WordPress Plugin Vulnerabilities

Shortlinks by Pretty Links < 3.4.1 - Link Visit Stats Clear via CSRF

Description

The plugin does not have CSRF checks when clearing the Link Visits statistics, which could allow attackers to make logged in admins perform such actions via a CSRF attack

Affects Plugins

Plugin icon
pretty-link
Fixed in 3.4.1

References

CVE
CVE-2022-47149

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Muhammad Daffa
Verified
No
WPVDB ID
3b8c9728-49a6-410e-9f30-e790dd994bc9

Timeline

Publicly Published
2023-04-13 (about 2 years ago)
Added
2023-05-29 (about 2 years ago)
Last Updated
2023-05-29 (about 2 years ago)

Other

Published
Title
Published
2025-03-11
Title
Insert Code <= 2.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2025-12-31
Title
Co-marquage service-public.fr <= 0.5.77 - Cross-Site Request Forgery
Published
2019-05-26
Title
Affiliates Manager < 2.6.6 - CRSF Issues
Published
2025-01-16
Title
Slider for Writers <= 1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2024-07-01
Title
Trendy News < 1.0.15 - Cross-Site Request Forgery