/vulnerability/better-robots-txt/wordpress-wordpress-robots-txt-optimization-xml-sitemap-website-traffic-seo-ranking-booster-plugin-1-4-5-cross-site-request-forgery-csrf-vulnerability

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
Abdi Pranata
Verified
No
WPVDB ID
36f94f49-85d3-462e-8db7-30fcadf0faee

Timeline

Publicly Published
2023-02-14 (about 3 years ago)
Added
2023-07-11 (about 2 years ago)
Last Updated
2023-07-11 (about 2 years ago)

Other

Published
Title
Published
2025-04-09
Title
WP Map Route Planner <= 1.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2023-11-16
Title
Legal Pages < 1.3.9 - Cross-Site Request Forgery via moveToTrash and fetch_and_insert_template_data
Published
2020-10-29
Title
WordPress < 5.5.2 - Cross-Site Request Forgery (CSRF) to Change Theme Background
Published
2025-01-22
Title
WP Panoramio <= 1.5.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2023-05-24
Title
WP Tiles <= 1.1.2 - Cross-Site Request Forgery