WordPress Plugin Vulnerabilities

WpStream < 4.4.10.6 - Settings Update via CSRF

Description

The plugin does not have CSRF check when updating its settings, which could allow attackers to make logged in admin perform such action via a CSRF attack

Affects Plugins

Plugin icon
wpstream
Fixed in 4.4.10.6

References

CVE
CVE-2023-27458

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Rio Darmawan
Verified
No
WPVDB ID
3cd723c9-7005-4365-8706-463b57601f0e

Timeline

Publicly Published
2023-03-02 (about 3 years ago)
Added
2023-08-07 (about 2 years ago)
Last Updated
2023-08-07 (about 2 years ago)

Other

Published
Title
Published
2025-01-03
Title
Autocompleter <= 1.3.5.2 - Cross-Site Request Forgery
Published
2024-04-10
Title
AppPresser < 4.3.1 - Cross-Site Request Forgery via force_logging_off()
Published
2025-02-13
Title
Wibiya Toolbar <= 2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2023-02-17
Title
Extensions For CF7 < 2.0.9 - Arbitrary Plugin Activation via CSRF
Published
2023-10-16
Title
SendPulse Free Web Push < 1.3.2 - CSRF